node.js + restify - 需要客户端证书 [英] node.js + restify - requiring client certificate

问题描述

所以我在一个基本的节点应用程序。客户端将使用SSL连接到它。它似乎工作正常，当我只是使用服务器证书，但当我尝试要求客户端证书，它继续工作，无论我抛在它。

我发现这个网站有关的问题，但其中包含的答案似乎并不适用于我。

以下是相关代码：

  var restify = require（'restify'）; 
 var fs = require（'fs'）; 
 
 var server = restify.createServer（{
 certificate：fs.readFileSync（'../ certs / server.crt'），
 key：fs.readFileSync（'。 ./certs/server.key'），
 ca：fs.readFileSync（'../ certs / ca.crt'），
 requestCert：true，
 rejectUnauthorized：true，
}）; 
 
 ... 
 
 server.listen（8080，function（）{
 console.log（'servers up ...'）; 
 }）; 
  

我使用curl测试连接，几乎任何导致请求对象

我使用的各种curl命令行是：

  curl -k https：// localhost：8080 / hello 
 curl -k -E user.combined：password https：// localhost：8080 / hello 
  

我使用-k，因为证书是在本地生成的，curl想要验证它们。 （这可能是问题）

所以，无论我发送到节点实例，我得到的输出，如果用户使用

登录控制台，我看到：

  req = {socket：
 {pair：
 _secureEstablished：true，
 _isServer：true，
 ... 
 _rejectUnauthorized：false，
 _requestCert：false，
 
（进一步向下）
 
授权：false 
  pre> 
 
 
显然，这里有一些事情，我不能完全加速。可以是什么？
 
 
 
 == UPDATE == 
 
 
 
 ，包括curl输出中的：
  *关于connect（）到localhost port 8080（＃0）
 *尝试127.0.0.1 ...连接
 *成功设置证书验证位置：
 * CAfile：none 
 CApath：/ etc / ssl / certs 
  
如上所述，我的ca.crt文件在（相对）目录中../ certs 
 
 
 
谢谢。
解决方案
这不支持从restify 1.4.4。我相信这将包括在2.0版本，因为我看到代码已经添加到Git存储库的主分支。
 
So I'm working on a basic node app. Clients will connect to it with SSL. It seems to work fine when I just use a server certificate, but when I attempt to require a client certificate, it continues to work no matter what I throw at it.

I have found questions on this site related to this, but the answers contained therein didn't seem to work for me. Here's one.

Here's relevant code:
var restify=require('restify');
var fs=require('fs');

var server=restify.createServer({
    certificate: fs.readFileSync('../certs/server.crt'),
    key: fs.readFileSync('../certs/server.key'),
    ca: fs.readFileSync('../certs/ca.crt'),
    requestCert: true,
    rejectUnauthorized: true,
});

...

server.listen(8080, function() {
    console.log('servers up...');
});
I'm using curl to test connections, and pretty much anything that comes in causes the request object to be logged to console.

The various curl command lines I've used are:
curl -k https://localhost:8080/hello
curl -k -E user.combined:password https://localhost:8080/hello
I'm using -k because the certificates were generated locally and curl wants to validate them. (could this be the problem??)

So, no matter what I send to the node instance, I get the output I'd expect if the user was using the proper certificate (as they are in the second curl command line above).

Logged in the console, I see this:
req = { socket:
    { pair:
        _secureEstablished: true,
        _isServer: true,
        ...
        _rejectUnauthorized: false,
        _requestCert: false,

        (further down)

        authorized: false
Obviously, there's something going on here that I'm not fully up to speed on. What could it be?

== UPDATE ==

using -v with curl gets me some additional information, including this in the curl output:
* About to connect() to localhost port 8080 (#0)
*  Trying 127.0.0.1... connected
* successfully set certificate verify locations:
*  CAfile: none
  CApath: /etc/ssl/certs
As noted above, my ca.crt file is in the (relative) directory ../certs

Thank you.
解决方案
This was not supported as of restify 1.4.4.  I believe this will be included in the 2.0 release, as I see the code has been added in the master branch of the Git repository.

                        
这篇关于node.js + restify  - 需要客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！