Sauce Connect Proxy 4.5.4

4.5.4

New Features

• Public Certificates: (Virtual Cloud Only) There is a new Sauce Connect command-line argument that allows users to require that Sauce Labs internal tunneling infrastructure uses Certificates signed by a Certificate Authority (CA) rather than self-signed certificates. 
  • The new option is as follows: "--tunnel-cert public" (without the quotes). 
  • The Operating System on which SC runs needs to have its certificate store set up correctly. Here are some details per Operating System:
    • Linux:
      • OpenSSL stores CA certificates, which are accessed by the Sauce Connect Client
      • The default OpenSSL certificates directory can be found using: openssl version -d
      • Set the SSL_CERT_DIR environment variable to this folder or another containing certificates in PEM format
      • You can also set the SSL_CERT_FILE environment variable to a file of certificates in PEM format
      • The command line to update certificates is: update-ca-certificates
    • Windows:
      
      • The SC Client loads certificates directly from the CA and ROOT Windows Store.
      • Windows Update will keep certificates up to date. See the following Microsoft documentation for more information:
        https://docs.microsoft.com/en-us/windows/desktop/secauthn/certificate-stores
        https://docs.microsoft.com/en-us/windows/desktop/seccertenroll/about-certificate-directory#certificate-stores
    • OSX:
      
      • Certificates will be read from the MacOS Keychain Access automatically
      • Alternatively, if the Homebrew OpenSSL package is installed, the default cert.pem file can be used: `--tunnel-cainfo /usr/local/etc/openssl/cert.pem`
        
        
  • Public Certificate Support for Real Device Cloud and Headless Cloud are coming soon!
  • Note that Sauce Labs has never considered using self-signed certs on our internal tunneling infrastructure to be a security risk because our public signing key is pinned inside of Sauce Connect client. However, some customers' security scans flag the internal self-signed certs, and we are doing this to satisfy these customers and as a best practice.

Bug Fixes

• The characters used in Tunnel identifiers must now be only ASCII, so that the Sauce Labs WebUI will work correctly
• We removed the ANSII color codes from the Sauce Connect log, for readability reasons

Jun 25 2019