我写了一个需要客户端证书的最小服务器,但它始终拒绝与以下authorizationError:DEPTH_ZERO_SELF_SIGNED_CERT的连接。我按照下面的步骤进行操作,它们非常简单,所以如果你想“在家里试试”,你应该可以在几分钟内重现这个。这与Node.js 0.10.24有关。我做错了吗?
首先,我按如下方式生成了自签名客户端和服务器证书(来自Client Side Certificate Auth in Nginx帖子的说明),这是一个ssl子目录。
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
然后,我使用Node.js运行以下程序(即将其放在server.js并运行node server.js)。
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('ssl/server.key'),
cert: fs.readFileSync('ssl/server.crt'),
ca: fs.readFileSync('ssl/ca.crt'),
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type":"application/json"});
res.end('{"status":"approved"}');
console.log("Approved Client ", req.client.socket.remoteAddress);
} else {
res.writeHead(401, {"Content-Type":"application/json"});
res.end('{"status":"denied"}');
console.log('authorizationError:', req.client.authorizationError);
console.log("Denied Client " , req.client.socket.remoteAddress);
}
}).listen(5678);
最后,我尝试连接curl:
curl -v -s -k --key ssl/client.key --cert ssl/client.crt https://localhost:5678
这是authorizationError:DEPTH_ZERO_SELF_SIGNED_CERT失败的地方。我读过人们设置process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";而不是使用rejectUnauthorized: false的运气更多,但这似乎对我的情况没有任何影响。
答案 0 :(得分:0)
Quick fixer upper is ..
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"