我正在尝试使用Node的HTTPS请求解析证书链.我在npmjs.com上测试它(不是www.npmjs.com).当我在OpenSSL上测试它时,它向我显示链的顺序不正确.
openssl s_client -connect npmjs.com:443 -showcerts
OpenSSL响应第一证书
subject: /OU=GT40876434/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.npmjs.com
issuer: /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
下一个证书 - >
subject: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
下一个证书 - >
subject: /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
issuer: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
但是,当我使用我的Node的HTTPS请求逐步浏览证书链时,在发出套接字时我会这样做
socket.getPeerCertificate(true)
链的顺序是正确的,我在Node请求上得到的证书与openssl请求上的证书不同.
节点的响应第一证书:
subject
{ OU:
[ 'GT40876434',
'See www.rapidssl.com/resources/cps (c)14',
'Domain Control Validated - RapidSSL(R)' ],
CN: '*.npmjs.com' }
issuer
{ C: 'US', O: 'GeoTrust Inc.', CN: 'RapidSSL …