clientError emitted for wrong socket - SSL alert number 48

[calzoneman]

I've noticed a peculiar behavior of the https module with regard to Firefox closing connections for untrusted certificates. In the demo below, I use a self-signed certificate generated by the pem module, but the same principle can be applied to any untrusted certificate (for example, I was able to cause the same issue by deleting the Startcom signing certificates from Firefox and attempting to connect to a server with a StartSSL cert).

What happens is that as soon as a Firefox client that doesn't trust the certificate terminates its connection, the https server fires a clientError event with an SSL error-- except this event is fired on a random socket that has no relation to the Firefox client. I determined this by gathering several different Chrome users, having them all connect to a server I controlled, and observing the errors logged when I connect with Firefox.

Steps to reproduce:

1. Download server.js and index.html as listed below

2. Install the pem module

3. Start the server, and navigate Chromium to https://localhost:4444

   • Click Advanced and Proceed to localhost (unsafe)

4. Navigate Firefox to https://localhost:4444

5. Observe that as soon as the Untrusted Connection page displays in Firefox, a clientError is triggered on the server, but on the Chromium client:

   Error: 140173278586688:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1461:SSL alert number 48
   
   at Error (native)
   Triggered on client with UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
   

Demo:

server.js

var https = require('https');
var pem = require('pem');
var fs = require('fs');

var indexHtml = fs.readFileSync('index.html');

pem.createCertificate({ days: 10, selfSigned: true }, function (err, keys) {
    if (err) throw err;

    var httpServer = https.createServer({
        key: keys.serviceKey,
        cert: keys.certificate
    }, function (req, res) {
        req.socket.userAgent = req.headers['user-agent'];
        res.writeHead('200', {
            'Content-Type': 'text/html',
            'Content-Length': indexHtml.length
        });

        res.end(indexHtml);
    });

    httpServer.on('clientError', function (err, socket) {
        console.log(err.stack);
        console.log('Triggered on client with UA: ' + socket.userAgent);
    });

    httpServer.listen(4444);
});

index.html

<!doctype html>
<html lang="en">
  <head>
    <title>SSL Error Demo</title>
    <meta charset="utf-8">
  </head>
  <body>
    <div id="debug"></div>
    <script type="text/javascript">
      function makeRequest() {
        var req = new XMLHttpRequest();
        req.open('GET', location.href, true);

        req.onload = function (ev) {
          setTimeout(makeRequest, 10);
        };

        req.send();
      }

      makeRequest();
    </script>
  </body>
</html>

I am using node.js v0.12.2 on Arch Linux. The issue is not reproducible on v0.10.35 on the same machine.

I believe this is the underlying cause of websockets/ws#477.

[nuclearace]

👍

[Xaekai]

The 🐛 is real.

[calzoneman]

Any thoughts on this? This is blocking me from updating to node v0.12