发表新帖
发表新帖

My node.js https client always works regardless of certificate validity

后端 未结
关注
4 916
再見小時候
再見小時候 2020-12-09 23:22

This test program connects to an https server and gets some content. I\'ve checked my server in browsers and with curl and the certificate is working correctly. If I run cur

相关标签:
4条回答
  • 轻奢々
    2020-12-09 23:26

    In order to make this work I needed to upgrade to v0.7.8 (although any v0.7 should be fine) where the rejectUnauthorized functionality has been added to https.get

    This combination of options is needed:

    agent: false, // or you can supply your own agent, but if you don't you must set to false
rejectUnauthorized: true, 
ca: [ fs.readFileSync('https_simple/cacert.pem') ]

    Now if the authentication fails you will get an 'error' event and the request will not go ahead.

    See the https.request documentation for details on making your own Agent

    The bug fix was committed in this change: https://github.com/joyent/node/commit/f8c335d0

    0 讨论(0)
  • 感情败类
    2020-12-09 23:29

    As per the documentation for https.request, the ca option of both https.get and https.request is an option from tls.connect. The documentation for the options to the tls.connect module function states:

    ca: An array of strings or Buffers of trusted certificates. If this is omitted several well known "root" CAs will be used, like VeriSign. These are used to authorize connections.

    Digging into the node.js source, the root certs used can be found here: https://github.com/joyent/node/blob/master/src/node_root_certs.h

    So in short, with no authority cert provided as an option to https.get the tls module will attempt to authenticate the connection using the list of root certs anyway.

    0 讨论(0)
  • 不思量自难忘°
    2020-12-09 23:47

    I do this in npm, using the request module. It goes like this:

    var cacert = ... // in npm, this is a config setting
var request = require("request")
request.get({ url: "https://...",
              ca: cacert,
              strictSSL: true })
  .on("response", function (resp) { ... })
  .on("error", function (er) { ... })

    The error event will be raised if the ssl isn't valid.

    0 讨论(0)
  • 后悔当初
    2020-12-09 23:48

    In V 0.6.15 you need to explicitly check whether or not the certificate validation passed or failed.

    if (x.connection.authorized === false) {    
   console.log('SSL Authentication failed');
} else if (x.connection.authorized === true) {    
   console.log('SSL Authentication succeeded');
}
    0 讨论(0)
 看不清?
提交回复
热议问题