botbuilder-js / behind proxy server / Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames

[dhoelzl]

Hello!

I am using botbuilder-js (version 4.23.3 - https://github.com/Microsoft/botbuilder-js) (I am aware that it is deprecated), which still works fine when the BotFrameworkAdapter has direct internet access.

However, when BotFrameworkAdapter is configured to connect through a proxy (I use the npm package global-agent and the environment variable GLOBAL_AGENT_HTTP_PROXY for this) it stops working and I get the following error messages in the log:

{"message":"handle /api/messages _events={} _readableState={\"highWaterMark\":65536,\"buffer\":[],\"bufferIndex\":0,\"length\":0,\"pipes\":[],\"awaitDrainWriters\":null} _maxListeners=undefined socket=(stringify failed, reason: Converting circular structure to JSON\n --> starting at object with constructor 'Socket'\n | property 'parser' -> object with constructor 'HTTPParser'\n --- property 'socket' closes the circle) httpVersionMajor=1 httpVersionMinor=1 httpVersion=1.1 complete=false rawHeaders=[\"content-length\",\"1117\",\"authorization\",\"Bearer XXXXXXXXXX (masked for security reasons)..
Error: BotFrameworkAdapter.processActivity(): 401 ERROR

FetchError: request to https://login.botframework.com/v1/.well-known/openidconfiguration failed, reason: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:*.azurewebsites.net, DNS:*.scm.azurewebsites.net, DNS:*.sso.azurewebsites.net, DNS:*.westeurope-01.azurewebsites.net, DNS:*.scm.westeurope-01.azurewebsites.net, DNS:*.sso.westeurope-01.azurewebsites.net, DNS:*.westeurope.c.azurewebsites.net, DNS:*.scm.westeurope.c.azurewebsites.net, DNS:*.sso.westeurope.c.azurewebsites.net, DNS:*.azure-mobile.net, DNS:*.scm.azure-mobile.net

at ClientRequest.<anonymous> (/opt/app/node_modules/node-fetch/lib/index.js:1501:11)
at ClientRequest.emit (node:events:520:35)
at emitErrorEvent (node:_http_client:108:11)
at TLSSocket.socketErrorListener (node:_http_client:575:5)
at TLSSocket.emit (node:events:520:35)
at emitErrorNT (node:internal/streams/destroy:170:8)
at emitErrorCloseNT (node:internal/streams/destroy:129:3)
at process.processTicksAndRejections (node:internal/process/task_queues:90:21)
at BotFrameworkAdapter.<anonymous> (/opt/app/node_modules/botbuilder/lib/botFrameworkAdapter.js:752:27)
at Generator.throw (<anonymous>)
at rejected (/opt/app/node_modules/botbuilder/lib/botFrameworkAdapter.js:36:65)
at process.processTicksAndRejections (node:internal/process/task_queues:104:5)

My Node's express entry point:

  app.post("/api/messages", async (req: any, res: any) => {
    logger.trace("handle /api/messages", req);
    await adapter.processActivity(req, res, async (context: TurnContext) => {
      await messageExtension.run(context);
      await userState.saveChanges(context, false);
    });
    logger.trace("handled /api/messages", res);
  }); 

Looks like there is a problem with a certificate validation, any ideas what's wrong here?

Thank you and regards,
Dominik

[MattB-msft]

Without knowledge of which proxy system or its configuration,
I would guess that the issue here is that your proxy is likely proxying auth to your agent. the agent is trying to validate the cert against the expected providers which is failing.