我正在测试 Node.JS 和 TLS,并创建了一个简单的服务器和客户端。
看起来这个测试很顺利:
server.js:
const tls = require('tls');
const fs = require('fs');
const options = {
key: fs.readFileSync('./server-certs/server.key'),
cert: fs.readFileSync('./server-certs/server.crt'),
rejectUnauthorized: false,
requestCert: true
};
const server = tls.createServer(options, (socket) => {
console.log('server connected',
socket.authorized ? 'authorized' : 'unauthorized');
console.log(socket.getPeerCertificate(true).raw);
socket.write('welcome!\n');
socket.setEncoding('utf8');
socket.pipe(socket);
});
server.listen(8000, () => {
console.log('server bound');
});
client.js:
const tls = require('tls');
const fs = require('fs');
const options = {
key: fs.readFileSync('./client-certs/client.key'),
cert: fs.readFileSync('./client-certs/client.crt')
};
const socket = tls.connect(8000, options, () => {
console.log('client connected',
socket.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(socket);
process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
console.log(data);
});
socket.on('end', () => {
console.log('server ends connection');
});
使用 server.js 我打印出客户端证书:
console.log(socket.getPeerCertificate(true).raw);
然而在Linux上执行cat client.crt命令后,我得到了以下一长串字符串:
-----BEGIN CERTIFICATE-----
MIICsDCCAZgCCQC8miOEYnXCXDANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQGEwJV
...
MHBcIlA2R3ssgfhlcSJcaR59LKA=
-----END CERTIFICATE-----
服务器是否能从客户端证书中获取到该字符串?
var prefix = '-----BEGIN CERTIFICATE-----\n'; var postfix = '-----END CERTIFICATE-----'; var pemText = prefix + socket.getPeerCertificate(true).raw.toString('base64').match(/.{0,64}/g).join('\n') + postfix;看起来可以工作,谢谢。 - Alfred Balle