Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client network socket disconnected before secure TLS connection was established #23

Closed
brandonregard opened this issue May 26, 2023 · 6 comments · Fixed by #24
Closed

Client network socket disconnected before secure TLS connection was established #23

brandonregard opened this issue May 26, 2023 · 6 comments · Fixed by #24
Assignees
@ryansonshine
Labels
bug Something isn't working released

Comments

@brandonregard
Copy link

brandonregard commented May 26, 2023
edited
Loading

Current Behavior

Setting https proxy to https://172.20.7.148:9090
recoverIdToken error: TimeoutError: Client network socket disconnected before secure TLS connection was established

Works without "addProxyToClient".

Expected Behavior

Traffic is proxied through Proxyman.

Steps to Reproduce the Problem

import { addProxyToClient } from 'aws-sdk-v3-proxy';

...

const cognitoIdpCient: CognitoIdentityProviderClient = addProxyToClient(
  new CognitoIdentityProviderClient({
    region: REGION,
  }),
  {
    debug: true,
  }
);

...

const forgotPasswordCommand: ForgotPasswordCommand = new ForgotPasswordCommand({
      ClientId: CLIENT_ID,
      Username: PHONE,
});
forgotPasswordResponse = await cognitoIdpCient.send(forgotPasswordCommand);

Environment

  • Version: 2.0.14
  • Platform: Mac/Linux
  • Node.js Version: v18.16.0
@brandonregard brandonregard added the bug Something isn't working label May 26, 2023
@brandonregard
Copy link
Author

brandonregard commented May 26, 2023
edited
Loading

When Proxman is not listening the error is Error: connect ECONNREFUSED. So, appears to be there.
Cert issue? It is installed on the system.

Also tried:

const certs = [readFileSync('/Users/brandon/Desktop/proxyman.pem')];
const agent = new HttpsProxyAgent('https://172.20.7.148:9090', {
  rejectUnauthorized: false,
  ca: certs,
});
const cognitoIdpCient: CognitoIdentityProviderClient = new CognitoIdentityProviderClient({
  region: REGION,
  requestHandler: new NodeHttpHandler({
    httpsAgent: agent,
  }),
});

from: https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/node-registering-certs.html

Same error: "Client network socket disconnected before secure TLS connection was established"

@ryansonshine ryansonshine self-assigned this May 26, 2023
@ryansonshine
Copy link
Contributor

ryansonshine commented May 26, 2023
edited
Loading

Thanks for the bug report @brandonregard.

Is this code running on your local machine or on AWS Lambda?

Also, does this happen on every attempt or just occasionally?

@brandonregard
Copy link
Author

Thanks for the bug report @brandonregard.

Is this code running on your local machine or on AWS Lambda?

Also, does this happen on every attempt or just occasionally?

On local machines and happens every time.

@brandonregard brandonregard mentioned this issue May 28, 2023
Open
@ryansonshine
Copy link
Contributor

Hi @brandonregard ,

I have a feature I'll be releasing shortly that will allow you to specify additional options including specifying the ca for requests. In the interim, can you try running your process using the NODE_EXTRA_CA_CERTS environment variable?

It needs to be set prior to starting up the process (i.e. you can't do process.env.NODE_EXTRA_CA_CERTS in your code).

NODE_EXTRA_CA_CERTS="/Users/brandon/Desktop/proxyman.pem"
import { addProxyToClient } from 'aws-sdk-v3-proxy';

...

const cognitoIdpCient: CognitoIdentityProviderClient = addProxyToClient(
  new CognitoIdentityProviderClient({
    region: REGION,
  }),
  {
    debug: true,
  }
);

...

const forgotPasswordCommand: ForgotPasswordCommand = new ForgotPasswordCommand({
      ClientId: CLIENT_ID,
      Username: PHONE,
});
forgotPasswordResponse = await cognitoIdpCient.send(forgotPasswordCommand);

ryansonshine added a commit that referenced this issue Jun 2, 2023
@ryansonshine
feat(proxy): add agent options for additional customization
be15e0b 
This change adds options for the proxy agent that can be passed in by the user. A couple uses for
this include assigning certs and modifying headers used by the agent.

close #23
@ryansonshine ryansonshine mentioned this issue Jun 2, 2023
Merged
ryansonshine added a commit that referenced this issue Jun 2, 2023
@ryansonshine
feat(proxy): add agent options for additional customization (#24)
d2e81a9 
This change adds options for the proxy agent that can be passed in by the user. A couple uses for
this include assigning certs and modifying headers used by the agent.

close #23
@github-actions
Copy link

github-actions bot commented Jun 2, 2023

🎉 This issue has been resolved in version 2.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@ryansonshine
Copy link
Contributor

The latest version now supports additional agent options.

@brandonregard try updating to the latest version and executing the following:

import { addProxyToClient } from 'aws-sdk-v3-proxy';

...
const certs = [readFileSync('/Users/brandon/Desktop/proxyman.pem').toString()];
const cognitoIdpCient: CognitoIdentityProviderClient = addProxyToClient(
  new CognitoIdentityProviderClient({
    region: REGION,
  }),
  {
    debug: true,
    agentOptions: {
      rejectUnauthorized: true,
      ca: certs,
    }
  }
);

...

const forgotPasswordCommand: ForgotPasswordCommand = new ForgotPasswordCommand({
      ClientId: CLIENT_ID,
      Username: PHONE,
});
forgotPasswordResponse = await cognitoIdpCient.send(forgotPasswordCommand);

Let me know if you run into any additional issues, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryansonshine ryansonshine

Labels
bug Something isn't working released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(proxy): add agent options for additional customization awslabs/aws-sdk-v3-js-proxy
2 participants
@brandonregard @ryansonshine