Node.js主机名/IP与证书的altname不匹配 [英] Node.js Hostname/IP doesn't match certificate's altnames

问题描述

我有代码:

var r = require('request');
r({
  method: 'POST',
  url: 'https://api.dropbox.com'},
  function() { console.log(arguments)  } )

当我在带有Node 0.9.4的桌面上运行它时，会在控制台中得到它:

When I run it on desktop with Node 0.9.4, I get this in the console:

{ '0': [Error: Hostname/IP doesn't match certificate's altnames] }

当我在带有节点0.6.12的Netbook上运行它时，它们都可以正常运行而没有错误(302响应-我认为是正确的).

When I run it on Netbook with Node 0.6.12, it all works without error (302 response - I think its right).

有问题的 Node.js主机名/IP与证书不匹配altnames ，Rojuinex写道:是的，浏览器问题...对不起." 浏览器问题"是什么意思?

In question Node.js hostname/IP doesnt match certificates altnames, Rojuinex write: "Yeah, browser issue... sorry". What does "browser issue" mean?

UPD.在Node v0.8上回滚后，此问题已解决

UPD. This problem was resolved after roll back on Node v0.8

推荐答案

自0.9.2(包括0.10.x)以来，node.js现在默认情况下会验证证书.这就是为什么当您升级到node.js 0.8之后，您会看到它变得更加严格的原因. (HT: https://github.com/mscdex/node-imap/issue/181#issuecomment-14781480 )

Since 0.9.2 (including 0.10.x) node.js now validates certificates by default. This is why you could see it become more strict when you upgrade past node.js 0.8. (HT: https://github.com/mscdex/node-imap/issues/181#issuecomment-14781480)

您可以使用{rejectUnauthorized:false}选项避免这种情况，但这会产生严重的安全隐患.您发送给对等方的任何内容仍将被加密，但是进行中间人攻击会变得很多，即您的数据将被加密给对等方，但对等体本身不会被加密.您认为是的服务器！

You can avoid this with the {rejectUnauthorized:false} option, however this has serious security implications. Anything you send to the peer will still be encrypted, but it becomes much easier to mount a man-in-the-middle attack, i.e. your data will be encrypted to the peer but the peer itself is not the server you think it is!

最好先诊断证书未授权的原因，然后查看该证书是否可以解决.

It would be better to first diagnose why the certificate is not authorizing and see if that could be fixed instead.

这篇关于Node.js主机名/IP与证书的altname不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！