Javascript 如何在Node.js 0.11.8及更高版本中使用tlsSocket.renegotiate(选项、回调)
我是node.js新手,我有一个简单的https服务器正在运行。现在,当用户请求某个上下文路径时,服务器应该启动SSL重新协商并请求客户端证书身份验证。我看到node.js 0.11.8及更高版本支持这一点 到目前为止,我已经试过了,但没有重新谈判。甚至没有抛出错误Javascript 如何在Node.js 0.11.8及更高版本中使用tlsSocket.renegotiate(选项、回调),javascript,node.js,authentication,ssl,certificate,Javascript,Node.js,Authentication,Ssl,Certificate,我是node.js新手,我有一个简单的https服务器正在运行。现在,当用户请求某个上下文路径时,服务器应该启动SSL重新协商并请求客户端证书身份验证。我看到node.js 0.11.8及更高版本支持这一点 到目前为止,我已经试过了,但没有重新谈判。甚至没有抛出错误 var https = require('https'); var fs = require('fs'); var optSsl = { key: fs.readFileSync('ssl/server/keys/serve
var https = require('https');
var fs = require('fs');
var optSsl = {
key: fs.readFileSync('ssl/server/keys/server.key'),
cert: fs.readFileSync('ssl/server/certs/server.crt'),
ca: fs.readFileSync('ssl/ca/ca.crt'),
requestCert: false,
rejectUnauthorized: true,
ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS',
honorCipherOrder: true
};
var optClientAuth = {
requestCert: true,
rejectUnauthorized: true
};
var server = https.createServer(optSsl, function(req, res){
res.writeHead(200);
res.end("Hello World\n");
});
server.on('request', function(req, res){
console.log('request emitted on ' + req.url);
if (req.url == '/secure') {
try {
var socket = req.connection;
socket.renegotiate(optClientAuth, function(err){
if (!err) {
console.log(req.connection.getPeerCertificate());
} else {
console.log(err.message);
}
});
} catch (err) {
console.log(err);
}
};
});
server.on('secureConnection', function(socket) {
console.log('Secure connection established');
});
server.listen(8443);
感谢您的支持。这是适合我的代码
var https = require('https');
var fs = require('fs');
var constants = require('constants');
var optSsl = {
key: fs.readFileSync('./server.key'),
cert: fs.readFileSync('./server.crt'),
ca: fs.readFileSync('./ca.crt'),
passphrase: "very_secret",
agent: false,
requestCert: false,
rejectUnauthorized: false,
ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS',
honorCipherOrder: true,
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2
};
var optClientAuth = {
requestCert: true,
rejectUnauthorized: true
};
var server = https.createServer(optSsl);
server.on('request', function(req, res){
console.log('request emitted on ' + req.url);
var socket = req.connection;
if (req.url == '/secure') {
var result = socket.renegotiate(optClientAuth, function(err){
if (!err) {
console.log(req.connection.getPeerCertificate());
res.writeHead(200);
res.end("Authenticated Hello World\n");
} else {
console.log(err.message);
}
});
} else {
res.writeHead(200);
res.end("Secured Hello World\n");
};
});
server.listen(8443);
我在我的问题中添加了代码…你知道如何使用它吗?是的,(过了很长一段时间)结果是我把证书弄糟了。我创建了一个新的根,颁发了两个证书,一个用于服务器,一个用于客户端,由根签名。现在它开始工作了。不幸的是,您似乎无法加载多个CA证书来表示所有可能的客户端证书-或者我做错了什么(再次),所以代码可以工作?我不确定您是否对代码进行了任何更改以使其正常工作。。。Thanks@lpbug见下面的答案