Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL error connecting to Grove.io #107

Closed
palewire opened this issue Feb 11, 2014 · 9 comments
Closed

SSL error connecting to Grove.io #107

palewire opened this issue Feb 11, 2014 · 9 comments

Comments

@palewire
Copy link

Here is the error. It happened after a fresh push of new code to heroku, which triggered a rebuild of all the node dependencies. Was working fine before that, so I suspect some upgrade in there caused the problem -- though I welcome alternative explanations.

Here is the error:

11 Feb 18:25:00 - Hostname/IP doesn't match certificate's altnames

Here is the package.json.
@jgable
Copy link
Collaborator

jgable commented Feb 11, 2014

This doesn't look like an error with this adapter.

What version of node are you running on Heroku? From the research I could find it looks like node > 0.8 now throws this error whenever a sites certificate has a particular problem.

I don't have a heroku or a grove.io account, so I'm gonna need you to debug it a little further if you can. In particular, I need to know exactly what node version that code is running on and a stack trace of when that error is fired so we can figure out what module it's even in.

@stormsilver
Copy link

I was also getting this error. I was able to get around it by patching irc.js to accept this error as well as other SSL errors:

self.conn.authorizationError === 'Hostname/IP doesn\'t match certificate\'s altnames'

Got a PR up against it - is it good enough? I know nothing about node etc.

@stormsilver stormsilver mentioned this issue Feb 27, 2014
Closed
@jgable
Copy link
Collaborator

jgable commented Feb 27, 2014

I still think this is potentially a configuration problem with either your server url/ip or the grove.io ssl certificate. Unless someone can start posting some configurations, logs and steps to reproduce, that is what I'm going to assume.

@stormsilver
Copy link

@jgable I have no doubt that it's a problem with the grove.io certificate. However, it seems to me that if I specify HUBOT_IRC_SERVER_FAKE_SSL that it would ignore hostname mismatches as well - by specifying that option you are essentially saying "I don't care about the certificate, just use it for encryption but not identification".

Here's the command I used to get the error:

HUBOT_IRC_SERVER=foo.irc.grove.io HUBOT_IRC_PORT=6697  HUBOT_IRC_USESSL=true HUBOT_IRC_DEBUG=true HUBOT_IRC_SERVER_FAKE_SSL=true HUBOT_IRC_SERVER_CERT_EXPIRED=true HUBOT_IRC_ROOMS='#myroom' bin/hubot -a irc

Log is short and sweet:

[Thu Feb 27 2014 09:08:40 GMT-0600 (CST)] WARNING The HUBOT_AUTH_ADMIN environment variable not set
[Thu Feb 27 2014 09:08:40 GMT-0600 (CST)] INFO Data for brain retrieved from Redis
27 Feb 09:08:40 - Hostname/IP doesn't match certificate's altnames

I'd be glad to post more debugging info, but being a total node n00b I've no idea where to begin. What else do you need?

@jgable
Copy link
Collaborator

jgable commented Feb 27, 2014

Ugh, I don't like putting in edge cases for bad net citizens like grove.io; they should fix their ssl certificate that is what you pay them for. Is there an option on your heroku instance to use node 0.8 ?

@stormsilver
Copy link

Totally agree - you shouldn't have to code for people who can't/won't/don't buy a wildcard SSL cert. But again, I expected the option HUBOT_IRC_SERVER_FAKE_SSL to already do this, so I was surprised when it didn't. You'll always have the case where someone is setting up their own server or doing some other wonky thing, so I look at it not so much as adding an exception, but fixing the override flag to do the expected thing.

It's no big deal to me, I don't mind running hubot with a forked version of node-irc with my patch in it. If you think it's a bad idea, you're in charge. :) Feel free to close the PR and/or this ticket.

On Feb 27, 2014, at 9:17 AM, Jacob Gable notifications@github.com wrote:

Ugh, I don't like putting in edge cases for bad net citizens like grove.io; they should fix their ssl certificate that is what you pay them for. Is there an option on your heroku instance to use node 0.8 ?


Reply to this email directly or view it on GitHub.

@jgable
Copy link
Collaborator

jgable commented Feb 27, 2014

I don't feel like this hostname/ip error is the same sort of error you get from fake ssl errors, it's in a category of it's own that are thrown by nodes core net libraries. Fake ssl still works without this fix, which to me means it's not related to Fake ssl configuration.

I have reached out on twitter to grove, they should at least be aware of the issue now.

@jgable jgable closed this as completed Feb 27, 2014
@frankwiles
Copy link

Forgot to mention it here, but this was resolved on Grove's end. Thanks for bringing it to our attention!

@jgable
Copy link
Collaborator

jgable commented Apr 21, 2014

@frankwiles thanks for the update

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@palewire @stormsilver @frankwiles @jgable