Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Use keylog event to obtain TLS certificate for better reliability [1.23.X] #4630

Merged
merged 2 commits into from
Apr 6, 2024

Conversation

chakflying
Copy link
Collaborator

⚠️⚠️⚠️ Since we do not accept all types of pull requests and do not want to waste your time. Please be sure that you have read pull request rules:
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md#can-i-create-a-pull-request-for-uptime-kuma

Tick the checkbox if you understand [x]:

  • I have read and understand the pull request rules.

Description

This is a 1.23.X version of #4281 with the minor new feature removed.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • My code follows the style guidelines of this project
  • I ran ESLint and other linters for modified files
  • I have performed a self-review of my own code and tested it
  • I have commented my code, particularly in hard-to-understand areas (including JSDoc for methods)
  • My changes generates no new warnings
  • My code needed automated testing. I have added them (this is optional task)

Screenshots (if any)

@chakflying chakflying changed the title Feat: Use keylog event to obtain TLS certificate for better reliability Feat: Use keylog event to obtain TLS certificate for better reliability [1.23.X] Mar 29, 2024
@CommanderStorm CommanderStorm added the area:cert-expiry related to certificate expiry notifications label Apr 3, 2024
@louislam louislam added this to the 1.23.12 milestone Apr 5, 2024
@louislam louislam merged commit 893278b into louislam:1.23.X Apr 6, 2024
14 checks passed
log.error("monitor", e.message);
}
if (tlssocket) {
tlsInfo.valid = tlssocket.authorized || false;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chakflying
I think this might be the source of #4693

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. I had that problem with 1.23.12, too and when I comment line 536 in the container and restart it, everything is back to normal as with 1.23.11.

I have done no deep-dive into the code, but I think that the root cause for the problem when connecting over a proxy could be that it is not the target connection TLS validity, but the connection socket to the proxy here. The latter can be unencrypted, despite the target URL being HTTPS - consider the case when you have a proxy "http://192.168.4.5:3128" and a monitoring target of "https://github.com".

Whatever the case, "tlsInfo.valid" can be "undefined" here in these cases and thus the assignment fails.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:cert-expiry related to certificate expiry notifications
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants