Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: PEM_read_bio_PUBKEY in Node 10.10 #521

Closed
YangYu000 opened this issue Sep 11, 2018 · 5 comments
Closed

Error: PEM_read_bio_PUBKEY in Node 10.10 #521

YangYu000 opened this issue Sep 11, 2018 · 5 comments

Comments

@YangYu000
Copy link

My code is like

const FS = require('fs');
const JWT = require('jsonwebtoken');
const certPem = FS.readFileSync('./public.pem');
const token = 'xxxx';
JWT.verify(token, certPem, {}, (error, payload) => { ... });

and runs without problem with Node 8 and Node 10.8/10.9 (Ubuntu and Debian, NodeJS offical APT source)

After I upgrade to Node 10.10 today, on JWT.verify throws

Error: PEM_read_bio_PUBKEY failed
    at Verify.verify (internal/crypto/sig.js:122:23)
    at Object.verify (/my/project/path/node_modules/jwa/index.js:89:21)
    at Object.jwsVerify [as verify] (/my/project/path/node_modules/jws/lib/verify-stream.js:54:15)
    at /my/project/path/node_modules/jsonwebtoken/verify.js:116:19
    at getSecret (/my/project/path/node_modules/jsonwebtoken/verify.js:76:14)
    at Object.module.exports [as verify] (/my/project/path/node_modules/jsonwebtoken/verify.js:80:10)
@MitMaro
Copy link
Contributor

MitMaro commented Sep 12, 2018

I tried Node 10.10 on my system, and I had no trouble. These errors are generally an issue with the version of OpenSSL. Can you provide the version of OpenSSL that Node is using on your system using the following script:

'use strict';

const crypto = require('crypto');

const rawVersion = crypto.constants.OPENSSL_VERSION_NUMBER;

const major = (rawVersion & 0xFF0000000) >>> 28;
const minor = (rawVersion & 0xFF00000) >>> 20;
const fix = (rawVersion & 0xFF000) >>> 12;
const rawPatch = (rawVersion & 0xFF0) >>> 4;
const rawStatus = rawVersion & 0xF;

let status;
if (rawStatus === 0) {
	status = 'dev';
}
else if (rawStatus === 0xf) {
	status = 'release';
}
else {
	status = `beta ${rawStatus}`;
}

const patch = rawPatch === 0 ? '' : String.fromCharCode(rawPatch + 96);

console.log(`OpenSSL ${major}.${minor}.${fix}${patch} ${status} (${rawVersion.toString(16)})`);

@YangYu000
Copy link
Author

@MitMaro Output is OpenSSL 1.1.0i release (1010009f) on one of Debian 9 server which has this issue

@ziluvatar
Copy link
Contributor

@YangYu000 did you manage to solve this or to know what happened?

@YangYu000
Copy link
Author

@ziluvatar As I think it's a bug of NodeJS, I opened the almost same issue on nodejs/node#22815 and provided more details.
And finally found there's a bug in NodeJS 10.10 (and 10.11/10.12 maybe, I tested before, but I can't remember clearly), looks like Node team changed the method of parsing PEM file, and then got fixed in the later version NodeJS (maybe 10.12/10.13, sorry I can't remember after 5 months).
So, just avoid NodeJS 10.10 on Linux (and maybe 10.11/10.12).

@ziluvatar
Copy link
Contributor

Awesome @YangYu000 thanks for all details! 👏 Then I'm closing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MitMaro @ziluvatar @YangYu000