带有 SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE 的 Node.js 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18461979/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Node.js error with SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE
提问by Yaroslav L.
System: Windows 7
系统:Windows 7
NodeJS version: 0.10.2
NodeJS 版本:0.10.2
WS module: ws, last version
WS 模块:ws,最新版本
Error:
错误:
events.js:72
throw er; // Unhandled 'error' event
^
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
at SecurePair. (tls.js:1283:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:896:10)
at CleartextStream.read [as _read] (tls.js:430:15)
at CleartextStream.Readable.read (_stream_readable.js:294:10)
at EncryptedStream.write [as _write] (tls.js:344:25)
at doWrite (_stream_writable.js:211:10)
at writeOrBuffer (_stream_writable.js:201:5)
at EncryptedStream.Writable.write (_stream_writable.js:172:11)
at write (_stream_readable.js:547:24)
Server:
服务器:
(function(){
"use strict";
var fs = require('fs');
// you'll probably load configuration from config
var cfg = {
ssl: true,
port: 8080,
ssl_key: 'crt/server1.key',
ssl_cert: 'crt/server1.crt'
};
var httpServ = require('https')
var WebSocketServer = require('ws').Server;
var app = null;
// dummy request processing
var processRequest = function( req, res ) {
res.writeHead(200);
res.end("All glory to WebSockets!\n");
};
if ( cfg.ssl ) {
app = httpServ.createServer({
// providing server with SSL key/cert
key: fs.readFileSync( cfg.ssl_key ),
cert: fs.readFileSync( cfg.ssl_cert ),
//requestCert: true,
//rejectUnauthorized: false
}, processRequest ).listen( cfg.port );
} else {
app = httpServ.createServer( processRequest ).listen( cfg.port );
}
// passing or reference to web server so WS would knew port and SSL capabilities
var wss = new WebSocketServer( { server: app } );
wss.on( 'connection', function ( wsConnect ) {
wsConnect.on( 'message', function ( message ) {
console.log( message );
});
});
}());
Client:
客户:
var WebSocket = require('ws');
var ws = new WebSocket('wss://localhost:8080');
ws.on('open', function() {
ws.send('something');
});
The certificate confirmed.
证书确认。
Help> please!
帮助>请!
回答by dpjanes
I'm using a package called "superagent" and getting the same error. After trying several potential fixes, I came across this one that works for me 100% of the time:
我正在使用一个名为“superagent”的包并收到相同的错误。在尝试了几个潜在的修复之后,我遇到了这个 100% 对我有用的方法:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
There's no need to do any requires or whatever : just add this to your code before your network calls and you're good to go.
无需做任何要求或其他任何事情:只需在网络调用之前将其添加到您的代码中即可。
回答by philidem
The SSL certificate used by the server in your example is probably not fully trusted by the WebSocket client so NodeJS is throwing an error in its network library on the client-side.
您的示例中服务器使用的 SSL 证书可能不被 WebSocket 客户端完全信任,因此 NodeJS 在客户端的网络库中引发错误。
You need to set rejectUnauthorizedto false(this is an option that most high-level network libraries will allow you to set via an option that gets passed to the lower level NodeJS networking library).
您需要设置rejectUnauthorized为false(这是大多数高级网络库允许您通过传递给低级 NodeJS 网络库的选项设置的选项)。
I skimmed the wsmodule source code and looks like you should try this:
我浏览了ws模块的源代码,看起来你应该试试这个:
var ws = new WebSocket('wss://localhost:8080', null, {rejectUnauthorized: false});
NOTE: rejectUnauthorizedshould only be falseduring testing/development. Production applications should always use rejectUnauthorized: truefor full security.
注意:rejectUnauthorized应该只false在测试/开发期间。生产应用程序应始终rejectUnauthorized: true用于完全安全。
回答by Shrey
If you do not want to disable your security. Add ca: [cert] option in http /socket client options. Where cert is Certificate of server you are connecting to or CA of the server you are connecting to.
如果您不想禁用您的安全。在 http /socket 客户端选项中添加 ca: [cert] 选项。其中 cert 是您要连接的服务器的证书或您要连接的服务器的 CA。
回答by Sharathi RB
回答by Rix
I've encountered a similar problem before, you may try to use
https.globalAgent.options.secureProtocol = 'SSLv3_method'to set SSLv3 connection for https.
我之前也遇到过类似的问题,你可以尝试使用
https.globalAgent.options.secureProtocol = 'SSLv3_method'为https设置SSLv3连接。
