tls: OpenSSL errors with many tls socket writes #1595
Comments
|
/cc @indutny |
OpenSSL uses the same code for reading and writing SSLv3 and TLSv1.x frames. SSL and TLS are largely the same wire protocol, the differences are in the supported extensions and cipher suites. |
|
Sorry for my previous blank comment. This issue comes from a tiny bug in JSStream::DoWrite where it always sends the first buffer so that its data becomes an invalid broken SSL record data. It can be fixed the following patch. diff --git a/src/js_stream.cc b/src/js_stream.cc
index 09c4f58..6b7c406 100644
--- a/src/js_stream.cc
+++ b/src/js_stream.cc
@@ -89,7 +89,7 @@ int JSStream::DoWrite(WriteWrap* w,
Local<Array> bufs_arr = Array::New(env()->isolate(), count);
for (size_t i = 0; i < count; i++)
- bufs_arr->Set(i, Buffer::New(env(), bufs[0].base, bufs[0].len));
+ bufs_arr->Set(i, Buffer::New(env(), bufs[i].base, bufs[i].len));
Local<Value> argv[] = {
w->object(),@mscdex Your test of #1594 does not have diff --git a/test/parallel/test-tls-connect-stream-writes.js b/test/parallel/test-tls-connect-stream-writes.js
index 3c9fecc..0bf1db1 100644
--- a/test/parallel/test-tls-connect-stream-writes.js
+++ b/test/parallel/test-tls-connect-stream-writes.js
@@ -1,4 +1,5 @@
-var fs = require('fs'),
+var assert = require('assert'),
+ fs = require('fs'),
path = require('path'),
tls = require('tls'),
stream = require('stream'),
@@ -12,8 +13,14 @@ var cert_dir = path.resolve(__dirname, '../fixtures'),
cert: fs.readFileSync(cert_dir + '/test_cert.pem'),
ca: [ fs.readFileSync(cert_dir + '/test_ca.pem') ],
ciphers: 'AES256-GCM-SHA384' };
-
-server = tls.createServer(options);
+var content = 'hello world';
+var recv_bufs = [];
+var send_data = '';
+server = tls.createServer(options, function(s) {
+ s.on('data', function(c) {
+ recv_bufs.push(c);
+ });
+});
server.listen(common.PORT, function() {
var raw = net.connect(common.PORT);
@@ -43,8 +50,16 @@ server.listen(common.PORT, function() {
socket: p,
rejectUnauthorized: false
}, function() {
- for (var i = 0; i < 50; ++i)
- socket.write('hello world');
+ for (var i = 0; i < 50; ++i) {
+ socket.write(content);
+ send_data += content;
+ }
socket.end();
+ server.close();
});
});
+
+process.on('exit', function() {
+ var recv_data = (Buffer.concat(recv_bufs)).toString();
+ assert.strictEqual(send_data, recv_data);
+}); |
|
@shigeki The test changes look fine to me. |
|
@shigeki please file a PR, LGTM |
The index of buffer to write in JSStream was always 0 by mistake. This fix was to use increment index of buffer arrays. The test was originally made by Brian White in nodejs#1594. Fixes: nodejs#1595 Fixes: nodejs#1594
|
Also fixed in #1635. |
The index of buffer to write in JSStream was always 0 by mistake. This fix was to use increment index of buffer arrays. The test was originally made by Brian White in nodejs#1594. Fix: nodejs#1595 Fix: nodejs#1594 PR-URL: nodejs#1635 Reviewed-By: Fedor Indutny <fedor@indutny.com>
Recently while trying to create a benchmark for the JS Duplex stream compatibility for
tls.connect(), I discovered an issue while trying to perform > 10-ish successive writes to the tls wrapped socket. The test case to reproduce this is in #1594.The error I get is:
I'm not sure why it's using SSL3 in the first place since I thought 2 and 3 were disabled by default. So I tried forcing TLSv1 by setting
secureProtocol: 'TLSv1_method'in thetls.connect()options, which instead causes this error:The text was updated successfully, but these errors were encountered: