Node.js error with SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE - javascript

System: Windows 7
NodeJS version: 0.10.2
WS module: ws, last version
Error:
events.js:72
throw er; // Unhandled 'error' event
^
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
at SecurePair. (tls.js:1283:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:896:10)
at CleartextStream.read [as _read] (tls.js:430:15)
at CleartextStream.Readable.read (_stream_readable.js:294:10)
at EncryptedStream.write [as _write] (tls.js:344:25)
at doWrite (_stream_writable.js:211:10)
at writeOrBuffer (_stream_writable.js:201:5)
at EncryptedStream.Writable.write (_stream_writable.js:172:11)
at write (_stream_readable.js:547:24)
Server:
(function(){
"use strict";
var fs = require('fs');
// you'll probably load configuration from config
var cfg = {
ssl: true,
port: 8080,
ssl_key: 'crt/server1.key',
ssl_cert: 'crt/server1.crt'
};
var httpServ = require('https')
var WebSocketServer = require('ws').Server;
var app = null;
// dummy request processing
var processRequest = function( req, res ) {
res.writeHead(200);
res.end("All glory to WebSockets!\n");
};
if ( cfg.ssl ) {
app = httpServ.createServer({
// providing server with SSL key/cert
key: fs.readFileSync( cfg.ssl_key ),
cert: fs.readFileSync( cfg.ssl_cert ),
//requestCert: true,
//rejectUnauthorized: false
}, processRequest ).listen( cfg.port );
} else {
app = httpServ.createServer( processRequest ).listen( cfg.port );
}
// passing or reference to web server so WS would knew port and SSL capabilities
var wss = new WebSocketServer( { server: app } );
wss.on( 'connection', function ( wsConnect ) {
wsConnect.on( 'message', function ( message ) {
console.log( message );
});
});
}());
Client:
var WebSocket = require('ws');
var ws = new WebSocket('wss://localhost:8080');
ws.on('open', function() {
ws.send('something');
});
The certificate confirmed.
Help> please!

I'm using a package called "superagent" and getting the same error. After trying several potential fixes, I came across this one that works for me 100% of the time:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
There's no need to do any requires or whatever : just add this to your code before your network calls and you're good to go.

The SSL certificate used by the server in your example is probably not fully trusted by the WebSocket client so NodeJS is throwing an error in its network library on the client-side.
You need to set rejectUnauthorized to false (this is an option that most high-level network libraries will allow you to set via an option that gets passed to the lower level NodeJS networking library).
I skimmed the ws module source code and looks like you should try this:
var ws = new WebSocket('wss://localhost:8080', null, {rejectUnauthorized: false});
NOTE: rejectUnauthorized should only be false during testing/development. Production applications should always use rejectUnauthorized: true for full security.

If you do not want to disable your security. Add ca: [cert] option in http /socket client options.
Where cert is Certificate of server you are connecting to or CA of the server you are connecting to.

I've encountered a similar problem before, you may try to use
https.globalAgent.options.secureProtocol = 'SSLv3_method'
to set SSLv3 connection for https.

As per the nginx official website, they clearly mentioned certificate should be the combination of The server certificate and chained certificates.MoreInfo

Below solution is prefect and working fine for me in node js
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

Use a library to load the certificates (pem, crt, ...) from a given folder.
https://github.com/fujifish/syswide-cas
You can export the certificates from the browser and try:
const syswidecas = require('syswide-cas');
syswidecas.addCAs('./certs');

Related

How to make gun accept a self-signed certificate?

gun 0.8.8, Node.js-to-Node.js, Node.js-to-browser
I see the following error in browser console:
VM103:161 WebSocket connection to 'wss://127.0.0.1:8080/gun' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE
VM103:161 WebSocket connection to 'wss://10.42.0.56:8080/gun' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
And there are no messages on Node.js side.
Sorce code of my server:
const Hapi = require('hapi');
const Gun = require('gun');
const pem = require('pem');
pem.createCertificate({ days: 1, selfSigned: true }, function (err, keys) {
if (err) {
throw err
}
const server = new Hapi.Server;
var tls = {
key: keys.serviceKey,
cert: keys.certificate
};
server.connection({
port: 8080,
tls
});
server.connections.forEach(c => Gun({ web: c.listener, file: 'data.json' }));
server.route({
method: 'GET',
path: '/',
handler: function (request, reply) {
reply('Server works!');
}
});
server.start();
})
In order to make gun work with a self-signed certificate you need two things:
Lunch browser ignoring the certificate errors. For example, Chrome
google-chrome --ignore-certificate-errors
Put the following process option in Node.js code
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
or add the environment variable
export NODE_TLS_REJECT_UNAUTHORIZED=0

ERR_SSL_PROTOCOL_ERROR - Socket.io and Node.js

I’m working with the Node.js server and using the Socket.io to manage connections by Socket but I’m having a problem with the SSL certificate.
Lot of users can access the Node.js server normally, but others users doesn’t access and they receive this error:
When I set my server I have this SSL options:
var privateKey = fs.readFileSync('/root/cert/key.key', 'utf8').toString();
var certificate = fs.readFileSync('/root/cert/cert.crt', 'utf8').toString();
var ca = fs.readFileSync('/root/cert/ca.crt').toString();
var credentials = { key: privateKey, cert: certificate, ca: ca };
var app = express();
var httpsServer = https.createServer(credentials, app);
var io = require('socket.io')(httpsServer);
Somebody knows how to resolve this error? The problem is only some users receive this error.
Well, as far as I can see, you are missing a listening port for you https server.
var httpsServer = https.createServer(credentials, app).listen(<port>);
I had so much trouble with ERR_SSL_PROTOCOL_ERROR that I have to give you my solution
NodeJS server 16.15.0 with "socket.io": "2.4.1" (I assume it works with other NodeJS versions)
const path = require("path");
const fs = require("fs");
const io = require("socket.io")();
const folder = path.join(__dirname, "ssl");
const privateKey = fs.readFileSync(path.join(folder, "server_key.pem"), "utf8");
const certificate = fs.readFileSync(path.join(folder, "server_cert.pem"), "utf8");
const optSsl = {
key: privateKey,
cert: certificate,
ca: [certificate],
requestCert: false, // put true if you want a client certificate, tested and it works
rejectUnauthorized: false,
};
const server = require("https");
const webServer = server.createServer(optSsl);
webServer.listen(8025); // port number
io.listen(webServer);
io.on("connection", (client) => {
/*...*/
});
/*...*/
Angular 10.2.7 with "ngx-socket-io": "3.2.0" (I assume it works also with other Angular versions)
import { Socket, SocketIoConfig } from 'ngx-socket-io';
/*...*/
socket: Socket;
socketConfig: SocketIoConfig;
socketConfig = {
url: "https://myserver:8025",
options: {},
};
socket = new Socket(socketConfig);
socket.connect();
Looks like your apache2 is not properly configured.
Check if you have your config file enabled:
a2ensite default-ssl
And then restart the server.

Error with node.js and SSL

I created all need certificate for communication between client.js and server.js.Wenn i start client.js with node client.js while server is running. I get error:self signed certificate. But i constantly have problem with ca authority. How to create valid certificate if that is a problem?
This is my client.js script:
var tls = require('tls');
var fs = require('fs');
var options = {
// These are necessary only if using the client certificate authentication (so yeah, you need them)
key: fs.readFileSync('client-private-key.pem'),
cert: fs.readFileSync('client-certificate.pem'),
// This is necessary only if the server uses the self-signed certificate
ca: [ fs.readFileSync('../server/server-certificate.pem') ]
};
var cleartextStream = tls.connect(443, options, function() {
console.log('client connected',
cleartextStream.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(cleartextStream);
process.stdin.resume();
});
cleartextStream.setEncoding('utf8');
cleartextStream.on('data', function(data) {
console.log(data);
});
cleartextStream.on('end', function() {
server.close();
});
This is my server.js:
var tls = require('tls');
var fs = require('fs');
var options = {
key: fs.readFileSync('server-private-key.pem'),
cert: fs.readFileSync('server-certificate.pem'),
// This is necessary only if using the client certificate authentication.
// Without this some clients don't bother sending certificates at all, some do
requestCert: true,
// Do we reject anyone who certs who haven't been signed by our recognised certificate authorities
rejectUnauthorized: true,
// This is necessary only if the client uses the self-signed certificate and you care about implicit authorization
ca: [ fs.readFileSync('../client/client-certificate.pem') ]
};
var server = tls.createServer(options, function(cleartextStream) {
//Show the certificate info as supplied by the client
console.log(cleartextStream.getPeerCertificate());
console.log('server connected',
cleartextStream.authorized ? 'authorized' : 'unauthorized');
cleartextStream.write("welcome!\n");
cleartextStream.setEncoding('utf8');
cleartextStream.pipe(cleartextStream);
});
server.listen(443, function() {
console.log('server bound');
});
Error is:
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1017:38)
at emitNone (events.js:67:13)
at TLSSocket.emit (events.js:166:7)
at TLSSocket._init.ssl.onclienthello.ssl.oncertcb.TLSSocket._finishInit (_tl
s_wrap.js:582:8)
at TLSWrap.ssl.onclienthello.ssl.oncertcb.ssl.onnewsession.ssl.onhandshakedo
ne (_tls_wrap.js:424:38)
P.S. I spent a lot of time(more then 12 hours) searching this on internet. So please no more tutorials

How to read data from topic using kafka-node?

I have topic that i have to read from kafka server so for that i just need to create consumer that can read data from kafka topic, I always get error topic does not exist.
1- How can i make sure kafka connection is established ?
2- How to get the data from specific topic in kafka ?
main.js
var kafka = require('kafka-node');
var config = require('./config.js');
var kafkaConn = config.kafkaCon.dit;
var HighLevelConsumer = kafka.HighLevelConsumer;
//var HighLevelProducer = kafka.HighLevelProducer;
var Client = kafka.Client;
var Offset = kafka.Offset;
var topics = [{topic: 'UEQ'}];
var client = new Client(kafkaConn);
var payloads = [ { topic: topics, partition : 0}];
var options = {
groupId: 'kafka-node-group',
// Auto commit config
autoCommit: true,
autoCommitMsgCount: 100,
autoCommitIntervalMs: 5000,
// Fetch message config
fetchMaxWaitMs: 100,
fetchMinBytes: 1,
fetchMaxBytes: 1024 * 10,
};
var consumer = new HighLevelConsumer(client, payloads, options);
consumer.on('message', function (message) {
console.log('TEST',this.id, message);
});
error
events.js:141
throw er; // Unhandled 'error' event
^
TopicsNotExistError: The topic(s) [object Object] do not exist
at new TopicsNotExistError (C:\uilogging\node_modules\kafka-node\lib\errors\
TopicsNotExistError.js:11:11)
I am doing a similar project where i have a Kafka producer on its own server and am using Kafka-Node as a consumer for my application. I am fairly new to Kafka-Node, and don't have much experience with it, but i can try to share some of the insights i have found.
I believe your problem is literally that your topic doesn't exist.
1. How can i make sure Kafka connection is established?
If your connection wasn't established, i don't think it would move on to say the topic doesn't exist. When i type in a topic that doesn't exist and i type a random ip for my Kafka producer, nothing errors out. But when i point to the correct ip, and an still have incorrect topic, i get the same error you see.
2. This code is working for my application
var kafka = require('kafka-node');
var Consumer = kafka.Consumer,
// The client specifies the ip of the Kafka producer and uses
// the zookeeper port 2181
client = new kafka.Client("<ip to producer>:2181"),
// The consumer object specifies the client and topic(s) it subscribes to
consumer = new Consumer(
client, [ { topic: 'myTopic', partition: 0 } ], { autoCommit: false });
consumer.on('message', function (message) {
// grab the main content from the Kafka message
var data = JSON.parse(message.value);
console.log(data);
});
Hopefully this doesn't find you too late.
If you need this for debugging/development purposes then just add the following imports (the following code is in ES6 format) and it should console.log out a message when the connection is established or if there were any failure messages:
this.kafkaLogging = require('kafka-node/logging');
this.kafkaLogging.setLoggerProvider(this.getLoggerProvider);
...
getLoggerProvider() {
return {
debug: console.log.bind(console),
info : console.log.bind(console),
warn : console.log.bind(console),
error: console.log.bind(console)
};
}

Implementing a simple proxy server using node.js

I'm trying to create a simple node.js proxy server for experimental purposes and I came up with this simple script:
var url = require("url");
var http = require("http");
var https = require("https");
http.createServer(function (request, response) {
var path = url.parse(request.url).path;
if (!path.indexOf("/resource/")) {
var protocol;
path = path.slice(10);
var location = url.parse(path);
switch (location.protocol) {
case "http:":
protocol = http;
break;
case "https:":
protocol = https;
break;
default:
response.writeHead(400);
response.end();
return;
}
var options = {
host: location.host,
hostname: location.hostname,
port: +location.port,
method: request.method,
path: location.path,
headers: request.headers,
auth: location.auth
};
var clientRequest = protocol.request(options, function (clientResponse) {
response.writeHead(clientResponse.statusCode, clientResponse.headers);
clientResponse.on("data", response.write);
clientResponse.on("end", function () {
response.addTrailers(clientResponse.trailers);
response.end();
});
});
request.on("data", clientRequest.write);
request.on("end", clientRequest.end);
} else {
response.writeHead(404);
response.end();
}
}).listen(8484);
I don't know where I'm going wrong but it gives me the following error when I try to load any page:
http.js:645
this._implicitHeader();
^
TypeError: Object #<IncomingMessage> has no method '_implicitHeader'
at IncomingMessage.<anonymous> (http.js:645:10)
at IncomingMessage.emit (events.js:64:17)
at HTTPParser.onMessageComplete (http.js:137:23)
at Socket.ondata (http.js:1410:22)
at TCP.onread (net.js:374:27)
I wonder what could the problem be. Debugging in node.js is so much more difficult than in Rhino. Any help will be greatly appreciated.
As I mentioned in the comments, your primary problem is that your .write and .end calls are not bound properly to a context, so they will just flip out and throw errors all over.
With that fixed, requests give a 404 because the headers property will pull in the host header of the original request, localhost:8484. Following your example, that will get send to jquery.com's server, and it will 404. You need to remove the host header before proxying.
Add this before calling protocol.request.
delete options.headers.host;

Categories

Resources