proxy-agents icon indicating copy to clipboard operation
proxy-agents copied to clipboard
verified publisher icon TooTallNate

ERR_TLS_CERT_ALTNAME_INVALID for socks-proxy-agent

Open warjiang opened this issue 10 months ago • 1 comments

Background

I found that the client-node sdk(you can treat the sdk as another client-go sdk implementation for node), if there is a proxy-url in the kubeconfig file, client-node sdk will create agent for proxy request to kubernetes apiserver.

Problems

The feature seems not work for me, code snippet as following:

import * as k8s from '@kubernetes/client-node';


const kc = new k8s.KubeConfig();
kc.loadFromFile('path/to/local/kubeconfig')
const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
k8sApi.listNamespacedPod({ namespace: "default" }).then((res) => {
  console.log(res);
});

error occured: Image

the root cause for the error is that, when invoke the tls.connect, the proxy-agents sdk will ignore the host information: https://github.com/TooTallNate/proxy-agents/blob/536aaa5165b888c548cbfa8095801c05478605fe/packages/socks-proxy-agent/src/index.ts#L191-L199

And I try to add host field by removing the host field from omit list, like following: Image

It seems it works, so any explantation about omitting host field, and should we avoidding omit host field? @TooTallNate

warjiang avatar Feb 21 '25 01:02 warjiang

I think it's the problem of omitting host fileld, for duo tls verification, proxy-agents should not ignore the host field. If ignoring the host field, node.js seems to add host=localhost internally, which equals to setting wrong host field

warjiang avatar Feb 23 '25 15:02 warjiang