So I'm working on a basic node app. Clients will connect to it with SSL. It seems to work fine when I just use a server certificate, but when I attempt to require a client certificate, it continues to work no matter what I throw at it.
I have found questions on this site related to this, but the answers contained therein didn't seem to work for me. Here's one.
Here's relevant code:
var restify=require('restify');
var fs=require('fs');
var server=restify.createServer({
certificate: fs.readFileSync('../certs/server.crt'),
key: fs.readFileSync('../certs/server.key'),
ca: fs.readFileSync('../certs/ca.crt'),
requestCert: true,
rejectUnauthorized: true,
});
...
server.listen(8080, function() {
console.log('servers up...');
});
I'm using curl to test connections, and pretty much anything that comes in causes the request object to be logged to console.
The various curl command lines I've used are:
curl -k https://localhost:8080/hello
curl -k -E user.combined:password https://localhost:8080/hello
I'm using -k because the certificates were generated locally and curl wants to validate them. (could this be the problem??)
So, no matter what I send to the node instance, I get the output I'd expect if the user was using the proper certificate (as they are in the second curl command line above).
Logged in the console, I see this:
req = { socket:
{ pair:
_secureEstablished: true,
_isServer: true,
...
_rejectUnauthorized: false,
_requestCert: false,
(further down)
authorized: false
Obviously, there's something going on here that I'm not fully up to speed on. What could it be?
== UPDATE ==
using -v with curl gets me some additional information, including this in the curl output:
* About to connect() to localhost port 8080 (#0)
* Trying 127.0.0.1... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
As noted above, my ca.crt file is in the (relative) directory ../certs
Thank you.