Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requests after long delays halt on tls.js:182 #2304

Closed
sadtaco opened this issue Aug 5, 2015 · 15 comments
Closed

Requests after long delays halt on tls.js:182 #2304

sadtaco opened this issue Aug 5, 2015 · 15 comments
Labels
tls Issues and PRs related to the tls subsystem.

Comments

@sadtaco
Copy link

sadtaco commented Aug 5, 2015

http://pastebin.com/LLX6isjZ
(Not sure if the express part matters, but takes 30+ minutes to do a test to see if it fails as expected so this the least I got it cut down to to confirm the bug)

Just run this, and after about 30-60 minutes you should get

TypeError: Cannot read property 'CN' of undefined
    at Object.checkServerIdentity (tls.js:182:37)
    at TLSSocket.<anonymous> (_tls_wrap.js:1016:29)
    at emitNone (events.js:67:13)
    at TLSSocket.emit (events.js:166:7)
    at TLSSocket._finishInit (_tls_wrap.js:566:8)

@indutny

@brendanashworth brendanashworth added the tls Issues and PRs related to the tls subsystem. label Aug 5, 2015
@indutny
Copy link
Member

indutny commented Aug 5, 2015

Very interesting... I think I figured it out, will let you know once I'll test the change :)

Not sure if I will be able to provide a proper test case, though.

@sadtaco
Copy link
Author

sadtaco commented Aug 6, 2015

If you can figure out some sort of workaround without having to wait for an iojs update, that'd be really amazing too. I need this working fairly badly.

Maybe like a try { request } catch { //new-session-thing }? Dunno really.

@indutny
Copy link
Member

indutny commented Aug 6, 2015

The only workaround that I could think of at the moment is following:

var https = require('https');

var agent = new https.Agent();

agent._getSession = function nop() {};

var request = require('request').defaults({ agent: agent });

This is the only way to disable session cache atm.

@sadtaco
Copy link
Author

sadtaco commented Aug 6, 2015

I just tried that, at least I believe I set it up right.

var request = require('request').defaults({jar: true, agent: agent})

to be exact. But I still got the same error.

@indutny
Copy link
Member

indutny commented Aug 6, 2015

Here is some debugging data, just for reference:

.x.x.x.x.x.x.x.www.patreon.com {} 308206a7020101020203030402c02f0420e600d8730f7fec1c4bbeeeaca4abd475507ce13c1399204594e8696d41900d4804301ff66ba4ea05c7e2fdb0c8f68a6acfd69513a01cb5a70a14d12a181b76ac5e359268b4bb223972283edfb014b717c082a106020455c28ad7a2040202012ca38205523082054e30820436a00302010202074b579621267fca300d06092a864886f70d01010b05003081b4310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e312d302b060355040b1324687474703a2f2f63657274732e676f64616464792e636f6d2f7265706f7369746f72792f313330310603550403132a476f2044616464792053656375726520436572746966696361746520417574686f72697479202d204732301e170d3134313231393138313733365a170d3136313231393138313733365a306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d50617472656f6e2c20496e632e3116301406035504030c0d2a2e70617472656f6e2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cfce65ea4f19ec7bd9afbef5815f3e51d87b0d2b9c21fdaebaeb843da4af16fe006103e10f7627ffffdfe693b4c82ab5b7de80411475bdf21cb82709c3b1571bd910b42cbe9751b09e28f131e71a2406b977ffebf5097fe81d4a81eb16067bd9c13f5ba68d67d7c4f25ded3233495ed47b1b0305845b82ad74a076b2bb5ae2d53ce895f58660cb0b6cada1fd3fcdfa9b74cea4b353cdadaf41ce6bc51e30ff47d68f7771f5fe2974df8d5cfeebf79e49c47e48b4f0904399751bab816a48a6e22b319b07f79355a88df4b868805f2f500a80ce772e653714508eee057f3d8e2c865070e5325f8fac366207cd02bfb47098fc60e12b204ca3498901e06bfe71470203010001a38201ac308201a8300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b06010505070302300e0603551d0f0101ff0404030205a030350603551d1f042e302c302aa028a0268624687474703a2f2f63726c2e676f64616464792e636f6d2f676469673273322d302e63726c30530603551d20044c304a3048060b6086480186fd6d010717023039303706082b06010505070201162b687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304006082b060105050730028634687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f67646967322e637274301f0603551d2304183016801440c2bd278ecc348330a233d7fb6cb3f0b42c80ce30250603551d11041e301c820d2a2e70617472656f6e2e636f6d820b70617472656f6e2e636f6d301d0603551d0e04160414b6cc1a4a8db341414d4b76a04eb1fac70f786408300d06092a864886f70d01010b0500038201010059bdacb1e4fe2a7796cf6ed0b90295fb81854a955da1670c4fc860b97412e0ffa1a59a80afd80725af20466bf494ebd12f1199f9f4049e6d7b6caf8dcedd9c59294734606a799b26bcf8ffbbe2b466c492181e36bf615de2aa7945bde79f30ef7d8bdfe6effe324680943e1f9c5be8298c4a95908e1ea2f233adf503a74d134498e4712d92222a0620abe3af613da4f9ebcde778117c4ad7ae3f9c97d7d7646df39855bb5bebd18ccb03d0a361be76a16b98e59d9a1f8b405259cb37ae8b11be349e619a9cabf0297dc7bb01280e48563a270a23d245731f53482b33cc83ac5a9809dd6dbbcb2a0a8e570d7ef5d2995a4de77761cec2dab9c4f512e08df4bb32a4020400a611040f7777772e70617472656f6e2e636f6da905020300fd20aa81c30481c0726aabca764b86d7f8409e17e7307fc5eed02fb6dc84ec438a8b3322f85627bbec817b7d9dce7c373c607f60d1741fa1bbbe013fd40cfe348ccbeddd3ef34e6d4ea13e44203e57817b98f808eec586c6b3beb77ab0f16ec80fdbb436ea0edbe56f568a3c896f052d1c5214db65bcca0e4ab78039ce9eed2e4ac0418c6b218fe4a5411e996b417270b767876c93e9ac626a99f6adf110ff999e0dbc6c2f55a4809726726540c512ea566098624e009eed7b4b0fb998634a0c51869e86d59e22dd 308206a0020101020203030402c02f0420a3c856f3214abc45cef2aa21a63f0c539f7456416405b90a624e2301aee5378404301ff66ba4ea05c7e2fdb0c8f68a6acfd69513a01cb5a70a14d12a181b76ac5e359268b4bb223972283edfb014b717c082a106020455c28ad7a2040202012ca38205523082054e30820436a00302010202074b579621267fca300d06092a864886f70d01010b05003081b4310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e312d302b060355040b1324687474703a2f2f63657274732e676f64616464792e636f6d2f7265706f7369746f72792f313330310603550403132a476f2044616464792053656375726520436572746966696361746520417574686f72697479202d204732301e170d3134313231393138313733365a170d3136313231393138313733365a306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d50617472656f6e2c20496e632e3116301406035504030c0d2a2e70617472656f6e2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cfce65ea4f19ec7bd9afbef5815f3e51d87b0d2b9c21fdaebaeb843da4af16fe006103e10f7627ffffdfe693b4c82ab5b7de80411475bdf21cb82709c3b1571bd910b42cbe9751b09e28f131e71a2406b977ffebf5097fe81d4a81eb16067bd9c13f5ba68d67d7c4f25ded3233495ed47b1b0305845b82ad74a076b2bb5ae2d53ce895f58660cb0b6cada1fd3fcdfa9b74cea4b353cdadaf41ce6bc51e30ff47d68f7771f5fe2974df8d5cfeebf79e49c47e48b4f0904399751bab816a48a6e22b319b07f79355a88df4b868805f2f500a80ce772e653714508eee057f3d8e2c865070e5325f8fac366207cd02bfb47098fc60e12b204ca3498901e06bfe71470203010001a38201ac308201a8300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b06010505070302300e0603551d0f0101ff0404030205a030350603551d1f042e302c302aa028a0268624687474703a2f2f63726c2e676f64616464792e636f6d2f676469673273322d302e63726c30530603551d20044c304a3048060b6086480186fd6d010717023039303706082b06010505070201162b687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304006082b060105050730028634687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f67646967322e637274301f0603551d2304183016801440c2bd278ecc348330a233d7fb6cb3f0b42c80ce30250603551d11041e301c820d2a2e70617472656f6e2e636f6d820b70617472656f6e2e636f6d301d0603551d0e04160414b6cc1a4a8db341414d4b76a04eb1fac70f786408300d06092a864886f70d01010b0500038201010059bdacb1e4fe2a7796cf6ed0b90295fb81854a955da1670c4fc860b97412e0ffa1a59a80afd80725af20466bf494ebd12f1199f9f4049e6d7b6caf8dcedd9c59294734606a799b26bcf8ffbbe2b466c492181e36bf615de2aa7945bde79f30ef7d8bdfe6effe324680943e1f9c5be8298c4a95908e1ea2f233adf503a74d134498e4712d92222a0620abe3af613da4f9ebcde778117c4ad7ae3f9c97d7d7646df39855bb5bebd18ccb03d0a361be76a16b98e59d9a1f8b405259cb37ae8b11be349e619a9cabf0297dc7bb01280e48563a270a23d245731f53482b33cc83ac5a9809dd6dbbcb2a0a8e570d7ef5d2995a4de77761cec2dab9c4f512e08df4bb32a4020400a611040f7777772e70617472656f6e2e636f6daa81c30481c0aafc9ea198786c502fa850d6f176dfc3d5f2a6d4487d0ee7639a731f376eb07575f1d1666df445f143f8d378b050c80253b0519406248619f158a7939ad2449faf7faae4eeb11ad83c43f2ac5c3b2d4a78b2be07163bc1787cebf66dc3940b25e5aa68f76d6b4f297cdba340e786fa967d265c5186e95069b825946bffcd4b9a675adbaf2ccbabb3d4e2a2198a3161027d04070951a4394d0586239ee6c919d0206b6bb87f4fef20d7654571cd3f7fcfe8499ceaff6350ef61c611d446e6ce7b

@indutny
Copy link
Member

indutny commented Aug 6, 2015

@sadtaco let me test it locally, perhaps I did a mistake there...

@indutny
Copy link
Member

indutny commented Aug 6, 2015

@sadtaco appears to be fixing problem for me. Are you sure that you are reusing the request.defaults({ ... }) output everywhere?

@sadtaco
Copy link
Author

sadtaco commented Aug 6, 2015

I don't get what you mean. Are you asking if I'm resetting the request variable to something else elsewhere?
Nope, I'm not. It's just the one "request = require('request').defaults({jar: true, agent: agent})"

@indutny
Copy link
Member

indutny commented Aug 6, 2015

@sadtaco I wasn't sure if you was doing requests from a single js file, or not.

It is very odd that the problem is still happening for you, as it does not seem to be reproducible on my machine with these changes (and it is without them). I'm going to work on the test case, and will submit a PR as soon as I'll be able to reproduce it reliably.

@sadtaco
Copy link
Author

sadtaco commented Aug 6, 2015

Yeah, in a single file. Not really different from the test case I posted. Only difference is that it's triggered by an app.get('/...') instead of the setInterval.
Ah well, it's fine.

@indutny
Copy link
Member

indutny commented Aug 6, 2015

Argh, I think I know why it wasn't working for you. May I ask you to give a try to:

var https = require('https');
var util = require('util');

function Agent() {
  https.Agent.apply(this, arguments);
}
util.inherits(Agent, https.Agent);

Agent.prototype._getSession = function nop() {};

var request = require('request').defaults({ agentClass: Agent });

@indutny
Copy link
Member

indutny commented Aug 6, 2015

Ok, I know how to reproduce it ;) Hehe, will post a PR soon!

@indutny
Copy link
Member

indutny commented Aug 6, 2015

Whoa, test took more lines than the fix #2312 ;)

@sadtaco
Copy link
Author

sadtaco commented Aug 6, 2015

Nope, that work around didn't work still. Hope the fix does, though.

Is there a way to checkout an iojs with the fix or something?

indutny added a commit to indutny/io.js that referenced this issue Aug 8, 2015
`enableTicketKeyCallback` and `onticketkeycallback` could be potentially
used to renew the TLS Session Tickets before they expire. However this
commit will introduce it only for private use yet, because we are not
sure about the API, and already need this feature for testing.

See: nodejs#2304
PR-URL: nodejs#2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
indutny added a commit to indutny/io.js that referenced this issue Aug 8, 2015
When TLS Session Ticket is renewed by server - no Certificate record is
to the client. We are prepared for empty certificate in this case, but
this relies on the session reuse check, which was implemented
incorrectly and was returning false when the TLS Session Ticket was
renewed.

Use session reuse check provided by OpenSSL instead.

Fix: nodejs#2304
PR-URL: nodejs#2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
indutny added a commit that referenced this issue Aug 8, 2015
`enableTicketKeyCallback` and `onticketkeycallback` could be potentially
used to renew the TLS Session Tickets before they expire. However this
commit will introduce it only for private use yet, because we are not
sure about the API, and already need this feature for testing.

See: #2304
PR-URL: #2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
indutny added a commit that referenced this issue Aug 8, 2015
When TLS Session Ticket is renewed by server - no Certificate record is
to the client. We are prepared for empty certificate in this case, but
this relies on the session reuse check, which was implemented
incorrectly and was returning false when the TLS Session Ticket was
renewed.

Use session reuse check provided by OpenSSL instead.

Fix: #2304
PR-URL: #2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
@shigeki
Copy link
Contributor

shigeki commented Aug 8, 2015

Closed as landed of #2312 .

@shigeki shigeki closed this as completed Aug 8, 2015
Fishrock123 pushed a commit to Fishrock123/node that referenced this issue Aug 11, 2015
`enableTicketKeyCallback` and `onticketkeycallback` could be potentially
used to renew the TLS Session Tickets before they expire. However this
commit will introduce it only for private use yet, because we are not
sure about the API, and already need this feature for testing.

See: nodejs#2304
PR-URL: nodejs#2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
Fishrock123 pushed a commit to Fishrock123/node that referenced this issue Aug 11, 2015
When TLS Session Ticket is renewed by server - no Certificate record is
to the client. We are prepared for empty certificate in this case, but
this relies on the session reuse check, which was implemented
incorrectly and was returning false when the TLS Session Ticket was
renewed.

Use session reuse check provided by OpenSSL instead.

Fix: nodejs#2304
PR-URL: nodejs#2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
indutny added a commit that referenced this issue Aug 17, 2015
`enableTicketKeyCallback` and `onticketkeycallback` could be potentially
used to renew the TLS Session Tickets before they expire. However this
commit will introduce it only for private use yet, because we are not
sure about the API, and already need this feature for testing.

See: #2304
PR-URL: #2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
indutny added a commit that referenced this issue Aug 17, 2015
When TLS Session Ticket is renewed by server - no Certificate record is
to the client. We are prepared for empty certificate in this case, but
this relies on the session reuse check, which was implemented
incorrectly and was returning false when the TLS Session Ticket was
renewed.

Use session reuse check provided by OpenSSL instead.

Fix: #2304
PR-URL: #2312
Reviewed-By: Shigeki Ohtsu <[email protected]>
@alexlamsl alexlamsl mentioned this issue Aug 20, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

No branches or pull requests

4 participants