Skip to content

Rework cert detection a bit #1532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 28, 2018
Merged

Rework cert detection a bit #1532

merged 1 commit into from
Oct 28, 2018

Conversation

Martii
Copy link
Member

@Martii Martii commented Oct 28, 2018

  • This is a WIP... so there might be an error thrown when running on actual pro (hopefully not)... working on it now, so possible downtime expectation perhaps. Works on local pro so far.
  • Check for backup alternate keys
  • Ensure keys are in UTF-8

@Martii
Rework cert detection a bit
79cf4b0 
* This is a WIP... so there might be an error thrown when running on actual pro *(hopefully not)*... working on it now, so possible downtime expectation perhaps. Works on local pro so far.
* Check for backup alternate keys
* Ensure keys are in UTF-8
@Martii Martii added migration Use this to indicate that it may apply to an existing or announced migration. CODE Some other Code related issue and it should clearly describe what it is affecting in a comment. labels Oct 28, 2018
@Martii Martii merged commit 586dfe9 into OpenUserJS:master Oct 28, 2018
@Martii Martii deleted the isSecure branch October 28, 2018 02:20
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Oct 28, 2018
@Martii
Fix filename on last commit
d48632e 
Post OpenUserJS#1532
@Martii Martii mentioned this pull request Oct 28, 2018
Merged
Martii added a commit that referenced this pull request Oct 28, 2018
@Martii
Fix filename on last commit (#1533)
1dd3737 
Post #1532 

Auto-merge
@Martii
Copy link
Member Author

Martii commented Oct 28, 2018
edited
Loading

Retested this with last years (2017) certs and it produces a general failure on actual expired certs:

$ node app.js
Starting application...
_tls_common.js:134
      c.context.setKey(key, passphrase);
                ^

Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    at Object.createSecureContext (_tls_common.js:134:17)
    at Server (_tls_wrap.js:868:27)
    at new Server (https.js:62:14)
    at Object.createServer (https.js:84:10)
    at Object.<anonymous> (~/OpenUserJS.org1/app.js:303:24)
    at Module._compile (internal/modules/cjs/loader.js:688:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:699:10)
    at Module.load (internal/modules/cjs/loader.js:598:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
    at Function.Module._load (internal/modules/cjs/loader.js:529:3)
    at Function.Module.runMain (internal/modules/cjs/loader.js:741:12)
    at startup (internal/bootstrap/node.js:285:19)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:739:3

e.g. if they expire it will currently, constantly, trip the server with this message with process manager (pm). May need a try...catch in there ... however pm won't know any different... renamed pub key to something else and it did run the server however not reachable through the browser. e.g. didn't trip the server but not accessible still. Will reconfirm this with 2018's certs in a few weeks.

Refs:

Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Oct 28, 2018
@Martii
More graceful failure for expired certs
8be2ae3 
* Relax `isPro` requirement in a few areas and rely upon `isSecured` as primary test condition
* Trap TLS failure if certs are already expired
* Change some verbiage so we know which routine tripped it. e.g. `...ing` vs `...ed`. This routine didn't work last time however things are of course different this year. This use case is finite to detect.

Post OpenUserJS#1532 OpenUserJS#1533 and OpenUserJS#37
@Martii Martii mentioned this pull request Oct 28, 2018
Merged
Martii added a commit that referenced this pull request Oct 28, 2018
@Martii
More graceful failure for expired certs (#1534)
717a2f2 
* Relax `isPro` requirement in a few areas and rely upon `isSecured` as primary test condition
* Trap TLS failure if certs are already expired
* Change some verbiage so we know which routine tripped it. e.g. `...ing` vs `...ed`. This routine didn't work last time however things are of course different this year. This use case is finite to detect.

Post #1532 #1533 and #37

Auto-merge
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
CODE Some other Code related issue and it should clearly describe what it is affecting in a comment. migration Use this to indicate that it may apply to an existing or announced migration.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Martii