1. 技术文章
  2. node.js + restify - requiring client certificate

node.js + restify - requiring client certificate

白昼怎懂夜的黑 提交于 2019-12-12 04:13:25

问题


So I'm working on a basic node app. Clients will connect to it with SSL. It seems to work fine when I just use a server certificate, but when I attempt to require a client certificate, it continues to work no matter what I throw at it.

I have found questions on this site related to this, but the answers contained therein didn't seem to work for me. Here's one.

Here's relevant code:

var restify=require('restify');
var fs=require('fs');

var server=restify.createServer({
    certificate: fs.readFileSync('../certs/server.crt'),
    key: fs.readFileSync('../certs/server.key'),
    ca: fs.readFileSync('../certs/ca.crt'),
    requestCert: true,
    rejectUnauthorized: true,
});

...

server.listen(8080, function() {
    console.log('servers up...');
});

I'm using curl to test connections, and pretty much anything that comes in causes the request object to be logged to console.

The various curl command lines I've used are:

curl -k https://localhost:8080/hello
curl -k -E user.combined:password https://localhost:8080/hello

I'm using -k because the certificates were generated locally and curl wants to validate them. (could this be the problem??)

So, no matter what I send to the node instance, I get the output I'd expect if the user was using the proper certificate (as they are in the second curl command line above).

Logged in the console, I see this:

req = { socket:
    { pair:
        _secureEstablished: true,
        _isServer: true,
        ...
        _rejectUnauthorized: false,
        _requestCert: false,

        (further down)

        authorized: false

Obviously, there's something going on here that I'm not fully up to speed on. What could it be?

== UPDATE ==

using -v with curl gets me some additional information, including this in the curl output:

* About to connect() to localhost port 8080 (#0)
*  Trying 127.0.0.1... connected
* successfully set certificate verify locations:
*  CAfile: none
  CApath: /etc/ssl/certs

As noted above, my ca.crt file is in the (relative) directory ../certs

Thank you.


回答1:


This was not supported as of restify 1.4.4. I believe this will be included in the 2.0 release, as I see the code has been added in the master branch of the Git repository.



来源:https://stackoverflow.com/questions/12826711/node-js-restify-requiring-client-certificate

标签
node.js
https
certificate
restify
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!