Closed
Description
- Version: 6.9.3
- Platform: Linux 4.4.0-28-generic V8 upgrades and what they mean for versioning #47~14.04.1-Ubuntu SMP Fri Jun 24 16:30:35 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
- Subsystem: 'tls'
My node app is crashing often when using SNICallback with netSocket and netServer, can't reproduce it yet.
Backtrace:
_tls_wrap.js:117
if (ctx.context)
^
TypeError: Cannot read property 'context' of undefined
at requestOCSP (_tls_wrap.js:117:10)
at _tls_wrap.js:167:5
at loadSNI (_tls_wrap.js:88:12)
at TLSSocket.oncertcb (_tls_wrap.js:164:3)
at TLSWrap.ssl.oncertcb (_tls_wrap.js:418:39)
Here is a small piece of code just to show what is done:
//options object to use with tls.TLSSocket()
var sslOptions = {
isServer : true,
SNICallback : function(hostname, callback){
callback(null, tls.createSecureContext(fetchDomainCertificate()));
},
key : fetchDefaultKey(),
cert : fetchDefaultCert(),
ca : fetchDefaultCa(),
requestCert : false,
rejectUnauthorized : false,
requestOCSP : false
}
//create a server using 'net' package
var server = net.createServer(function(_socket){
var socket = new tlswrapper.tlsWrapper(_socket);
var lineStream = readline.createInterface(socket, socket);
lineStream.on('line', function(line){
if(line == "STARTTLS"){
//issue the encryption mechanism
socket.startTLS(sslOptions);
}
});
[...]
}).listen(anyPort);
//see here that I'm using a netServer, not a tlsServer.
sslOptions.server = server;
The tlswrapper attached here is what invokes new tls.TLSSocket(socket, sslOptions), you should take a look at it.
The code above is what is used in production and works for dozens or hundreds of requests (which means a few minutes) until it crashes, but I wasn't able to reproduce it on a test case. I'll keep working on that.
Also, I would like to point that it seems to call that requestOSCP() function even though I set it to false.
It works fine if I use any tlsServer instead of the netServer, by just changing the last line to this:
sslOptions.server = tls.createServer(sslOptions);