Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unix socket in HTTPS causes cert error even when rejectUnauthorized is off #13470

Closed
zhanzhenzhen opened this issue Jun 5, 2017 · 1 comment
Labels
tls Issues and PRs related to the tls subsystem.

Comments

@zhanzhenzhen
Copy link
Contributor

  • Version: 6.10.1
  • Platform:
  • Subsystem:

This code runs well:

let options = {
    key: fs.readFileSync("key.pem"),
    cert: fs.readFileSync("cert.pem")
};

https.createServer(options, (req, res) => {
    console.log("Request received");
    res.writeHead(200);
    res.end("hello world\n");
}).listen(50000, "127.0.0.1");
console.log("HTTPS server started.");

setTimeout(() => {
    https.request({
        host: "127.0.0.1",
        port: 50000,
        rejectUnauthorized: false
    }).end();
}, 1000);

But if I use Unix socket, then it will fail, saying self signed cert error:

let options = {
    key: fs.readFileSync("key.pem"),
    cert: fs.readFileSync("cert.pem")
};

https.createServer(options, (req, res) => {
    console.log("Request received");
    res.writeHead(200);
    res.end("hello world\n");
}).listen("/Users/zzz/test-unix-socket/socket.sock");
console.log("HTTPS server started.");

setTimeout(() => {
    https.request({
        socketPath: "/Users/zzz/test-unix-socket/socket.sock",
        rejectUnauthorized: false
    }).end();
}, 1000);

key.pem and cert.pem is a self-signed certificate generated using OpenSSL:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 7300 -nodes

Is this a bug, or am I missing something?

@mscdex mscdex added the tls Issues and PRs related to the tls subsystem. label Jun 5, 2017
@novemberborn
Copy link

As a workaround, try:

https.get({
  path: '/',
  createConnection () {
    return tls.connect({path: 'socket.sock', rejectUnauthorized: false})
  }
})

Calling tls.connect() directly allows rejectUnauthorized to be preserved.

cjihrig added a commit to cjihrig/node that referenced this issue Jun 8, 2017
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Fixes: nodejs#13470
PR-URL: nodejs#13505
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
addaleax pushed a commit that referenced this issue Jun 10, 2017
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Fixes: #13470
PR-URL: #13505
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
sam-github pushed a commit to sam-github/node that referenced this issue Jul 21, 2017
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Fixes: nodejs#13470
PR-URL: nodejs#13505
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
MylesBorins pushed a commit that referenced this issue Jul 21, 2017
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Backport-PR-URL: #14415
Fixes: #13470
PR-URL: #13505
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
MylesBorins pushed a commit that referenced this issue Jul 31, 2017
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.

Backport-PR-URL: #14415
Fixes: #13470
PR-URL: #13505
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

No branches or pull requests

3 participants