SSL exception (wrong final block length) crashes script #139

Closed
mopagemo opened this Issue Feb 18, 2013 · 7 comments

Comments

Projects
None yet
2 participants
@mopagemo

Hi,

I have a long running script that occasionally sends out emails. Occasionally though the script crashes with this trace:

uncaughtException pid=16996, uid=0, gid=0, cwd=/www/node, execPath=/usr/bin/nodejs, version=v0.8.19, argv=[/usr/bin/nodejs, /www/node/app.js], rss=89866240, heapTotal=75649792, heapUsed=52423400, loadavg=[0.3193359375, 0.36669921875, 0.4638671875], uptime=24547991.244371664, trace=[column=24, file=tls.js, function=CleartextStream._pusher, line=674, method=_pusher, native=false, column=18, file=tls.js, function=SlabBuffer.use, line=217, method=use, native=false, column=33, file=tls.js, function=CleartextStream.CryptoStream._push, line=501, method=CryptoStream._push, native=false, column=20, file=tls.js, function=SecurePair.cycle, line=898, method=cycle, native=false, column=13, file=tls.js, function=EncryptedStream.CryptoStream.write, line=285, method=CryptoStream.write, native=false, column=26, file=stream.js, function=Socket.ondata, line=38, method=ondata, native=false, column=17, file=events.js, function=Socket.EventEmitter.emit, line=96, method=EventEmitter.emit, native=false, column=14, file=net.js, function=TCP.onread, line=397, method=onread, native=false], stack=[Error: 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, 140234777073440:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../deps/openssl/openssl/crypto/evp/evp_enc.c:460:, , at CleartextStream._pusher (tls.js:674:24), at SlabBuffer.use (tls.js:217:18), at CleartextStream.CryptoStream._push (tls.js:501:33), at SecurePair.cycle (tls.js:898:20), at EncryptedStream.CryptoStream.write (tls.js:285:13), at Socket.ondata (stream.js:38:26), at Socket.EventEmitter.emit (events.js:96:17), at TCP.onread (net.js:397:14)]

I know that nothing in there points towards nodemailer, but I looked the the SMTP logs of my email server and at the exact times these exceptions occur I have these log entries on the email server:

2013-02-18 21:36:31 SMTP command timeout on TLS connection from xxxxxxxxx.com ([127.0.0.1]) [188.xxx.xxx.10]

The timing between these exceptions is quite different, sometimes only minutes, sometimes a few hours. It doesn't matter how long the script is running though.

I use nodemailer version "0.3.42", node v0.8.19 on 2.6.32-41-server #88-Ubuntu SMP. The email server is Exim version 4.76 #1 built 25-Oct-2012 and it's not on the same machine.

Any help is greatly appreciated, let me know if there is anything you need.

@andris9

This comment has been minimized.

Show comment Hide comment
@andris9

andris9 Feb 19, 2013

Member

What is your nodemailer setup, are you using secureConnection: true ? If not then the connection is upgraded to TLS with STARTTLS command. To disable this behavior you should set ignoreTLS: true for the Nodemailer SMTP settings

Member

andris9 commented Feb 19, 2013

What is your nodemailer setup, are you using secureConnection: true ? If not then the connection is upgraded to TLS with STARTTLS command. To disable this behavior you should set ignoreTLS: true for the Nodemailer SMTP settings

@mopagemo

This comment has been minimized.

Show comment Hide comment
@mopagemo

mopagemo Feb 19, 2013

This is the setup:

var transport = nodemailer.createTransport("SMTP", {
host: 'xxxx',
auth: {
user: "xxxxxx@xxxxxx",
pass: "xxxxxx"
}
});

My email server requires SSL, so using encryption is fine.

This is the setup:

var transport = nodemailer.createTransport("SMTP", {
host: 'xxxx',
auth: {
user: "xxxxxx@xxxxxx",
pass: "xxxxxx"
}
});

My email server requires SSL, so using encryption is fine.

@andris9

This comment has been minimized.

Show comment Hide comment
@andris9

andris9 Feb 19, 2013

Member

This setup indicates that you are using STARTTLS on port 25. You should try using secure port 465

host: 'xxxx',
port: 465,
secureConnection: true,
auth: ...

or either disable STARTTLS

host: 'xxxx',
ignoreTLS: true
auth: ...
Member

andris9 commented Feb 19, 2013

This setup indicates that you are using STARTTLS on port 25. You should try using secure port 465

host: 'xxxx',
port: 465,
secureConnection: true,
auth: ...

or either disable STARTTLS

host: 'xxxx',
ignoreTLS: true
auth: ...
@mopagemo

This comment has been minimized.

Show comment Hide comment
@mopagemo

mopagemo Feb 19, 2013

Using STARTTLS is what I actually want. Maybe this isn't clear: sending emails is working fine, it's just that it seems to keep the connection open and at some point I get the exception above. It looks like the connection simply times out, the email server closes the connection and the SSL code doesn't handle this correctly.
I suspect somewhere in nodemailer there needs to be a try/catch to avoid this exception, although I have no idea where.

Using STARTTLS is what I actually want. Maybe this isn't clear: sending emails is working fine, it's just that it seems to keep the connection open and at some point I get the exception above. It looks like the connection simply times out, the email server closes the connection and the SSL code doesn't handle this correctly.
I suspect somewhere in nodemailer there needs to be a try/catch to avoid this exception, although I have no idea where.

@andris9

This comment has been minimized.

Show comment Hide comment
@andris9

andris9 Feb 19, 2013

Member

STARTTLS code can be found at https://github.com/andris9/simplesmtp/blob/master/lib/starttls.js and it's based on https://gist.github.com/TooTallNate/848444 I'm not sure what is wrong there

Member

andris9 commented Feb 19, 2013

STARTTLS code can be found at https://github.com/andris9/simplesmtp/blob/master/lib/starttls.js and it's based on https://gist.github.com/TooTallNate/848444 I'm not sure what is wrong there

@mopagemo

This comment has been minimized.

Show comment Hide comment
@mopagemo

mopagemo Feb 19, 2013

I'm starting to think this might be more related to node core. There is a bug report here that might match my problem: joyent/node#4323

Anyways, I added ignoreTLS: true and I'll observe this until tomorrow and report back.

I'm starting to think this might be more related to node core. There is a bug report here that might match my problem: joyent/node#4323

Anyways, I added ignoreTLS: true and I'll observe this until tomorrow and report back.

@mopagemo

This comment has been minimized.

Show comment Hide comment
@mopagemo

mopagemo Feb 20, 2013

ignoreTLS:true solved this problem, cheers!

ignoreTLS:true solved this problem, cheers!

@mopagemo mopagemo closed this Feb 20, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment