1. 首页
  2. 问答
  3. Node.JS + HTTPS +客户端证书=问题

Node.JS + HTTPS +客户端证书=问题

2012-10-22 141 views
3

我一直试图让Node.JS使用SSL和客户端证书。最初,我试图让它与restify一起工作(请参阅我的问题here)。当我无法做到这一点时,我支持并试图找到一个例子来说明我正在努力完成的事情。我试过this one,我收到一个奇怪的错误。Node.JS + HTTPS +客户端证书=问题

代码如下:

服务器:

var sys = require("sys"); 
var fs = require("fs"); 
var https = require("https"); 

var options = { 
    key: fs.readFileSync("../certs/server.key"), 
    cert: fs.readFileSync("../certs/server.crt"), 
    ca: fs.readFileSync("../certs/ca.crt"), 
    requestCert: true, 
    rejectUnauthorized: true 
}; 

https.createServer(options, function (req, res) { 
    console.log(req); 
    res.writeHead(200); 
    sys.puts("request from: " + req.connection.getPeerCertificate().subject.CN); 
    res.end("Hello World, " + req.connection.getPeerCertificate().subject.CN + "\n"); 
}).listen(8080); 

sys.puts("server started");

客户:

var https = require('https'); 
var fs = require("fs"); 

var options = { 
    host: 'localhost', 
    port: 8080, 
    path: '/hello', 
    method: 'GET', 
    key: fs.readFileSync("../certs/user.key"), 
    cert: fs.readFileSync("../certs/user.crt"), 
    ca: fs.readFileSync("../certs/ca.crt"), 
    passphrase: 'thepassphrase' 
}; 

var req = https.request(options, function(res) { 
    console.log("statusCode: ", res.statusCode); 
    console.log("headers: ", res.headers); 

    res.on('data', function(d) { 
     process.stdout.write(d); 
    }); 
}); 

req.end(); 

req.on('error', function(e) { 
    console.error(e); 
});

运行测试client.js产生这样的:

{ [Error: socket hang up] code: 'ECONNRESET' }

试图同有点事情第i个卷曲:

curl -k -v --key user.key --cert user.crt:thepassphrase --cacert ca.crt https://localhost:8080/hello

产量:

* About to connect() to localhost port 8080 (#0) 
* Trying 127.0.0.1... connected 
* successfully set certificate verify locations: 
* CAfile: ca.crt 
    CApath: /etc/ssl/certs 
* SSLv3, TLS handshake, Client hello (1): 
* SSLv3, TLS handshake, Server hello (2): 
* SSLv3, TLS handshake, CERT (11): 
* SSLv3, TLS handshake, Request CERT (13): 
* SSLv3, TLS handshake, Server finished (14): 
* SSLv3, TLS handshake, CERT (11): 
* SSLv3, TLS handshake, Client key exchange (16): 
* SSLv3, TLS handshake, CERT verify (15): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* Unknown SSL protocol error in connection to localhost:8080 
* Closing connection #0 
curl: (35) Unknown SSL protocol error in connection to localhost:8080

如果我想要去的额外步骤需要一个客户端证书,我将如何做呢?

来源

2012-10-22 Chris

回答

4

把这个服务器放在nginx后面怎么样?

这听起来很复杂,或者增加了很多开销,但我向你保证它非常简单,并且nginx的SSL处理非常简单。

寻找用nginx代理example)。

P.S
这两个应用程序都可以并可能驻留在同一台服务器上。

来源

2012-10-23 10:51:51 Poni

+0

这是一个有趣的答案。 nginx能否将有关用户证书的信息传递给最终的目标网址?可能通过向url添加一些参数? – Chris

+1

这实际上将为我们工作。谢谢。 – Chris

+0

很高兴听到!最后,你是如何通过nginx转发证书的?我只是好奇 – Poni

相关问题

 相关问题