Nodejs v0.10.x (freebsd) “X509_STORE_add_cert:cert already in hash table" [英] Nodejs v0.10.x (freebsd) "X509_STORE_add_cert:cert already in hash table"
问题描述
我正在使用异步 Web api,但 nodejs 版本高于 v0.8.9 时遇到问题
I'm work with async web api and have a problem in nodejs version higer than v0.8.9
$ unname -aFreeBSD home 9.1-STABLE FreeBSD 9.1-STABLE #0:EET 2013 年 2 月 1 日星期五 10:38:27 root@home:/usr/obj/usr/src/sys/HOME amd64
$ uname -a FreeBSD home 9.1-STABLE FreeBSD 9.1-STABLE #0: Fri Feb 1 10:38:27 EET 2013 root@home:/usr/obj/usr/src/sys/HOME amd64
$节点-vv0.10.0
$ node -v v0.10.0
$节点./client.js
$ node ./client.js
events.js:72
throw er; // Unhandled 'error' event
^
Error: 34401711104:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table:../deps/openssl/openssl/crypto/x509/x509_lu.c:357:
34401711104:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table:../deps/openssl/openssl/crypto/x509/x509_lu.c:357:
at SlabBuffer.use (tls.js:221:18)
at CleartextStream.read [as _read] (tls.js:408:29)
at CleartextStream.Readable.read (_stream_readable.js:293:10)
at tls.js:465:12
at process._tickCallback (node.js:415:13)
代码(client.js):
Code (client.js):
var fs = require('fs');
var https = require('https');
var agent = require('agent').agent;
var config={
host: 'sample.host.com',
port: 443,
path: '/worker.do',
pfx: fs.readFileSync('./client.pfx'),
passphrase: "passwordHere"
};
config.agent = new https.Agent({
pfx: config.pfx,
passphrase: config.passphrase
});
agent.config=config;
agent.makeRequest([{request:"search",query:"*"}],function(data){
if(!data.success){
console.log(data.error);
return;
}
var items=[];
for(var item in data.data){
items.push(data.data[item][0]);
}
agent.makeRequest([{"request":"update","group":true,"arr":JSON.stringify(items)}],function(data){
if(!data.success){
console.log(data.error);
return;
}
console.log('Done: '+data.result);
});
});
代码(agent.js):
Code (agent.js):
var https = require('https');
var agent={
config: {},
getId: function() {
return this.id || (this.id = new Date().getTime());
},
makeRequest: function(params,callback){
var options = {
host: this.config.host,
port: this.config.port,
path: '/worker.do',
method: 'POST',
agent: this.config.agent
};
var that=this;
var req = https.request(options, function(res) {
if(res.statusCode!='200'){
callback({
success: false,
error: res.statusCode
});
return;
}
var body='';
res.on('data', function(data) {
body+=data.toString();
});
res.on('end', function(){
try {
body=JSON.parse(body);
} catch(e) {
callback({
success: false,
error: '[makeRequest] Cant parse body: '+body
});
}
var reqId=body[0];
that.getContent(reqId,callback);
});
});
req.on('error', function(e) {
callback({
success: false,
error: e
});
});
req.end(JSON.stringify(params)+'
');
},
getContent: function(reqId,callback){
var options = {
path: '/worker.do?_dc='+this.getId(),
method: 'GET',
host: this.config.host,
port: this.config.port,
agent: this.config.agent
};
var req = https.request(options, function(res) {
if(res.statusCode!='200'){
callback({
success: false,
error: res.statusCode
});
return;
}
var body='';
res.on('data', function(data) {
body+=data.toString();
});
res.on('end', function(){
try {
body=JSON.parse(body);
} catch(e) {
callback({
success: false,
error: '[getContent] Cant parse body: '+body
});
}
callback(body[reqId]);
});
});
req.on('error', function(e) {
callback({
success: false,
error: e
});
});
req.end();
}
}
exports.agent=agent;
在 nodejs v0.6.x 和 v0.8.x 上运行完美.在 v0.10.x 上——失败.请帮忙找出问题.
On nodejs v0.6.x and v0.8.x it works perfect. On v0.10.x -- fail. Please help to find the problem.
推荐答案
解决方案是隔离您的 PEM 并将它们一个一个添加回来,而不是作为一个捆绑包.在最低的叶子,然后是父节点,然后是父节点,等等,每次都测试.
The solution is to isolate your PEMs and add them back one by one, not as a bundle. At the lowest leaf, then the parent, then the parent, etc and test each time.
参见 https://github.com/iojs/io.js/issues/712
我认为这一定是 node.js/io.js 内部的一个错误,其中重复的证书在第一次使用时没有被检查.
I'm thinking this must be a bug in the internals of node.js / io.js where duplicate certs aren't checked the very first time they're used.
奇怪的是,将证书添加到特定 https 服务器实例的链中可能会导致不相关的 https 请求(应该使用默认链,与 https 服务器无关).
What's odd is that adding a cert to the chain for a specific https server instance can cause an unrelated https request (which should be using the default chain, not anything to do with the https server).
这篇关于Nodejs v0.10.x (freebsd) “X509_STORE_add_cert:cert already in hash table"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!