Sunday, April 15, 2012

Express-Spdy on Old OpenSSL

‹prev | My Chain | next›

Last night, I got express-spdy working out of the box on Ubuntu 12.04 in 5 easy steps. It worked so well that I wonder if something in node.js is making this so easy or if it really was Ubuntu 12.04.

So, on an old Ubuntu 10.04 box, I:
  1. install node.js v0.6.15
  2. Install the generator: $ npm install -g express-spdy
  3. Generate a test server: $ express-spdy expess-spdy-test
  4. Install the modules necessary for the test server:$ cd expess-spdy-test && npm install
  5. Fire up the server: $ node app
When I access the site, nothing happens—the site never returns.

Watching the conversation in Wireshark, I note that there is, indeed, no NPN (next protocol negotiation) taking place in the server hello portion of the SSL handshake:


Contrast this, for instance, with the SSL handshake from the 12.04 server:


I am hard pressed to decide if this is proper behavior for express-spdy. It makes no sense to use express-spdy without a version of openssl capable of NPN (per the openssl changelog, that means openssl version 1.0.1 or higher).

The only thing that actually compiles C code in the entire express-spdy dependency tree is the zlib compesssion code, which is not a place to be checking for the proper SSL versions. What if I use the node extension toolset, but only to check prerequisites? In that case, the package.json might add a script section like:
{
  "author": "Chris Strom  (http://eeecomputes.com)",
  "name": "express-spdy",
  "description": "SPDY-ize express.js sites.",
  "version": "0.2.0",
  "homepage": "https://github.com/eee-c/express-spdy",
  "scripts": {
    "preinstall" : "node-waf configure"
  },
  // ...
}
I then need a corresponding wscript file:
def set_options(opt):
  opt.tool_options('compiler_cxx')

def configure(conf):
  conf.check_cfg(package='openssl', atleast_version='1.0.1', mandatory=True)
When I try to install on my old machine, I get an error, but compilation proceeds anyway:
└── express@2.5.9 (qs@0.4.2, mime@1.2.4, connect@1.8.6)
cstrom@londo:~/repos/dummy$ npm install ../express-spdy/

> express-spdy@0.1.3 preinstall /home/cstrom/repos/dummy/node_modules/express-spdy
> node-waf configure

Setting srcdir to                        : /home/cstrom/repos/dummy/node_modules/express-spdy
Setting blddir to                        : /home/cstrom/repos/dummy/node_modules/express-spdy/build
Checking for openssl >= 1.0.1            : no
'configure' finished successfully (0.009s)
I do not know enough about WAF or node-waf to understand why this would not fail outright. It seems like it ought to halt. Somewhat frustrated, I call it a night here. I will bone up on my WAF tomorrow and hopefully come up with a way of getting this to fail.

Day #357

No comments:

Post a Comment