无论证书有效性如何，我的node.js https客户端始终有效 [英] My node.js https client always works regardless of certificate validity

问题描述

此测试程序连接到https服务器并获取一些内容。我已经在浏览器和curl中检查了我的服务器，证书工作正常。如果我运行curl从服务器获取数据，它会正确地抱怨证书是未知的，除非我使用--cacert传递它或使用-k关闭安全性。

This test program connects to an https server and gets some content. I've checked my server in browsers and with curl and the certificate is working correctly. If I run curl to grab data from the server it correctly complains about the certificate being unknown unless I pass it in with --cacert or turn security off with -k.

所以我遇到的问题是，虽然我认为我的客户端应该进行证书身份验证，而且我告诉它公共证书的位置，但它始终有效。如果我删除ca：选项，以便它不知道证书来自服务器，那么它默默地工作。我想抓住身份验证错误，但我似乎无法这样做。

So the problem I am having is that although I think my client should be doing certificate authentication and I am telling it where the public certificate is, it just always works. If I remove the ca: option so it has no idea what the certificate is from the server then it silently works. I would like to catch the authentication error but I can't seem to do so.

var https = require('https');
var fs = require('fs');

function main() {

      var data = '';

      var get = https.get({
        path: '/',
        host: 'localhost',
        port: 8000,
        agent: false,
        ca: [ fs.readFileSync('https_simple/cacert.pem') ]

      }, function(x) {

        x.setEncoding('utf8');
        x.on('data', function(c) {data += c});
        x.on('error', function(e) {
          throw e;
        });
        x.on('end', function() {
          console.log('Hai!. Here is the response:');
          console.log(data);
        });

      });

      get.on('error', function(e) {throw e});

      get.end();

    }

main();

推荐答案

为了完成这项工作，我需要升级到v0.7.8（虽然任何v0.7应该没问题）其中rejectUnauthorized功能已被添加到https.get

In order to make this work I needed to upgrade to v0.7.8 (although any v0.7 should be fine) where the rejectUnauthorized functionality has been added to https.get

需要这些选项的组合：

agent: false, // or you can supply your own agent, but if you don't you must set to false
rejectUnauthorized: true, 
ca: [ fs.readFileSync('https_simple/cacert.pem') ]

现在，如果身份验证失败，您将收到错误事件，请求将不会继续。

Now if the authentication fails you will get an 'error' event and the request will not go ahead.

请参阅https.request 文档

See the https.request documentation for details on making your own Agent

此更改中提交了错误修复： https://github.com/joyent/no de / commit / f8c335d0

The bug fix was committed in this change: https://github.com/joyent/node/commit/f8c335d0

这篇关于无论证书有效性如何，我的node.js https客户端始终有效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！