Created
July 18, 2013 15:09
-
-
Save jbarber/6030097 to your computer and use it in GitHub Desktop.
NodeJS HTTPS daemon example showing how to access client certificate information.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var https = require('https'); | |
| var sys = require('util'); | |
| var fs = require('fs'); | |
| /* Generate certs using OpenSSL as follows: | |
| openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 | |
| openssl rsa -passin pass:x -in server.pass.key -out server.key | |
| rm server.pass.key | |
| openssl req -new -key server.key -out server.csr -batch | |
| openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |
| rm server.csr | |
| */ | |
| var options = { | |
| key: fs.readFileSync('server.key'), | |
| cert: fs.readFileSync('server.crt'), | |
| requestCert: true, | |
| //ca: [ fs.readFileSync('server.crt') ], | |
| }; | |
| var server = https.createServer(options, function (req, res) { | |
| res.writeHead(200); | |
| // Can only be true if there is a CA cert defined in options and the client | |
| // cert is signed by it + valid | |
| sys.puts(req.client.authorized); | |
| // FIXME: no way to get the actual cert (does that make sense?) | |
| var clientCert = req.connection.getPeerCertificate(); | |
| if (clientCert) { | |
| sys.puts(sys.inspect(clientCert)); | |
| //sys.puts(JSON.stringify(clientCert.subject)); | |
| //sys.puts(JSON.stringify(clientCert.fingerprint)); | |
| //sys.puts(sys.inspect(req.connection.getCipher())); | |
| } | |
| else { | |
| sys.puts("Client not using a cert\n"); | |
| } | |
| res.end("Hello world\n"); | |
| }); | |
| server.on('error', function (e) { | |
| sys.puts(e.message); | |
| }); | |
| server.listen(8443); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment