0

At a high level, I am trying to use Quota Guard Static to talk to an IP limited API from a Heroku app from a node.js application. The API has its own node.js client implementation, but underneath the covers it's just an HTTP[S] api. The library uses superagent and superagent-proxy underneath the covers to do the actual HTTP[S] requests.

In node 0.10, all worked fine. In node 0.12, I see errors like:

Error: write EPROTO 140735203734288:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:782:
    at exports._errnoException (util.js:746:11)
    at WriteWrap.afterWrite (net.js:775:14)

In io.js 2.02 I see:

Error: write EPROTO    at Object.exports._errnoException (util.js:844:11)

I tried globally using SSLv3 as shown in this answer, but it seemed to have no effect.

The proxy url is specified as an http URL with port 9293. This answer suggested using port 443, but since the proxy provider is external to me, I cannot change it.

How might I get the proxied request to work in node 0.12?

Anton I. Sipos
  • 3,493
  • 3
  • 27
  • 26
  • The service running on port 9293 is not SSL. Client hello is responded with some other data and not Server Hello. Hence the error you see. – Prabhu May 21 '15 at 04:17
  • The proxy is both an HTTP and HTTPS proxy. It runs on port 9293, and is run by an external service, so I cannot change it. The same code ran fine on node 0.10, but doesn't work in node 0.12 or io 2.02 – Anton I. Sipos May 21 '15 at 06:21

1 Answers1

2

Tim here from QuotaGuard. This seems to be an issue manifesting itself in the https-proxy-agent used by superagent-proxy for HTTPS requests causing the request to be made to the secure endpoint on the wrong port.

This is a simple example that should connect to Google on port 443.

var url = require('url');
var https = require('https');
var HttpsProxyAgent = require('https-proxy-agent');

// HTTP/HTTPS proxy to connect to
var proxy = process.env.QUOTAGUARDSTATIC_URL;
console.log('using proxy server %j', proxy);

// HTTPS endpoint for the proxy to connect to
var endpoint = process.argv[2] || 'https://www.google.com/';
console.log('attempting to GET %j', endpoint);
var opts = url.parse(endpoint);

// create an instance of the `HttpsProxyAgent` class with the proxy server information
var agent = new HttpsProxyAgent(proxy);
opts.agent = agent;
https.get(opts, function (res) {
  console.log('"response" event!', res.headers);
  res.pipe(process.stdout);
});

The actual request is being made on port 80 so Google is rejecting it. Here are the HTTP headers:

["Proxy-Authorization: Basic Xgat28sa78saBZZ \r\n", "Host: www.google.com:80\r\n", "Connection: close\r\n"]

The same example on a patched version correctly connects to port 443 and works:

https://github.com/TooTallNate/node-https-proxy-agent/compare/master...timrwilliams:master

I suspect something has changed upstream which is causing the wrong port to be passed to https-proxy-agent but this type of problem is more appropriately discussed on Github issues.

A quick fix would be switching to use the request library instead:

var request = require('request');

var options = {
    proxy: process.env.QUOTAGUARDSTATIC_URL,
    url: 'https://www.google.com/',
    headers: {
        'User-Agent': 'node.js'
    }
};

function callback(error, response, body) {
    if (!error && response.statusCode == 200) {
        console.log(body);
    }
}

request(options, callback);
Tim Williams
  • 318
  • 2
  • 6