Weird issue since v4

[ddolcimascolo]

Hi @panva

I have a strange issue since v4. I can't guarantee 100% that it started with v4 but timings match.
We have random errors happening and looking at the stackstrace I can't even narrow where the problem comes from... Random like in:

• Happens "sometimes" but regularly
• Not always on the same Node.js instance
• Not everytime at the same hour of day

Stacktrace

RequestError: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:*.storcloud.org, DNS:storcloud.org
    at ClientRequest.<anonymous> (/home/cmdb/cmdb/node_modules/openid-client/node_modules/got/dist/source/core/index.js:940:25)
    at Object.onceWrapper (events.js:291:20)
    at ClientRequest.emit (events.js:208:15)
    at ClientRequest.EventEmitter.emit (domain.js:471:20)
    at ClientRequest.origin.emit (/home/cmdb/cmdb/node_modules/openid-client/node_modules/@szmarczak/http-timer/dist/source/index.js:39:20)
    at TLSSocket.socketErrorListener (_http_client.js:399:9)
    at TLSSocket.emit (events.js:203:13)
    at TLSSocket.EventEmitter.emit (domain.js:471:20)
    at emitErrorNT (internal/streams/destroy.js:91:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
    at processTicksAndRejections (internal/process/task_queues.js:77:11)
    at Object.checkServerIdentity (tls.js:279:12)
    at TLSSocket.onConnectSecure (_tls_wrap.js:1327:27)
    at TLSSocket.emit (events.js:203:13)
    at TLSSocket.EventEmitter.emit (domain.js:471:20)
    at TLSSocket._finishInit (_tls_wrap.js:792:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:606:12)
 {​​​​  name: 'RequestError',  code: 'ERR_TLS_CERT_ALTNAME_INVALID',  timings: [Object]}​​​​

I understand what the error is about. Some code is doing a request on https://localhost, gets our certificate back during TLS handshake (*.storcloud.org) and fails validating it because the cert isn't valid for localhost.
I don't understand how it can happen, though... No code is targeting localhost on our side, not even redirect uris or the likes...

Any chance you can help us understand what happens by looking at the stacktrace? If not, anything else I can provide to help you troubleshoot the issue?

For now I'll revert the library to the latest v3 and monitor our production instances. I'll let you know if the issue disappears.

Thanks in advance,
Regards,

David

[panva]

Hi David,

Apologies but I don't think i can help with networking level issues. There's nothing in the lib that would call localhost, unless being told to by configured/discovered (hint) endpoints.

[ddolcimascolo]

Hi again,

I'm currently tracking down the problem to the got library that you're using. In v4 you bumped it to v11 and got v10 indeed caused similar troubles to people, with unexpected requests to localhost... See https://github.com/sindresorhus/got/issues?q=127.0.0.1

Apparently this is caused by a messy dependency in my tree that is patching a core node.js function, which still wouldn't explain the randomness of the issue..

I'll keep you, and other users of the library posted.

David

[ddolcimascolo]

Gotcha

$ npm ls agent-base
cmdb@1.0.0 /home/cmdb/cmdb
└─┬ puppeteer-core@1.19.0
  └─┬ https-proxy-agent@2.2.4
    └── agent-base@4.3.0 

See TooTallNate/node-agent-base#35 and puppeteer/puppeteer#5230 for some context. Hope this helps someone in the future !