如何在Node.js0.11.8及更高版本中使用tlsSocket.regregate(选项、回调)

How to use tlsSocket.renegotiate(options, callback) in Node.js 0.11.8 and higher

本文关键字:tlsSocket regregate 回调 选项 版本 js0 Node 高版本      更新时间:2023-09-26

我是node.js的新手,我有一个简单的https服务器在运行。现在,当用户请求某个上下文路径时,服务器应该启动SSL重新协商并请求客户端证书身份验证。我看到node.js 0.11.8及更高版本支持此功能。

到目前为止,我已经尝试过了,但没有进行重新谈判。甚至没有抛出错误。

var https = require('https');
var fs = require('fs');
var optSsl = {
   key: fs.readFileSync('ssl/server/keys/server.key'),
   cert: fs.readFileSync('ssl/server/certs/server.crt'),
   ca: fs.readFileSync('ssl/ca/ca.crt'),
   requestCert: false,
   rejectUnauthorized: true,
   ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS',
   honorCipherOrder: true
};
var optClientAuth = {
    requestCert: true,
    rejectUnauthorized: true
};
var server = https.createServer(optSsl, function(req, res){
    res.writeHead(200);
    res.end("Hello World'n");
});
server.on('request', function(req, res){
    console.log('request emitted on ' + req.url);
    if (req.url == '/secure') {
        try {
            var socket = req.connection;
            socket.renegotiate(optClientAuth, function(err){
                if (!err) {
                    console.log(req.connection.getPeerCertificate());
                } else {
                    console.log(err.message);
                }
            });
        } catch (err) {
            console.log(err);
        }
    };
});
server.on('secureConnection', function(socket) {
    console.log('Secure connection established');
});
server.listen(8443);

感谢您的支持。

这是适用于我的代码。

var https = require('https');
var fs = require('fs');
var constants = require('constants');
var optSsl = {
    key: fs.readFileSync('./server.key'),
    cert: fs.readFileSync('./server.crt'),
    ca: fs.readFileSync('./ca.crt'),
    passphrase: "very_secret",
    agent: false,
    requestCert: false,
    rejectUnauthorized: false,
    ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS',
    honorCipherOrder: true,
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2
};
var optClientAuth = {
    requestCert: true,
    rejectUnauthorized: true
};
var server = https.createServer(optSsl);
server.on('request', function(req, res){
    console.log('request emitted on ' + req.url);
    var socket = req.connection;
    if (req.url == '/secure') {
        var result = socket.renegotiate(optClientAuth, function(err){
            if (!err) {
                console.log(req.connection.getPeerCertificate());
                res.writeHead(200);
                res.end("Authenticated Hello World'n");
            } else {
                console.log(err.message);
            }
        });
    } else {
        res.writeHead(200);
        res.end("Secured Hello World'n");
    };
});
server.listen(8443);
相关文章: