-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
application crash on HTTPS connection using a self-signed certificate without keyCertSig bit #37889
Comments
addaleax
added
duplicate
Issues and PRs that are duplicates of other issues or PRs.
tls
Issues and PRs related to the tls subsystem.
labels
Mar 24, 2021
I'll close this as a duplicate of #37757, but please correct me if that's wrong. This contains value information either way 👍 |
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 30, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 30, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 30, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Mar 31, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Apr 4, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Apr 4, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Apr 14, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Apr 14, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Apr 23, 2021
nils91
added a commit
to nils91/node
that referenced
this issue
Apr 23, 2021
jasnell
pushed a commit
that referenced
this issue
Apr 27, 2021
targos
pushed a commit
that referenced
this issue
Apr 29, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version: 14.16.0
Platform: Microsoft Windows NT 10.0.19041.0 x64
Subsystem: https
Background
Self-signed certificates without the
keyCertSig
bit were rejected by OpenSSL. This was fixed in version 1.1.1h. Trying to connect to a server using such a certificate using older Node.js versions resulted in anUNABLE_TO_VERIFY_LEAF_SIGNATURE
error.What steps will reproduce the bug?
Connecting to a HTTPS Server that is using a self-signed certificate without the
keyCertSig
bit causes the application to hang/crash when this certificate is passed to theca
option of thehttps.Agent
.Client:
Server:
certificates.zip
How often does it reproduce? Is there a required condition?
The issue occurs on every connection attempt.
What is the expected behavior?
The connection to the server should be established.
What do you see instead?
The application is unresponsive and starts to use more and more memory and crashes when the machine runs out of memory:
Additional information
Node.js 12.21.0 shows the same behavior. Node.js 12.16.3 terminates the connection with the previously mentioned
UNABLE_TO_VERIFY_LEAF_SIGNATURE
error but does not hang or crash.The text was updated successfully, but these errors were encountered: