Nodejs v0.10.x (freebsd) “X509_STORE_add_cert:cert already in hash table" [英] Nodejs v0.10.x (freebsd) "X509_STORE_add_cert:cert already in hash table"

问题描述

我正在使用异步 Web api，但 nodejs 版本高于 v0.8.9 时遇到问题

I'm work with async web api and have a problem in nodejs version higer than v0.8.9

$ unname -aFreeBSD home 9.1-STABLE FreeBSD 9.1-STABLE #0:EET 2013 年 2 月 1 日星期五 10:38:27 root@home:/usr/obj/usr/src/sys/HOME amd64

$ uname -a FreeBSD home 9.1-STABLE FreeBSD 9.1-STABLE #0: Fri Feb 1 10:38:27 EET 2013 root@home:/usr/obj/usr/src/sys/HOME amd64

$节点-vv0.10.0

$ node -v v0.10.0

$节点./client.js

$ node ./client.js

    events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: 34401711104:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table:../deps/openssl/openssl/crypto/x509/x509_lu.c:357:
34401711104:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table:../deps/openssl/openssl/crypto/x509/x509_lu.c:357:

    at SlabBuffer.use (tls.js:221:18)
    at CleartextStream.read [as _read] (tls.js:408:29)
    at CleartextStream.Readable.read (_stream_readable.js:293:10)
    at tls.js:465:12
    at process._tickCallback (node.js:415:13)

代码(client.js):

Code (client.js):

var fs = require('fs');
var https = require('https');
var agent = require('agent').agent;

var config={
    host:           'sample.host.com',
    port:           443,
    path:           '/worker.do',
    pfx:            fs.readFileSync('./client.pfx'),
    passphrase:     "passwordHere"
};

config.agent = new https.Agent({
    pfx: config.pfx,
    passphrase: config.passphrase
});

agent.config=config;

agent.makeRequest([{request:"search",query:"*"}],function(data){
    if(!data.success){
        console.log(data.error);
        return;
    }

    var items=[];

    for(var item in data.data){
        items.push(data.data[item][0]);
    }

    agent.makeRequest([{"request":"update","group":true,"arr":JSON.stringify(items)}],function(data){
        if(!data.success){
            console.log(data.error);
            return;
        }

        console.log('Done: '+data.result);
    });

}); 

代码(agent.js):

Code (agent.js):

var https = require('https');

var agent={
    config: {},
    getId: function() {
        return this.id || (this.id = new Date().getTime());
    },
    makeRequest: function(params,callback){
        var options = {
            host: this.config.host,
            port: this.config.port,
            path: '/worker.do',
            method: 'POST',
            agent: this.config.agent
        };

        var that=this;
        var req = https.request(options, function(res) {
            if(res.statusCode!='200'){
                callback({
                    success:    false,
                    error:      res.statusCode
                });
                return;
            }

            var body='';
            res.on('data', function(data) {
                body+=data.toString();
            });

            res.on('end', function(){
                try {
                    body=JSON.parse(body);
                } catch(e) {
                    callback({
                        success:    false,
                        error:      '[makeRequest] Cant parse body: '+body
                    });
                }

                var reqId=body[0];
                that.getContent(reqId,callback);
            });
        });

        req.on('error', function(e) {
            callback({
                success:    false,
                error:      e
            });
        });

        req.end(JSON.stringify(params)+'

');
    },

    getContent: function(reqId,callback){
        var options = {
            path: '/worker.do?_dc='+this.getId(),
            method: 'GET',
            host: this.config.host,
            port: this.config.port,
            agent: this.config.agent
        };

        var req = https.request(options, function(res) {
            if(res.statusCode!='200'){
                callback({
                    success:    false,
                    error:      res.statusCode
                });
                return;
            }

            var body='';
            res.on('data', function(data) {
                body+=data.toString();
            });

            res.on('end', function(){
                try {
                    body=JSON.parse(body);
                } catch(e) {
                    callback({
                        success:    false,
                        error:      '[getContent] Cant parse body: '+body
                    });
                }           

                callback(body[reqId]);
            });
        });

        req.on('error', function(e) {
            callback({
                success:    false,
                error:      e
            });
        });

        req.end();

    }
}

exports.agent=agent;

在 nodejs v0.6.x 和 v0.8.x 上运行完美.在 v0.10.x 上——失败.请帮忙找出问题.

On nodejs v0.6.x and v0.8.x it works perfect. On v0.10.x -- fail. Please help to find the problem.

推荐答案

解决方案是隔离您的 PEM 并将它们一个一个添加回来，而不是作为一个捆绑包.在最低的叶子，然后是父节点，然后是父节点，等等，每次都测试.

The solution is to isolate your PEMs and add them back one by one, not as a bundle. At the lowest leaf, then the parent, then the parent, etc and test each time.

参见 https://github.com/iojs/io.js/issues/712

我认为这一定是 node.js/io.js 内部的一个错误，其中重复的证书在第一次使用时没有被检查.

I'm thinking this must be a bug in the internals of node.js / io.js where duplicate certs aren't checked the very first time they're used.

奇怪的是，将证书添加到特定 https 服务器实例的链中可能会导致不相关的 https 请求(应该使用默认链，与 https 服务器无关).

What's odd is that adding a cert to the chain for a specific https server instance can cause an unrelated https request (which should be using the default chain, not anything to do with the https server).

这篇关于Nodejs v0.10.x (freebsd) “X509_STORE_add_cert:cert already in hash table"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！