我正在尝试创建从node.js应用程序到本地托管的nginx服务器的基本SSL连接;它还涉及发送客户端的凭据。握手似乎是成功的,因为从“安全”事件中调用“verifyPeer”验证了那么多。但是,服务器继续只响应400响应。
如果我在命令行上使用curl发出相同的请求,我会回到我的期望:
curl -v -E curl-test.crt --cacert ca.crt https://internal.url:7443/some.file
“curl-test.crt”是通过将客户端密钥和证书连接在一起而创建的。
以下是获取失败所需的最小位node.js代码:
global.util = require('util');
var fs = require('fs'),
http = require('http'),
crypto = require('crypto');
var clientCert = fs.readFileSync("tmp/cert.crt", 'ascii'),
clientKey = fs.readFileSync("tmp/key.key", 'ascii'),
caCert = fs.readFileSync("tmp/ca.crt", 'ascii');
var credentials = crypto.createCredentials({"key": clientKey, "cert": clientCert, "ca": caCert});
var client = http.createClient(7443, "internal.url", true, credentials);
client.addListener("secure", function() {
if (!client.verifyPeer()) {
throw new Exception("Could not verify peer");
}
});
var request = client.request('GET', '/some.file', {});
request.on('response', function(response) {
response.on('data', function(body) {
util.log("body: " + body);
});
});
request.end();
以下是我得到的回复,无论“some.file”改为:
body: <html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/0.6.32</center>
</body>
</html>
调试或解决此问题的任何帮助都很棒
答案 0 :(得分:4)
您是否在nginx错误日志中收到此消息?
2010/11/23 17:51:59 [info] 13221#0: *1 client sent HTTP/1.1 request without "Host" header while reading client request headers, client: 127.0.0.1, server: testme.local, request: "GET /some.file HTTP/1.1"
如果是这样,您只需将“主机”标题添加到您的GET请求中即可解决此问题:
var request = client.request('GET', '/some.file', {'Host':'internal.url'});
看起来nginx希望Host标头和节点默认不发送它。可能有一种方法可以将nginx配置为默认为正确的标头值。
希望有所帮助!