Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Error: Expired certificate causes untrappable error / breaks NodeJS. (Fix included)
See original GitHub issueUsing NodeJS 10.13 and LDAPjs 2.0.0-pre.5, when connecting to an LDAP server with a TLS SSL certificate that has expired an error occurs that cannot be handled or trapped via catch error handling in NodeJS. The fatal error that occurs is as follows:
Error: certificate has expired
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
at TLSSocket.emit (events.js:198:13)
at TLSSocket.EventEmitter.emit (domain.js:448:20)
at TLSSocket._finishInit (_tls_wrap.js:633:8)
Emitted 'error' event at:
at Backoff.<anonymous> (...\node_modules\ldapjs\lib\client\client.js:1020:12)
at Backoff.emit (events.js:198:13)
at Backoff.EventEmitter.emit (domain.js:448:20)
at Backoff.backoff (...\node_modules\backoff\lib\backoff.js:41:14)
at ...\node_modules\ldapjs\lib\client\client.js:1002:15
at f (...\node_modules\once\once.js:25:25)
at TLSSocket.onResult (...\node_modules\ldapjs\lib\client\client.js:804:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)
at TLSSocket.EventEmitter.emit (domain.js:448:20)
I was able to solve the issue by adding the following to client.js starting at lines 1006:
retry.on('fail', function (err) {
if (self.destroyed) {
// Silence any connect/setup errors if destroyed
return
}
self.log.debug('failed to connect after %d attempts', failAfter)
// Communicate the last-encountered error
if (err instanceof ConnectionError) {
self.emit('connectTimeout', err)
} else if (err.code === 'ECONNREFUSED') {
self.emit('connectRefused', err)
} else if (err.code === 'CERT_HAS_EXPIRED' || err.code === 'UNABLE_TO_VERIFY_LEAF_SIGNATURE') { // <-- THIS FIXED EXPIRED CERT ERROR
self.emit('connectError', err)
} else {
self.emit('error', err)
}
})
The specific change that was added was:
} else if (err.code === 'CERT_HAS_EXPIRED' || err.code === 'UNABLE_TO_VERIFY_LEAF_SIGNATURE') {
self.emit('connectError', err)
Any variation of the above did not work for me, as this change worked perfectly. Please merge this fix to future updates. (I did not create a pull request but wanted to provide an important fix for the benefit of all users of this important library).
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thank you all for the feedback and assistance. I can confirm this resolves this issue. Interesting fact: I was listening for
connectErrorwhich explains why I was not trapping the certificate expiration error, rather than the genericerror. Listening for both types should resolve most if not all errors that may occur during client creation.Why not submit a PR?