1. 首页
  2. 问答
  3. 如何在Node.js 0.11.8和更高版本中使用tlsSocket.renegotiate(options,callback)

如何在Node.js 0.11.8和更高版本中使用tlsSocket.renegotiate(options,callback)

2014-09-10 50 views
4

我是新来的node.js,我有一个简单的https服务器运行。现在,当用户请求某个上下文路径时,服务器应启动SSL重新协商并请求客户端证书身份验证。我看到这在node.js 0.11.8和更高版本中受支持。如何在Node.js 0.11.8和更高版本中使用tlsSocket.renegotiate(options,callback)

我到目前为止尝试过,但重新协商没有发生。甚至不会引发错误。

var https = require('https'); 
var fs = require('fs'); 

var optSsl = { 
    key: fs.readFileSync('ssl/server/keys/server.key'), 
    cert: fs.readFileSync('ssl/server/certs/server.crt'), 
    ca: fs.readFileSync('ssl/ca/ca.crt'), 
    requestCert: false, 
    rejectUnauthorized: true, 
    ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS', 
    honorCipherOrder: true 
}; 

var optClientAuth = { 
    requestCert: true, 
    rejectUnauthorized: true 
}; 

var server = https.createServer(optSsl, function(req, res){ 
    res.writeHead(200); 
    res.end("Hello World\n"); 
}); 

server.on('request', function(req, res){ 
    console.log('request emitted on ' + req.url); 
    if (req.url == '/secure') { 
     try { 
      var socket = req.connection; 
      socket.renegotiate(optClientAuth, function(err){ 
       if (!err) { 
        console.log(req.connection.getPeerCertificate()); 
       } else { 
        console.log(err.message); 
       } 
      }); 
     } catch (err) { 
      console.log(err); 
     } 
    }; 
}); 

server.on('secureConnection', function(socket) { 
    console.log('Secure connection established'); 
}); 

server.listen(8443);

感谢您的支持。

来源

2014-09-10 Thomas

+0

我将代码添加到我的问题中... – Thomas 2014-09-11 11:53:54

+0

你有没有想过如何使用它? – 2015-08-25 20:56:37

+0

是的,(经过很长时间)事实证明我搞砸了证书。我创建了一个新的根,颁发了两个证书,一个用于服务器,另一个用于客户端,由根签名。现在它起作用了。不幸的是,您似乎无法加载多个CA证书来呈现所有可能的客户端证书 - 或者我做了错误的(再次) – Thomas 2015-08-28 13:59:13

回答

2

这是适合我的代码。

var https = require('https'); 
var fs = require('fs'); 
var constants = require('constants'); 

var optSsl = { 
    key: fs.readFileSync('./server.key'), 
    cert: fs.readFileSync('./server.crt'), 
    ca: fs.readFileSync('./ca.crt'), 
    passphrase: "very_secret", 
    agent: false, 
    requestCert: false, 
    rejectUnauthorized: false, 
    ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS', 
    honorCipherOrder: true, 
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2 
}; 

var optClientAuth = { 
    requestCert: true, 
    rejectUnauthorized: true 
}; 

var server = https.createServer(optSsl); 

server.on('request', function(req, res){ 
    console.log('request emitted on ' + req.url); 
    var socket = req.connection; 
    if (req.url == '/secure') { 
     var result = socket.renegotiate(optClientAuth, function(err){ 
      if (!err) { 
       console.log(req.connection.getPeerCertificate()); 

       res.writeHead(200); 
       res.end("Authenticated Hello World\n"); 
      } else { 
       console.log(err.message); 
      } 
     }); 
    } else { 
     res.writeHead(200); 
     res.end("Secured Hello World\n"); 
    }; 
}); 

server.listen(8443);

来源

2015-08-31 18:34:55 Thomas

相关问题

 相关问题