https: support rejectUnauthorized for unix sockets #13505

cjihrig · 2017-06-06T19:09:50Z

This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option.

Fixes: #13470

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

Affected core subsystem(s)

https

Trott

Test needs a common.refreshTmpDir().

Trott · 2017-06-06T21:48:20Z

test/parallel/test-https-unix-socket-self-signed.js

+  server.close();
+}));
+
+server.listen(common.PIPE, common.mustCall(() => {


Using common.PIPE requires common.refreshTmpDir() (unless the test only runs on Windows).

lpinca · 2017-06-07T12:58:34Z

test/parallel/test-https-unix-socket-self-signed.js

+}));
+
+server.listen(common.PIPE, common.mustCall(() => {
+  https.request({


Super tiny nit: what do you think about using https.get()? I like it because it calls request.end() implicitly.

cjihrig · 2017-06-07T13:17:39Z

Added common.refreshTmpDir() and switched from https.request() to https.get().

test looks good to me now, thanks

cjihrig · 2017-06-08T15:44:29Z

CI: https://ci.nodejs.org/job/node-test-pull-request/8553/

Retry CI: https://ci.nodejs.org/job/node-test-pull-request/8554/

This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Fixes: nodejs#13470 PR-URL: nodejs#13505 Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]>

This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Fixes: #13470 PR-URL: #13505 Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]>

* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560)

* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTP** * A regression that broke certain scenarios in which HTTP is used together with the `cluster` module has been fixed. [[`fff8a56d6f`](fff8a56d6f)] [#13578](#13578) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560) PR-URL: #13598

MylesBorins · 2017-07-17T18:19:55Z

should this land on v6.x? Was this a new feature or a bugfix?

sam-github · 2017-07-21T17:32:34Z

Its a bug fix, there was a problem with self-signed certs on unix domain sockets (TCP and Unix domain sockets should not have differences in their TLS behaviour).

core/node (pr/13505 $% u=) % node -v
v6.11.1
core/node (pr/13505 $% u=) % node test/parallel/test-https-unix-socket-self-signed.js
events.js:160
      throw er; // Unhandled 'error' event
      ^

Error: self signed certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:610:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)
core/node (pr/13505 $% u=) % nvm i 8
Downloading https://nodejs.org/dist/v8.2.1/node-v8.2.1-linux-x64.tar.xz...
######################################################################## 100.0%
Now using node v8.2.1 (npm v5.3.0)
core/node (pr/13505 $% u=) % node test/parallel/test-https-unix-socket-self-signed.js

sam-github · 2017-07-21T17:33:47Z

Doesn't cherry pick, I am backporting.

This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Fixes: nodejs#13470 PR-URL: nodejs#13505 Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]>

This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Backport-PR-URL: #14415 Fixes: #13470 PR-URL: #13505 Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]>

nodejs-github-bot added the http Issues or PRs related to the http subsystem. label Jun 6, 2017

refack approved these changes Jun 6, 2017

View reviewed changes

Trott previously requested changes Jun 6, 2017

View reviewed changes

sam-github approved these changes Jun 6, 2017

View reviewed changes

lpinca reviewed Jun 7, 2017

View reviewed changes

lpinca approved these changes Jun 7, 2017

View reviewed changes

cjihrig force-pushed the 13470 branch from 3c1ccc5 to 1c0ca08 Compare June 7, 2017 13:16

danbev approved these changes Jun 8, 2017

View reviewed changes

cjihrig force-pushed the 13470 branch from 1c0ca08 to 5e480fc Compare June 8, 2017 17:03

cjihrig force-pushed the 13470 branch from 5e480fc to d0571a9 Compare June 8, 2017 17:44

cjihrig merged commit d0571a9 into nodejs:master Jun 8, 2017

cjihrig deleted the 13470 branch June 8, 2017 17:46

addaleax mentioned this pull request Jun 10, 2017

v8.1.1 proposal #13598

Merged

gibfahn mentioned this pull request Jun 15, 2017

Auditing for 6.11.1 nodejs/Release#230

Closed

3 tasks

MylesBorins added the lts-watch-v6.x label Jul 17, 2017

sam-github mentioned this pull request Jul 21, 2017

(v6.x backport) https: support rejectUnauthorized for unix sockets #14415

Closed

4 tasks

MylesBorins added backported-to-v6.x and removed lts-watch-v6.x labels Jul 21, 2017

MylesBorins mentioned this pull request Jul 21, 2017

v6.11.2 proposal #14356

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

https: support rejectUnauthorized for unix sockets #13505

https: support rejectUnauthorized for unix sockets #13505

cjihrig commented Jun 6, 2017

Trott left a comment

Trott Jun 6, 2017

lpinca Jun 7, 2017

cjihrig commented Jun 7, 2017

cjihrig commented Jun 8, 2017 •

edited

Loading

MylesBorins commented Jul 17, 2017

sam-github commented Jul 21, 2017

sam-github commented Jul 21, 2017

https: support rejectUnauthorized for unix sockets #13505

https: support rejectUnauthorized for unix sockets #13505

Conversation

cjihrig commented Jun 6, 2017

Checklist

Affected core subsystem(s)

Trott left a comment

Choose a reason for hiding this comment

Trott Jun 6, 2017

Choose a reason for hiding this comment

lpinca Jun 7, 2017

Choose a reason for hiding this comment

cjihrig commented Jun 7, 2017

cjihrig commented Jun 8, 2017 • edited Loading

MylesBorins commented Jul 17, 2017

sam-github commented Jul 21, 2017

sam-github commented Jul 21, 2017

cjihrig commented Jun 8, 2017 •

edited

Loading