Node.js SSL身份验证
[英]Node.js SSL authentication
问题描述
I set up a HTTPS node.js server, but I'm having trouble understanding how to use it correctly. 
我设置了HTTPS node.js服务器,但是在理解如何正确使用它方面遇到了麻烦。
app.get('/test', function(req, res){
console.log('got in');
if(req.client.authorized){
res.send(200, 'certified');
}else{
res.send(200, 'idk who you are');
}
});
require('https').createServer({
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem'),
requestCert: true,
rejectUnauthorized: false
}, app).listen(8080);
What does the client have to do to be 'authorized' on my server? 客户端必须做什么才能在我的服务器上获得“授权”?
I can browse to 我可以浏览到
https://localhost:8080/test
and it tells me that my certificate isn't trusted (that's okay, the SSL is self signed for now.). 并告诉我我的证书不受信任(没关系,SSL现在是自签名的。)。 I proceed anyway but I always go to 'idk who you are', meaning the SSL authentication failed. 无论如何,我都会继续,但是我总是去'idk you are',这意味着SSL身份验证失败。
I'm pretty sure I'm missing a step here. 我很确定我在这里错过了一步。
PS, if it is important, I am setting up SSL for encryption purposes. PS,如果很重要,我正在设置SSL以用于加密。
1 个解决方案
解决方案1
1 2014-06-25 16:56:08
The authorized property is false because the certificate provided by the client is not signed by a trusted certificate authority. 由于客户端提供的证书未由受信任的证书颁发机构签名,因此authorized属性为false。 Being as rejectUnauthorized is false, the connection is not rejected, rather it is marked as un-authorized. 被视为rejectUnauthorized为假,不拒绝连接,而是将其标记为未授权。
See here - https://github.com/joyent/node/blob/master/lib/_tls_wrap.js#L512 看到这里-https://github.com/joyent/node/blob/master/lib/_tls_wrap.js#L512
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.