stackoom
  简体   繁体   中英

NodeJS - mtls connection through proxy

 原文  2022-06-02 19:39:39       node.js/ axios/ proxy/ mtls

Question

i have a problem doing a POST Request (Rest) to a server using mtls through a proxy-server (Typescript / Nodejs 14).

I already tried a lot with global-agent, tunnel, https-proxy-agent, ... but i'm only able to pass the proxy, but then i get different kind of ssl errors ("sslv3 alert handshake" or "unable to get local issuer"). With CURL (from my local environment; without proxy) i can connect, so certificate, key and truststore shouldnt be the problem.

curl --request POST https://open.supertest.com/api --key key.pem --cert cert.pem --cacert certchain.pem -v

The code will be executed via a Lambda-Function. By the way it must not be axios and tunnel.

Does someone maybe has a reference implementation in place somehow or an Idea what i might did wrong?

The following code raises the "unable to get local issuer" error: 

 import * as tunnel from 'tunnel'; import axios from 'axios'; const httpsAgent = tunnel.httpsOverHttp({ proxy: { host: 'proxy.test.com', port: 8080, proxyAuth: 'johndoe:fancypassword', }, ca: [Buffer.from( ###see below### , 'utf-8')], key: Buffer.from( ###see below### , 'utf-8'), cert: Buffer.from( ###see below### , 'utf-8'), }); const client = axios.create({ baseUrl: 'https://open.supertest.com/api', httpsAgent, proxy: false // don't use axios own proxy implementation as it will not handle the corporate proxy correctly }); const response = await client.post(endpointDetails.path, { data: { message: 'test', }, });

The "ca" (certchain/truststore) content-string looks something like ... -----BEGIN CERTIFICATE----- content -----END CERTIFICATE----- 

-----BEGIN CERTIFICATE-----
content
-----END CERTIFICATE-----

and "cert" (client-certificate) content-string looks something like ...

-----BEGIN CERTIFICATE-----
content
-----END CERTIFICATE----

and "key" (client-privatekey) content-string looks something like ...

-----BEGIN PRIVATE KEY-----
content
-----END PRIVATE KEY-----

1 answers

solution1
 0  2022-06-04 08:30:00

Found the issue. It was related to the certchain/truststore. There was one root ca missing which is preinstalled in the operating system where i ran the CURL, but of course not in the Lambda. So my solution was to just add the missing root ca and it worked fine.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question NodeJs Proxy Connection TLS connection through proxy NodeJS writing a socket through a proxy Twilio NodeJS - Request through Proxy TLS Socket connection through Nodejs Problems on NodeJs, GitHub and IONIC connection by proxy How to use HTTPS through a web proxy in nodejs How to connect to a nodejs express server through proxy Returning API JSON through a proxy in NodeJS MTLS - generate certificate to nodejs client side
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM