我有一个节点js服务器描述如下:
const fs = require('fs');
const https = require('https');
const path = require('path');
const log = require('./lib/log');
const server = https.createServer({
key: fs.readFileSync(path.join(__dirname, 'server.key')),
cert: fs.readFileSync(path.join(__dirname, 'server.crt')),
ca: [fs.readFileSync(path.join(__dirname, 'ca.pem'))],
requestCert: true,
rejectUnauthorized: true
}, function() { log.debug('ok'); });
server.listen(8080, () => log.info(`Server listening on port 8080`));
我的问题是,客户提供的证书在被此CA签名时会被拒绝。
我尝试使用OpenSSL来确定:
$ openssl s_server -key server.key -cert server.crt -accept 8080 -www -CAfile ca.pem -verify 5
verify depth is 5
depth=0 C = FR, O = MyO, OU = MyOU, CN = MyCN
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = FR, O = MyO, OU = MyOU, CN = MyCN
verify error:num=21:unable to verify the first certificate
verify return:1
有没有办法获得详细模式或获得客户的证书?