Consent

• I verified that there is no open/closed issue for the same subject.
• I understand that YTMDesktop have NO affiliation with Google or YouTube

Current Behavior

The app crashes with an error message complaining about self signed certificate in certificate chain.

Expected Behavior

App opens and plays music.

Steps To Reproduce

1. Have a self-signed cert.
2. Open the app
3. Play a song

YTMDesktop

2.0.0

OS

Windows

OS Version

10

Arch

x64

Installation way

.exe

Anything else?

YouTube Music Desktop App Crashed

Environment Details:
    YouTube Music Desktop App 2.0.0
    Electron 28.2.0
    Windows NT 10.0.19044

Name: Error
Message: self signed certificate in certificate chain
Cause: Unknown

Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1603:34)
    at TLSSocket.emit (node:events:517:28)
    at TLSSocket._finishInit (node:_tls_wrap:1020:8)
    at ssl.onhandshakedone (node:_tls_wrap:806:12)

Do you have any network level blocks?
Ads? privacy? etc?

Nope, nothing like that.

FYI I am also getting this same error on MacOS:

YouTube Music Desktop App Crashed

Environment Details:
    YouTube Music Desktop App 2.0.0
    Electron 28.2.0
    macOS 14

Name: Error
Message: self signed certificate in certificate chain
Cause: Unknown

Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1603:34)
    at TLSSocket.emit (node:events:517:28)
    at TLSSocket._finishInit (node:_tls_wrap:1020:8)
    at ssl.onhandshakedone (node:_tls_wrap:806:12)

Considering this application does not have any self signed certificates I would check your computer, network, and anything else related for something that is performing a man in the middle on your network traffic. Judging by the repro steps you state "Have a self-signed certificate" so that part seems intentional and in that case I would ensure you're not intercepting all your network traffic with it.

I'm going to close this a won't fix since at heart, while the application does crash, this issue will not be fixed as that would impose a security problem ignoring this.

While testing bits, we have stuff like Google's analytics blocked on our Office network and this does not caused the application to crash.
But curious to know what action is causing this to crash. On Boot (with the update failing) after a song is played or something~

Considering this application does not have any self signed certificates I would check your computer, network, and anything else related for something that is performing a man in the middle on your network traffic. Judging by the repro steps you state "Have a self-signed certificate" so that part seems intentional and in that case I would ensure you're not intercepting all your network traffic with it.

I am on a corporate laptop that requires the use of self-signed certs for some security things (I don't control any of this).

I'm going to close this a won't fix since at heart, while the application does crash, this issue will not be fixed as that would impose a security problem ignoring this.

Can you explain your rationale here? I am not sure why the app cares about a self-signed cert and I would be curious to know the reason it does. If it does matter for some reason, it seems that a proper warning or error message would be a better way to go (preferably with an option to continue). Crashing is indicative of a bug.

FWIW I do not have this issue using version 1.x on the same machine.

But curious to know what action is causing this to crash. On Boot (with the update failing) after a song is played or something~

For me it crashes on playing a song. Even after the app crashes, the song continues to play in the background until I click on "Ok" in the dialog box generated by MacOS saying the "app has crashed".

Ditto to all of @bboles's comments here.

I am on a corporate laptop that requires the use of self-signed certs for some security things (I don't control any of this).

I do understand this is out of your control in these cases and this can be a common thing for corporate. You should seek to ensure that the certificate which would be intercepting network traffic is signed whatever is intercepting it CA and that CA is added to your machines trust store. If this is still a problem after then the application may be using its own trust store which would likely be a side effect of being electron/chrome and I would be willing to look into a fix for that.

Can you explain your rationale here?

I assume you might be seeing this from a browser perspective which allows to just continue regardless but this application, while being electron which is browser based, I don't have any interest in programming and providing the ability to just continue since it's not a local service that a self signed certificate would be for and should be served with. This also excludes the main process which isn't browser based and requires a little bit more hoops to just "continue anyways".

I assume you might be seeing this from a browser perspective which allows to just continue regardless but this application, while being electron which is browser based, I don't have any interest in programming and providing the ability to just continue since it's not a local service that a self signed certificate would be for and should be served with. This also excludes the main process which isn't browser based and requires a little bit more hoops to just "continue anyways".

That makes sense, I appreciate you taking the time to check into this @NovusTheory !