How can we programmatically make the autoUpdate of electron-builder trust a specific custom CA certificate when fetching updates using the GenericHTTPServer provider? The solution should not involve importing the certificate to the system and should be portable to all platforms: linux, macOS and windows.
I'm neither a node.js nor an electron expert. There seem to be a number of different API's around for accessing resources via HTTP, and I don't know which of those are used by the auto-updater. The following things I have tried:
electron.app.importCertifictate: Does not exist on macOS (and according to the docs, neither on windows). I haven't tried it on linux.- Handling the electron
certificate-error: Does not seem to be triggered when auto-updater checks for updates. - Using the
NODE_EXTRA_CA_CERTSenvironment variable did not have any effect. Also, this comment on a electron-builder GitHub issue suggests that electron-builder uses the electron http services, not those of node. - The documentation of the
electron.netAPI claims that it tries to follow closely the Node API, but does not mention anything related to certificates.
electron.net.request. So the question remains: How to configure certification validation for that API? – UltramontaneAppUpdater.netSession.setCertificateVerifyProc) into a nice answer, I'll accept it. – Ultramontane