Node.js + Socket.IO + SSL = Not Working on Leopard (10.5 - 10.5.8) Clients
1,101 views
Skip to first unread message
Jeff
Feb 20, 2012, 12:45:15 PM2/20/12
to Socket.IO
Hey everyone,
I have a Node.js + Socket.IO web app. I just rolled out SSL support
about a week or so ago, and in the last few days, started forcing all
of my clients to use it.
Everything has been going great, except some of my clients using older
versions of Mac OS X Leopard (10.5 - 10.5.8) are getting "Uncaught
ReferenceError: Socket is not defined" and "Uncaught ReferenceError:
io is not defined" errors.
Their user agent strings were:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.11
(KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:9.0.1) Gecko/20100101
Firefox/9.0.1
SSL works beautifully for everyone else.
Any idea what might cause this?
I have a Node.js + Socket.IO web app. I just rolled out SSL support
about a week or so ago, and in the last few days, started forcing all
of my clients to use it.
Everything has been going great, except some of my clients using older
versions of Mac OS X Leopard (10.5 - 10.5.8) are getting "Uncaught
ReferenceError: Socket is not defined" and "Uncaught ReferenceError:
io is not defined" errors.
Their user agent strings were:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.11
(KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:9.0.1) Gecko/20100101
Firefox/9.0.1
SSL works beautifully for everyone else.
Any idea what might cause this?
Jose Luis Rivas
Feb 20, 2012, 1:54:32 PM2/20/12
to sock...@googlegroups.com
those browsers do not accept loading documents from URIs not
SSL-protected. There are browser settings that allow this kind of stuff
for security measures.
If that's the case you just need to make all requests SSL.
--
Jose Luis Rivas, Web Builder
Eserre -- http://www.eserre.com/
Venezuela - GPGs: 7C4DF50D B9AC8C43
Jeff
Feb 20, 2012, 5:42:03 PM2/20/12
to Socket.IO
Everything is encrypted using SSL, from the HTML served, to the
Node.js/Socket.IO chatter, to the socket.io.js file served.
Any other ideas? It's odd that it only affects Leopard users...
> Eserre --http://www.eserre.com/
Node.js/Socket.IO chatter, to the socket.io.js file served.
Any other ideas? It's odd that it only affects Leopard users...
Ryan Gahl
Feb 21, 2012, 12:42:53 PM2/21/12
to Socket.IO
We ran into a few glitches like this recently, and the solution was
(for us anyway) that you need to make damn sure your TLS options for
the socket.io shim https server are exactly the same as your main
https server instance. In our case, we had missed the CAs in the
socket.io shim. Different browsers have different levels of strictness
about this (most others were fine to allow the slightly-less-verified
cert). Once we made sure the CAs were properly applied to both https
servers (i.e. TLS options match exactly), stuff was happy again.
(for us anyway) that you need to make damn sure your TLS options for
the socket.io shim https server are exactly the same as your main
https server instance. In our case, we had missed the CAs in the
socket.io shim. Different browsers have different levels of strictness
about this (most others were fine to allow the slightly-less-verified
cert). Once we made sure the CAs were properly applied to both https
servers (i.e. TLS options match exactly), stuff was happy again.
Jeff
Feb 21, 2012, 9:22:20 PM2/21/12
to Socket.IO
That's totally it! Thank you!
For others with a similar problem, I got my SSL certificate from
Namecheap (PositiveSSL/Comodo) and my code looked like this:
HTTPS_Options={
key: FS.readFileSync('/path/to/.key'),
cert: FS.readFileSync('/path/to.crt')
};
but should have looked like this:
HTTPS_Options={
key: FS.readFileSync('/path/to/.key'),
cert: FS.readFileSync('/path/to.crt'),
ca: FS.readFileSync('/path/to.ca-bundle')
};
Adding the .ca-bundle file fixed the issue.
Thanks!
For others with a similar problem, I got my SSL certificate from
Namecheap (PositiveSSL/Comodo) and my code looked like this:
HTTPS_Options={
key: FS.readFileSync('/path/to/.key'),
cert: FS.readFileSync('/path/to.crt')
};
but should have looked like this:
HTTPS_Options={
key: FS.readFileSync('/path/to/.key'),
cert: FS.readFileSync('/path/to.crt'),
ca: FS.readFileSync('/path/to.ca-bundle')
};
Adding the .ca-bundle file fixed the issue.
Thanks!
Reply all
Reply to author
Forward
0 new messages