Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unix socket in HTTPS causes cert error even when rejectUnauthorized is off #13470

Closed
zhanzhenzhen opened this issue Jun 5, 2017 · 1 comment
Closed

Unix socket in HTTPS causes cert error even when rejectUnauthorized is off #13470

zhanzhenzhen opened this issue Jun 5, 2017 · 1 comment
Labels
tls Issues and PRs related to the tls subsystem.

Comments

@zhanzhenzhen
Copy link
Contributor

  • Version: 6.10.1
  • Platform:
  • Subsystem:

This code runs well:

let options = {
    key: fs.readFileSync("key.pem"),
    cert: fs.readFileSync("cert.pem")
};

https.createServer(options, (req, res) => {
    console.log("Request received");
    res.writeHead(200);
    res.end("hello world\n");
}).listen(50000, "127.0.0.1");
console.log("HTTPS server started.");

setTimeout(() => {
    https.request({
        host: "127.0.0.1",
        port: 50000,
        rejectUnauthorized: false
    }).end();
}, 1000);

But if I use Unix socket, then it will fail, saying self signed cert error:

let options = {
    key: fs.readFileSync("key.pem"),
    cert: fs.readFileSync("cert.pem")
};

https.createServer(options, (req, res) => {
    console.log("Request received");
    res.writeHead(200);
    res.end("hello world\n");
}).listen("/Users/zzz/test-unix-socket/socket.sock");
console.log("HTTPS server started.");

setTimeout(() => {
    https.request({
        socketPath: "/Users/zzz/test-unix-socket/socket.sock",
        rejectUnauthorized: false
    }).end();
}, 1000);

key.pem and cert.pem is a self-signed certificate generated using OpenSSL:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 7300 -nodes

Is this a bug, or am I missing something?
@mscdex mscdex added the tls Issues and PRs related to the tls subsystem. label Jun 5, 2017
@novemberborn
Copy link

As a workaround, try:

https.get({
  path: '/',
  createConnection () {
    return tls.connect({path: 'socket.sock', rejectUnauthorized: false})
  }
})

Calling tls.connect() directly allows rejectUnauthorized to be preserved.

@cjihrig cjihrig mentioned this issue Jun 6, 2017
Merged
3 tasks
@zhanzhenzhen zhanzhenzhen mentioned this issue Jun 7, 2017
Closed
cjihrig added a commit to cjihrig/node that referenced this issue Jun 8, 2017
@cjihrig
https: support rejectUnauthorized for unix sockets
d0571a9 
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Fixes: nodejs#13470
PR-URL: nodejs#13505
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
addaleax pushed a commit that referenced this issue Jun 10, 2017
@cjihrig @addaleax
https: support rejectUnauthorized for unix sockets
c4cbd99 
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Fixes: #13470
PR-URL: #13505
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
@sam-github sam-github mentioned this issue Jul 21, 2017
Closed
4 tasks
sam-github pushed a commit to sam-github/node that referenced this issue Jul 21, 2017
@cjihrig @sam-github
https: support rejectUnauthorized for unix sockets
1658cb3 
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Fixes: nodejs#13470
PR-URL: nodejs#13505
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit that referenced this issue Jul 21, 2017
@cjihrig @MylesBorins
https: support rejectUnauthorized for unix sockets
65f8bfb 
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Backport-PR-URL: #14415
Fixes: #13470
PR-URL: #13505
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit that referenced this issue Jul 31, 2017
@cjihrig @MylesBorins
https: support rejectUnauthorized for unix sockets
0130298 
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Backport-PR-URL: #14415
Fixes: #13470
PR-URL: #13505
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@novemberborn @mscdex @zhanzhenzhen