Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

tls.checkServerIdentity throws TypeError: Cannot read property 'CN' of undefined (tls.js:182:37) #9272

Closed
andiby opened this issue Feb 23, 2015 · 3 comments
Assignees
Labels

Comments

@andiby
Copy link

andiby commented Feb 23, 2015

I have a script that connects to my FTPS server (vsftpd) with a valid TLS certificate.
This script was running with node 0.10.x, but with node 0.12.0 it throws the exception:

tls.js:182
      var commonNames = cert.subject.CN;
                                    ^
TypeError: Cannot read property 'CN' of undefined
    at Object.checkServerIdentity (tls.js:182:37)
    at TLSSocket.<anonymous> (_tls_wrap.js:932:31)
    at TLSSocket.emit (events.js:104:17)
    at TLSSocket._finishInit (_tls_wrap.js:458:8)

My debugging showed me that cert is an empty object.
This object comes from _tls_wrap.js - getPeerCertificate().
The documentation says: "If the peer does not provide a certificate, it returns null or an empty object."
So checkServerIdentity should check if cert has a cert.subject instead of throwing this exception.
And I do not know why cert is an empty object because there should be a valid certificate.

@jasnell
Copy link
Member

jasnell commented Mar 4, 2015

Agreed on the point that the code ought to be checking cert.subject.

@jasnell jasnell self-assigned this Mar 4, 2015
@jasnell jasnell added the tls label Jun 25, 2015
@anweiss
Copy link

anweiss commented Jul 27, 2015

Any updates on this issue?

@jonathanong
Copy link

seeing the same issue. should we reopen in the io.js or node.js-convergence repos?

avwo pushed a commit to avwo/whistle that referenced this issue Aug 6, 2015
avwo pushed a commit to avwo/whistle that referenced this issue Aug 6, 2015
mike-zorn pushed a commit to mike-zorn/io.js that referenced this issue Aug 10, 2015
This resolves nodejs/node-v0.x-archive#9272. `tlsSocket.getPeerCertificate` will
return an empty object when the peer does not provide a certificate,
but, prior to this, when the certificate is empty, `checkServerIdentity`
would throw because the `subject` wasn't present on the cert.
`checkServerIdentity` must return an error, not throw one, so this
returns an error when the cert is empty instead of throwing
a `TypeError`.
rvagg pushed a commit to nodejs/node that referenced this issue Aug 21, 2015
This resolves nodejs/node-v0.x-archive#9272. `tlsSocket.getPeerCertificate` will
return an empty object when the peer does not provide a certificate,
but, prior to this, when the certificate is empty, `checkServerIdentity`
would throw because the `subject` wasn't present on the cert.
`checkServerIdentity` must return an error, not throw one, so this
returns an error when the cert is empty instead of throwing
a `TypeError`.

PR-URL: #2343
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants