Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--ssl-pass is read as a Buffer but https.createServer needs a string #679

Open
joshlongerbeam opened this issue Oct 28, 2021 · 2 comments
Open

--ssl-pass is read as a Buffer but https.createServer needs a string #679

joshlongerbeam opened this issue Oct 28, 2021 · 2 comments

Comments

@joshlongerbeam
Copy link

joshlongerbeam commented Oct 28, 2021
edited

serve --version: 12.0.1
node --version: 14.18.1
command: serve -s build --ssl-cert ./site-cert.crt --ssl-key ./site-cert.key --ssl-pass ./site-cert-pass.txt

Error

(node:72) UnhandledPromiseRejectionWarning: TypeError: Pass phrase must be a string
    at Object.createSecureContext (_tls_common.js:149:17)
    at Server.setSecureContext (_tls_wrap.js:1331:27)
    at Server (_tls_wrap.js:1186:8)
    at new Server (https.js:70:3)
    at Object.createServer (https.js:106:10)
    at startEndpoint (/root/.npm/_npx/72/lib/node_modules/serve/bin/serve.js:208:11)
    at /root/.npm/_npx/72/lib/node_modules/serve/bin/serve.js:451:3

Reason

serve/bin/serve.js

Line 211 in 30b0673

passphrase: sslPass ? fs.readFileSync(sslPass) : ''

tl;dr: fs.readFileSync, when given no encoding options, returns a Buffer. But https.createServer requires passphrase to be a string.

Node fs 14.x docs

fs.readFileSync(path[, options])

  • path <string> | <Buffer> | <URL> | <integer> filename or file descriptor
  • options <Object> | <string>
    • encoding <string> | <null> Default: null
      ...

If the encoding option is specified then this function returns a string. Otherwise it returns a buffer.

Node tls 14.x docs

Where tls is what is ultimately parses the cert options given to https.createServer

tls.createSecureContext([options])

  • options <Object>
    ...
    • passphrase <string> Shared passphrase used for a single private key and/or a PFX.

Recommendation - Merge #673

serve/bin/serve.js

Line 207 in 7893b3a

sslPass = fs.readFileSync(sslPass, 'utf8').trim();

Suggestions (edit: both already implemented by preceding PR)

  • Interpret the argument as a string, not as a file path 
    passphrase: args['--ssl-pass'] || ''
  • Include an encoding
    • Either default to 'utf8', which is the default encoding for all fs functions that don't default to null 
      passphrase: sslPass ? fs.readFileSync(sslPass, { encoding: 'utf8' }) : ''
// or
passphrase: sslPass ? fs.readFileSync(sslPass, 'utf8') : ''
    • Or add another command-line argument for encoding

Notes

  • Though I link to the 14.x Node docs, the encoding default and passphrase type requirement are the same for all versions since Node 12
@joshlongerbeam joshlongerbeam mentioned this issue Dec 20, 2021
Closed
@joshlongerbeam
Copy link
Author

joshlongerbeam commented Jan 18, 2022
edited

For anyone else stuck on this issue, you can create a decrypted key (removing the need for passphrase) by running

openssl rsa -in keyWithPassphrase.key -out keyWithoutPassphrase.key

and providing the current passphrase when prompted.

Disclaimers: YMMV, you may want dsa command instead of rsa, you can provide passphrase to openssl from file, see -passin in openssl docs

@warren-bank
Copy link

shameless self-promotion alert:
this feature is fixed in my @warren-bank/serve fork of serve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@warren-bank @joshlongerbeam