我是node.js的新手,并且正在运行一个简单的https服务器。现在,当用户请求某个上下文路径时,服务器应启动SSL重新协商并请求客户端证书认证。我看到在node.js 0.11.8及更高版本中支持此功能。
到目前为止,我已经尝试过了,但是没有重新谈判。甚至不会引发错误。
var https = require('https');
var fs = require('fs');
var optSsl = {
key: fs.readFileSync('ssl/server/keys/server.key'),
cert: fs.readFileSync('ssl/server/certs/server.crt'),
ca: fs.readFileSync('ssl/ca/ca.crt'),
requestCert: false,
rejectUnauthorized: true,
ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS',
honorCipherOrder: true
};
var optClientAuth = {
requestCert: true,
rejectUnauthorized: true
};
var server = https.createServer(optSsl, function(req, res){
res.writeHead(200);
res.end("Hello World\n");
});
server.on('request', function(req, res){
console.log('request emitted on ' + req.url);
if (req.url == '/secure') {
try {
var socket = req.connection;
socket.renegotiate(optClientAuth, function(err){
if (!err) {
console.log(req.connection.getPeerCertificate());
} else {
console.log(err.message);
} …