Skip to content

Error: ../deps/openssl/openssl/ssl/s3_pkt.c:1293:SSL alert number 48 #477

Closed
Closed
Error: ../deps/openssl/openssl/ssl/s3_pkt.c:1293:SSL alert number 48#477
@jeremykentbgross

Description

@jeremykentbgross
jeremykentbgross
opened on Mar 26, 2015

To get the title error message:

Reproduction Steps:

  1. create a secure websocket from https server with pem generated certificates and no crt
  2. connect with chrome, when you see "The site's security certificate is not trusted!" click "Proceed anyway"
  3. connect with firefox, note that as soon as firefox displays the "This Connection is Untrusted", chrome instance(s) websockets is/are instantly disconnected
  4. myWebSocket.on('error', ...); shows nothing, but myWebSocket._socket.on('error', ...); displays the following error message:

Error: 140579907696448:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/s3_pkt.c:1293:SSL alert number 48

Note this does not happen the other way around (ie with chrome booting firefox instances from the server). Most likely something about firefox client certificates when the server has no crt on https are causing openssl to choke. This does not happen with http and insecure websockets.

Final notes:

  1. I suspect this is likely a bug in node, not ws, but I figure only your team is qualified to pass this bug on to the node team after verifying this isn't a problem in ws.js.

  2. It was also an annoyance that initially no error message was generated from wsjs when the websockets were inexplicably disconnected. In was only listening to the base socket in the websocket that displayed this error. While most low level errors are perhaps more than your library should pass through to the user, perhaps lower level errors that cause disconnects should be passed through.

  3. Node Version:

console.log("All System Versions:\n" + JSON.stringify(process.versions, null, '\t') + "\n");
{
"http_parser": "2.3",
"node": "0.12.0",
"v8": "3.28.73",
"uv": "1.0.2",
"zlib": "1.2.8",
"modules": "14",
"openssl": "1.0.1l"
}

  1. Related package.json versions:
    "ws" : "0.7.1"
    "pem": "1.7.2"

  2. OS version:

cat /etc/*-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
NAME="Ubuntu"
VERSION="12.04.4 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.4 LTS)"
VERSION_ID="12.04"

  1. OpenSSL version:

dpkg -s openSSL
Package: openssl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 901
Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com
Architecture: amd64
Version: 1.0.1-4ubuntu5.12
Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1)
Suggests: ca-certificates
Conffiles:
/etc/ssl/openssl.cnf ce31ab5015842bf7c2939514a634e0e4
Description: Secure Socket Layer (SSL) binary and related cryptographic tools
This package contains the openssl binary and related tools.
.
It is part of the OpenSSL implementation of SSL.
.
You need it to perform certain cryptographic actions like:

  • Creation of RSA, DH and DSA key parameters;
  • Creation of X.509 certificates, CSRs and CRLs;
  • Calculation of message digests;
  • Encryption and decryption with ciphers;
  • SSL/TLS client and server tests;
  • Handling of S/MIME signed or encrypted mail.
    Original-Maintainer: Debian OpenSSL Team pkg-openssl-devel@lists.alioth.debian.org

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions