Skip to content

Commit

Permalink
Suppress error logs when clients connect over HTTP instead of HTTPS (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
jportner committed Sep 15, 2020
1 parent 77974fd commit d97e01d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
8 changes: 6 additions & 2 deletions src/legacy/server/logging/log_interceptor.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@
import Stream from 'stream';
import { get, isEqual } from 'lodash';

const GET_CLIENT_HELLO = /GET_CLIENT_HELLO:http/;
/**
* Matches error messages when clients connect via HTTP instead of HTTPS; see unit test for full message. Warning: this can change when Node
* and its bundled OpenSSL binary are upgraded.
*/
const OPENSSL_GET_RECORD_REGEX = /ssl3_get_record:http/;

function doTagsMatch(event, tags) {
return isEqual(get(event, 'tags'), tags);
Expand Down Expand Up @@ -124,7 +128,7 @@ export class LogInterceptor extends Stream.Transform {
}

downgradeIfHTTPWhenHTTPS(event) {
return downgradeIfErrorMessage(GET_CLIENT_HELLO, event);
return downgradeIfErrorMessage(OPENSSL_GET_RECORD_REGEX, event);
}

_transform(event, enc, next) {
Expand Down
2 changes: 1 addition & 1 deletion src/legacy/server/logging/log_interceptor.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ describe('server logging LogInterceptor', () => {
describe('#downgradeIfHTTPWhenHTTPS', () => {
it('transforms http requests when serving https errors', () => {
const message =
'40735139278848:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:../deps/openssl/openssl/ssl/s23_srvr.c:394';
'4584650176:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n';
const interceptor = new LogInterceptor();
const event = stubClientErrorEvent({ message });
assertDowngraded(interceptor.downgradeIfHTTPWhenHTTPS(event));
Expand Down

0 comments on commit d97e01d

Please sign in to comment.