Crash using SNICallback over a netSocket #10704

webertrlz · 2017-01-09T12:23:07Z

Version: 6.9.3
Platform: Linux 4.4.0-28-generic V8 upgrades and what they mean for versioning #47~14.04.1-Ubuntu SMP Fri Jun 24 16:30:35 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Subsystem: 'tls'

My node app is crashing often when using SNICallback with netSocket and netServer, can't reproduce it yet.

Backtrace:

 _tls_wrap.js:117
   if (ctx.context)
          ^
  TypeError: Cannot read property 'context' of undefined
     at requestOCSP (_tls_wrap.js:117:10)
     at _tls_wrap.js:167:5
     at loadSNI (_tls_wrap.js:88:12)
     at TLSSocket.oncertcb (_tls_wrap.js:164:3)
     at TLSWrap.ssl.oncertcb (_tls_wrap.js:418:39)

Here is a small piece of code just to show what is done:

//options object to use with tls.TLSSocket()
var sslOptions = {
	isServer : true,

	SNICallback : function(hostname, callback){
		callback(null, tls.createSecureContext(fetchDomainCertificate()));
	},

	key : fetchDefaultKey(),
	cert : fetchDefaultCert(),
	ca : fetchDefaultCa(),

	requestCert : false,
	rejectUnauthorized : false,
	requestOCSP : false
}

//create a server using 'net' package
var server = net.createServer(function(_socket){
	var socket = new tlswrapper.tlsWrapper(_socket);
	var lineStream = readline.createInterface(socket, socket);

	lineStream.on('line', function(line){
		if(line == "STARTTLS"){
			//issue the encryption mechanism
			socket.startTLS(sslOptions);
		}
	});

	[...]

}).listen(anyPort);

//see here that I'm using a netServer, not a tlsServer.
sslOptions.server = server;

The tlswrapper attached here is what invokes new tls.TLSSocket(socket, sslOptions), you should take a look at it.

The code above is what is used in production and works for dozens or hundreds of requests (which means a few minutes) until it crashes, but I wasn't able to reproduce it on a test case. I'll keep working on that.

Also, I would like to point that it seems to call that requestOSCP() function even though I set it to false.

It works fine if I use any tlsServer instead of the netServer, by just changing the last line to this:

sslOptions.server = tls.createServer(sslOptions);

The text was updated successfully, but these errors were encountered:

webertrlz · 2017-01-09T12:27:54Z

Also I would like to point that in _tls_wrap.js:116:

ctx = self.server._sharedCreds;

Since I'm using a netServer, this property doesn't exist, that's why ctx is undefined, causing the crash.

`TLSSocket` should not have a hard dependency on `tls.Server`, since it may be running without it in cases like `STARTTLS`. Fix: nodejs#10704

`TLSSocket` should not have a hard dependency on `tls.Server`, since it may be running without it in cases like `STARTTLS`. Fix: #10704 PR-URL: #10706 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

indutny added a commit to indutny/io.js that referenced this issue Jan 9, 2017

tls: do not crash on STARTTLS when OCSP requested

a1b114e

`TLSSocket` should not have a hard dependency on `tls.Server`, since it may be running without it in cases like `STARTTLS`. Fix: nodejs#10704

indutny mentioned this issue Jan 9, 2017

tls: do not crash on STARTTLS when OCSP requested #10706

Closed

4 tasks

mscdex added the tls Issues and PRs related to the tls subsystem. label Jan 9, 2017

sam-github added the confirmed-bug Issues with confirmed bugs. label Jan 13, 2017

sam-github closed this as completed in a1802e6 Feb 22, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crash using SNICallback over a netSocket #10704

Crash using SNICallback over a netSocket #10704

webertrlz commented Jan 9, 2017 •

edited

Loading

webertrlz commented Jan 9, 2017

Crash using SNICallback over a netSocket #10704

Crash using SNICallback over a netSocket #10704

Comments

webertrlz commented Jan 9, 2017 • edited Loading

webertrlz commented Jan 9, 2017

webertrlz commented Jan 9, 2017 •

edited

Loading