node.js + restify - 需要客户端证书 [英] node.js + restify - requiring client certificate
问题描述
所以我在一个基本的节点应用程序。客户端将使用SSL连接到它。它似乎工作正常,当我只是使用服务器证书,但当我尝试要求客户端证书,它继续工作,无论我抛在它。
我发现这个网站有关的问题,但其中包含的答案似乎并不适用于我。
以下是相关代码:
var restify = require('restify');
var fs = require('fs');
var server = restify.createServer({
certificate:fs.readFileSync('../ certs / server.crt'),
key:fs.readFileSync('。 ./certs/server.key'),
ca:fs.readFileSync('../ certs / ca.crt'),
requestCert:true,
rejectUnauthorized:true,
});
...
server.listen(8080,function(){
console.log('servers up ...');
});
我使用curl测试连接,几乎任何导致请求对象
我使用的各种curl命令行是:
curl -k https:// localhost:8080 / hello
curl -k -E user.combined:password https:// localhost:8080 / hello
我使用-k,因为证书是在本地生成的,curl想要验证它们。 (这可能是问题)
所以,无论我发送到节点实例,我得到的输出,如果用户使用
登录控制台,我看到:
req = {socket:
pre>
{pair:
_secureEstablished:true,
_isServer:true,
...
_rejectUnauthorized:false,
_requestCert:false,
(进一步向下)
授权:false
显然,这里有一些事情,我不能完全加速。可以是什么?
== UPDATE ==
,包括curl输出中的:
*关于connect()到localhost port 8080(#0)
*尝试127.0.0.1 ...连接
*成功设置证书验证位置:
* CAfile:none
CApath:/ etc / ssl / certs
如上所述,我的ca.crt文件在(相对)目录中../ certs
谢谢。
解决方案这不支持从restify 1.4.4。我相信这将包括在2.0版本,因为我看到代码已经添加到Git存储库的主分支。
So I'm working on a basic node app. Clients will connect to it with SSL. It seems to work fine when I just use a server certificate, but when I attempt to require a client certificate, it continues to work no matter what I throw at it.
I have found questions on this site related to this, but the answers contained therein didn't seem to work for me. Here's one.
Here's relevant code:
var restify=require('restify'); var fs=require('fs'); var server=restify.createServer({ certificate: fs.readFileSync('../certs/server.crt'), key: fs.readFileSync('../certs/server.key'), ca: fs.readFileSync('../certs/ca.crt'), requestCert: true, rejectUnauthorized: true, }); ... server.listen(8080, function() { console.log('servers up...'); });
I'm using curl to test connections, and pretty much anything that comes in causes the request object to be logged to console.
The various curl command lines I've used are:
curl -k https://localhost:8080/hello curl -k -E user.combined:password https://localhost:8080/hello
I'm using -k because the certificates were generated locally and curl wants to validate them. (could this be the problem??)
So, no matter what I send to the node instance, I get the output I'd expect if the user was using the proper certificate (as they are in the second curl command line above).
Logged in the console, I see this:
req = { socket: { pair: _secureEstablished: true, _isServer: true, ... _rejectUnauthorized: false, _requestCert: false, (further down) authorized: false
Obviously, there's something going on here that I'm not fully up to speed on. What could it be?
== UPDATE ==
using -v with curl gets me some additional information, including this in the curl output:
* About to connect() to localhost port 8080 (#0) * Trying 127.0.0.1... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs
As noted above, my ca.crt file is in the (relative) directory ../certs
Thank you.
解决方案This was not supported as of restify 1.4.4. I believe this will be included in the 2.0 release, as I see the code has been added in the master branch of the Git repository.
这篇关于node.js + restify - 需要客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!