SSL fails with node 0.10.10

[tmeasday]

I'm opening this here as I'm about to switch Meteorite / Atmosphere to port 80 / no SSL.

Probably not really ideal but there are too many people with problems right now.

It'd be good figure out what the true issue is. I guess it's a problem with either ws or node itself.

When I have a free moment I'll come back and make a reproducible test case.

[Tarang]

I think the issue is the certificate meteor.com uses (and therefore atmosphere.com uses) is not one of those 100% root CA's (AddTrust). I also got the same, its advertised as 99.3%. There are cases openssl won't have this root CA. I ran into this too. If you check out the socket error response it gives something like UNABLE_TO_VERIFY_LEAF_SIGNATURE. On meteorite it just freezes doing nothing because there's no event attached to socket-error.

If that new option, use_ssl_strict is set to false it shouldn't do this anymore. Hopefully this would close this issue. The other option would be to add in the root ca manually.

[jagill]

We had this issue as well, for connecting to our servers. The ultimate problem was that while we had installed the SSL cert, we had not correctly chained them with the intermediate certs. After fixing that, the problem went away (and our server did https more correctly, which solved other bugs!). Node 0.8.x did not check for these issues, which is why it worked in that case. Useful tools in debugging this were the site https://www.ssllabs.com/ssltest/analyze.html , and the openssl command line tool:

openssl s_client -showcerts -connect YOUR.SERVER.COM:443

It looks like there are no current chain issues, tho -- does this bug still occur? If so, maybe it's another misconfiguration?

[emgee3]

With the switch to faye-websockets we lost the use_ssl_strict option. Anyone still having this issue can open a new issue, but I'm closing this as it's had no love recently.