Skip to content

Malformed crt with HTTPS SNI causes hang - no error, no result #867

New issue
New issue
Closed
Closed
Malformed crt with HTTPS SNI causes hang - no error, no result#867
@coolaj86

Description

@coolaj86
coolaj86
opened on Feb 17, 2015

This just hangs without throwing an error or completing the request:

curl https://localhost:65443 -k

Expected result

client receives

Cannot GET /

server logs

[log] SNI: local.helloworld3000.com
[log] SNI: undefined
[log] {}
[log] request
[log] request for local.helloworld3000.com:65443/

Reduced Test Case

'use strict';

var https           = require('https');
var fs              = require('fs');
var path            = require('path');
var crypto          = require('crypto');
var connect         = require('connect');

module.exports.create = function (_securePort, _insecurePort) {
    // connect / express app
  var app             = connect();

    // SSL Server
  var secureContexts  = {};
  var dummyCerts;
  var secureOpts;
  var secureServer;
  var securePort      = _securePort || 443;

    // force SSL upgrade server
  var insecureServer;
  var insecurePort    = _insecurePort || 80;

  function loadDummyCerts() {
    var certsPath = path.join(__dirname, 'certs');
    var certs = {
      key:          fs.readFileSync(path.join(certsPath, 'server', 'dummy-server.key.pem'))
    , cert:         fs.readFileSync(path.join(certsPath, 'server', 'dummy-server.crt.pem'))
    , ca:           fs.readdirSync(path.join(certsPath, 'ca')).map(function (node) {
                      return fs.readFileSync(path.join(certsPath, 'ca', node));
                    })
    };
    secureContexts.dummy = crypto.createCredentials(certs).context;
    dummyCerts = certs;
  }
  loadDummyCerts();

  app.use(function (req, res, next) {
    console.log('[log] request for ' + req.headers.host + req.url);
    next();
  });

  function runServer() {
    //provide a SNICallback when you create the options for the https server
    secureOpts = {
      //SNICallback is passed the domain name, see NodeJS docs on TLS
      SNICallback:  function (domainname) {
                      console.log('[log] SNI:', domainname);
                      console.log('[log] SNI:', secureContexts[domainname]);
                      var secureContext = secureContexts[domainname] || secureContexts.dummy;
                      console.log('[log]', secureContext);
                      return secureContext;
                    }
                    // fallback / default dummy certs
    , key:          dummyCerts.key
    , cert:         dummyCerts.cert
    , ca:           dummyCerts.ca
    };

    secureServer = https.createServer(secureOpts);
    secureServer.on('request', function (req, res) {
      console.log('[log] request');
      app(req, res);
    });
    secureServer.listen(securePort, function () {
      console.log("Listening on https://localhost:" + secureServer.address().port);
    });
  }

  runServer();
}
module.exports.create(443, 80);

directory layout

tree
├── vhost-sni-server.js
├── certs
│   ├── ca
│   │   ├── dummy-root-ca.crt.pem
│   │   ├── my-root-ca.crt.pem
│   │   └── my-root-ca.key.pem
│   ├── README.md
│   └── server
│       ├── dummy-server.crt.pem
│       ├── dummy-server.key.pem
│       ├── my-server.crt.pem
│       └── my-server.key.pem

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions