0

So I'm working on a basic node app. Clients will connect to it with SSL. It seems to work fine when I just use a server certificate, but when I attempt to require a client certificate, it continues to work no matter what I throw at it.

I have found questions on this site related to this, but the answers contained therein didn't seem to work for me. Here's one.

Here's relevant code:

var restify=require('restify');
var fs=require('fs');

var server=restify.createServer({
    certificate: fs.readFileSync('../certs/server.crt'),
    key: fs.readFileSync('../certs/server.key'),
    ca: fs.readFileSync('../certs/ca.crt'),
    requestCert: true,
    rejectUnauthorized: true,
});

...

server.listen(8080, function() {
    console.log('servers up...');
});

I'm using curl to test connections, and pretty much anything that comes in causes the request object to be logged to console.

The various curl command lines I've used are:

curl -k https://localhost:8080/hello
curl -k -E user.combined:password https://localhost:8080/hello

I'm using -k because the certificates were generated locally and curl wants to validate them. (could this be the problem??)

So, no matter what I send to the node instance, I get the output I'd expect if the user was using the proper certificate (as they are in the second curl command line above).

Logged in the console, I see this:

req = { socket:
    { pair:
        _secureEstablished: true,
        _isServer: true,
        ...
        _rejectUnauthorized: false,
        _requestCert: false,

        (further down)

        authorized: false

Obviously, there's something going on here that I'm not fully up to speed on. What could it be?

== UPDATE ==

using -v with curl gets me some additional information, including this in the curl output:

* About to connect() to localhost port 8080 (#0)
*  Trying 127.0.0.1... connected
* successfully set certificate verify locations:
*  CAfile: none
  CApath: /etc/ssl/certs

As noted above, my ca.crt file is in the (relative) directory ../certs

Thank you.

4

1 回答 1

2

从 restify 1.4.4 开始不支持这一点。我相信这将包含在 2.0 版本中,因为我看到代码已添加到 Git 存储库的主分支中。

于 2012-12-13T16:07:50.210 回答