Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Node.js error with SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE

System: Windows 7

NodeJS version: 0.10.2

WS module: ws, last version

Error:

events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
    at SecurePair. (tls.js:1283:32)
    at SecurePair.EventEmitter.emit (events.js:92:17)
    at SecurePair.maybeInitFinished (tls.js:896:10)
    at CleartextStream.read [as _read] (tls.js:430:15)
    at CleartextStream.Readable.read (_stream_readable.js:294:10)
    at EncryptedStream.write [as _write] (tls.js:344:25)
    at doWrite (_stream_writable.js:211:10)
    at writeOrBuffer (_stream_writable.js:201:5)
    at EncryptedStream.Writable.write (_stream_writable.js:172:11)
    at write (_stream_readable.js:547:24)

Server:

(function(){

    "use strict";

    var fs = require('fs');

    // you'll probably load configuration from config
    var cfg = {
        ssl: true,
        port: 8080,
        ssl_key: 'crt/server1.key',
        ssl_cert: 'crt/server1.crt'
    };

    var httpServ = require('https') 

    var WebSocketServer   = require('ws').Server;

    var app      = null;

    // dummy request processing
    var processRequest = function( req, res ) {

        res.writeHead(200);
        res.end("All glory to WebSockets!\n");
    };

    if ( cfg.ssl ) {

        app = httpServ.createServer({

            // providing server with  SSL key/cert
            key: fs.readFileSync( cfg.ssl_key ),
            cert: fs.readFileSync( cfg.ssl_cert ),
            //requestCert: true,
            //rejectUnauthorized: false

        }, processRequest ).listen( cfg.port );

    } else {

        app = httpServ.createServer( processRequest ).listen( cfg.port );
    }

    // passing or reference to web server so WS would knew port and SSL capabilities
    var wss = new WebSocketServer( { server: app } );


    wss.on( 'connection', function ( wsConnect ) {

        wsConnect.on( 'message', function ( message ) {

            console.log( message );

        });

    });


}());

Client:

var WebSocket = require('ws');
var ws = new WebSocket('wss://localhost:8080');
ws.on('open', function() {
    ws.send('something');
});

The certificate confirmed.

Help> please!

like image 216
Yaroslav L. Avatar asked Aug 27 '13 09:08

Yaroslav L.


People also ask

Does node js support https?

To create an HTTPS server, you need two things: an SSL certificate, and built-in https Node. js module. We need to start out with a word about SSL certificates. Speaking generally, there are two kinds of certificates: those signed by a 'Certificate Authority', or CA, and 'self-signed certificates'.

What is Node_extra_ca_certs?

NODE_EXTRA_CA_CERTS. From Node version 7.3. 0, NODE_EXTRA_CA_CERTS environment variable is introduced to pass in a CA certificate file. This allows the “root” CAs to be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format.

What is rejectUnauthorized?

By setting rejectUnauthorized: false , you're saying "I don't care if I can't verify the server's identity." Obviously this is not a good solution as it leaves you vulnerable to MITM attacks.


Video Answer


1 Answers

I'm using a package called "superagent" and getting the same error. After trying several potential fixes, I came across this one that works for me 100% of the time:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

There's no need to do any requires or whatever : just add this to your code before your network calls and you're good to go.

like image 184
dpjanes Avatar answered Oct 04 '22 10:10

dpjanes