search

mattcg / socks5-https-client

SOCKS v5 HTTPS client implementation in JavaScript for Node.js.
186 stars 28 forks source link

SNI does not work with Request #9

Closed alex7kom closed 8 years ago

alex7kom commented 9 years ago

When using with Request a server returns wrong certificate. Pure Request and pure socks5-https-client work just fine, but when used together the result is:

{ [Error: Hostname/IP doesn't match certificate's altnames: "Host: sni.velox.ch. is not in the cert's altnames: DNS:alice.sni.velox.ch, DNS:carol.sni.velox.ch"]
  reason: 'Host: sni.velox.ch. is not in the cert\'s altnames: DNS:alice.sni.velox.ch, DNS:carol.sni.velox.ch',
  host: 'sni.velox.ch.',
  cert:
   { subject:
      { C: 'CH',
        ST: 'Zuerich',
        L: 'Zuerich',
        O: 'Kaspar Brand',
        CN: 'alice.sni.velox.ch' },
     issuer:
      { C: 'BM',
        O: 'QuoVadis Limited',
        CN: 'QuoVadis Global SSL ICA G2' },
     subjectaltname: 'DNS:alice.sni.velox.ch, DNS:carol.sni.velox.ch',
     infoAccess: { 'OCSP - URI': [Object], 'CA Issuers - URI': [Object] },
     modulus: 'E0A67428ADB052989DBE060FBCCD4AB2FE238CE220E29EF459D194B91700302C3F47BACE263D5A59DC78121537BC57A4F9344B5B51BAE4FE340FDB34DA16977F6545DFF61FB5ABE9597B421735D2EEFD397C402D8C0AAA674217BA0E9A0EA059146A89169390F94547717C64B52F8B1B8F24D3B2FE96649EA2D789B9BADF7133619B5A154E3A3A5D2D59E71893FD35FC9118CCF3A570B8656B69A31693117444677A1F7CF67BD28B70A7E0AED37B50967EB06675335A783331E7CDCAE51F49D95BDF454DA25439A602BA3FF177D946F2C9E9A6C76279F6214130D42866E61FE7FAA71A6AE424B0740F9AA8535BA7A84C9EFADB19B4A8E32B3ABB103664CF40B7',
     exponent: '10001',
     valid_from: 'Apr 21 17:30:43 2014 GMT',
     valid_to: 'Apr 21 17:30:42 2017 GMT',
     fingerprint: '41:0E:32:69:8C:CA:A3:C6:F1:F4:BF:DD:28:C5:DE:5C:C2:79:4E:70',
     ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ],
     serialNumber: '398C82B54E24FA61DB9CF244AACDEFD21A0544E2',
     raw: <Buffer 30 82 04 ec 30 82 03 d4 a0 03 02 01 02 02 14 39 8c 82 b5 4e 24 fa 61 db 9c f2 44 aa cd ef d2 1a 05 44 e2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 ... > } }

Test case:

var request = require('request');
var Agent = require('socks5-https-client/lib/Agent');

request({
    url: 'https://sni.velox.ch/',
    strictSSL: true,
    agentClass: Agent,
    agentOptions: {
        socksHost: 'localhost',
        socksPort: 9050
    }
}, function(err, res) {
    console.log(err || res.body);
});
alex7kom commented 9 years ago

However, it works if you manually specify the hostname:

var request = require('request');
var Agent = require('socks5-https-client/lib/Agent');

request({
    url: 'https://sni.velox.ch/',
    strictSSL: true,
    agentClass: Agent,
    agentOptions: {
        socksHost: 'localhost',
        socksPort: 9050,
        hostname: 'sni.velox.ch'
    }
}, function(err, res) {
    console.log(err || res.body);
    console.log(res);
});
mattcg commented 8 years ago

Sorry it's taken me over a year to comment on this, but the latest version of this client (published a few minutes ago) uses an Agent that inherits from https.Agent instead of http.Agent, so SNI should be handled correctly.

alex7kom commented 8 years ago

Yes, it works for me. Thank you!

mattcg commented 8 years ago

Resolved in one and a half years! Thank you for checking 👍