Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Randomly having "Error: Client network socket disconnected before secure TLS connection was established" #65

Open
kopax opened this issue Jun 1, 2018 · 3 comments
Open

[Bug] Randomly having "Error: Client network socket disconnected before secure TLS connection was established" #65

kopax opened this issue Jun 1, 2018 · 3 comments

Comments

@kopax
Copy link

kopax commented Jun 1, 2018
edited
Loading

description

We are using:

  • verdaccio@3.0.2 within docker
  • verdaccio-ldap@2.0.0 that include ldap-fork@4.0.2
  • openldap@2.4.44 within docker

We have GItLab-CI runner that run npm install --registry https://our.registry.com for the project.

relevant log

I can connect repetitively multiple time to the LDAP, until:

In node 10.1.0

http <-- 200, user: me(172.18.0.1 via 172.16.14.10), req: 'GET /node-int64', bytes: 0/2481
 http --> 304, req: 'GET https://registry.npmjs.org/multicast-dns-service-types' (streaming)
 http --> 304, req: 'GET https://registry.npmjs.org/multicast-dns-service-types', bytes: 0/0
 debug--- connected after 1 attempt(s)
 debug--- connected after 1 attempt(s)
 debug--- connected after 1 attempt(s)
 debug--- failed to connect after 1 attempts
 fatal--- uncaught exception, please report this
Error: Client network socket disconnected before secure TLS connection was established
    at TLSSocket.onConnectEnd (_tls_wrap.js:1092:19)
    at Object.onceWrapper (events.js:273:13)
    at TLSSocket.emit (events.js:187:15)
    at endReadableNT (_stream_readable.js:1086:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)

In node 8.11.2

 info --> making request: 'GET https://registry.npmjs.org/array-unique'
 debug--- connected after 1 attempt(s)
 debug--- connected after 1 attempt(s)
 fatal--- uncaught exception, please report this
TypeError: (groups || []).concat is not a function
    at authenticatedUser (/usr/local/lib/node_modules/verdaccio/build/lib/auth.js:372:32)
    at /usr/local/lib/node_modules/verdaccio/build/lib/auth.js:105:26
    at sendResult (/usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1395:12)
    at messageCallback (/usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1421:16)
    at /usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1282:14
    at Array.forEach (<anonymous>)
    at Client._onClose (/usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1272:19)
    at Object.onceWrapper (events.js:272:13)
    at TLSSocket.emit (events.js:180:13)
    at _handle.close (net.js:541:12)
    at TCP.done [as _onclose] (_tls_wrap.js:379:7)

related sources

We can connect repetitively to the LDAP but then this error happens and prevent us totally from using our verdaccio registry.

Is there a way to prevent such bug ? The verdaccio-ldap plugin is not supporting starttls, using starttls ,
@miaoihan
Copy link

I got the same problem

@South-Paw South-Paw mentioned this issue Jun 27, 2018
Closed
@maxime-beguin
Copy link

I got the same problem using version 2.1.4 of passport-ldapauth package which uses node-ldapauth-fork version 4.3.2.

passport-ldapauth creates a new LdapAuth with starttls option and immediately call LdapAuth.prototype.authenticate (here).

It seems calling authenticate before node-ldapauth-fork has received the validation that the connection has been secured by ldapjs is also causing the error "Client network socket disconnected before secure TLS connection was established".

Maybe node-ldapauth-fork should not try to use any LDAP client before the connection has been secured while option starttls is set.

What do you think? Am I missing the point completely?

maxime-beguin added a commit to veo-labs/openveo-api that referenced this issue Apr 29, 2020
@maxime-beguin
passport: add support for LDAP STARTTLS
c160f2a 
LDAP STARTTLS secures LDAP connection using LDAP
standard protocol and port instead of LDAPS which
is not part of the standard and is deprecated.

Unfortunately it actually doesn't work with
passport-ldapauth due to sub-dependency
ldapauth-fork which doesn't wait for the
connection to be secured before trying to
authenticate (see Github issue:
vesse/node-ldapauth-fork#65
for more details).
YuJin44 added a commit to YuJin44/node-ldapauth-fork that referenced this issue Mar 23, 2024
@YuJin44
fix starttls bug
7512df7 
vesse#65
@YuJin44 YuJin44 mentioned this issue Mar 23, 2024
Open
@YuJin44
Copy link

YuJin44 commented Mar 23, 2024
edited
Loading

Hi, my colleague and me have found a fix for this bug. We tried to fix it as little invasive as possible. I have created a pull request, with this fix it is not needed to change anything in the function calls, so packages which depend on this one will not have to change their code, just update the version as soon as this merge request gets accepted and new version released.

YuJin44 added a commit to YuJin44/node-ldapauth-fork that referenced this issue Mar 24, 2024
@YuJin44
fix starttls bug
fa94b34 
vesse#65
YuJin44 added a commit to YuJin44/node-ldapauth-fork that referenced this issue Mar 24, 2024
@YuJin44
fix starttls bug
389424a 
vesse#65

Revert "fix starttls bug"

This reverts commit 7512df7.

fix starttls bug
vesse#65
YuJin44 added a commit to YuJin44/node-ldapauth-fork that referenced this issue Mar 24, 2024
@YuJin44
fix starttls bug
357a02b 
vesse#65
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kopax @miaoihan @maxime-beguin @YuJin44