如何使用TLS在两个node.js程序之间进行通信?

时间:2019-04-29 18:49:10

标签: node.js bash ssl

我在另一个应用程序中遇到TLS问题,因此我仅使用TLS部件来构建应用程序的框架版本,以便对其进行故障排除。但是,尝试执行此操作时会遇到一个非常奇怪的错误。

服务器代码:

var tls = require("tls");
var fs = require("fs");

const serverOptions = {
  key: fs.readFileSync("frontend.key"),
  cert: fs.readFileSync("frontend.pem"),
  ca: [ fs.readFileSync("root-ca.pem") ],
  requestCert: true,
};

var server = tls.createServer(serverOptions);
server.listen(4532);
console.log("Server up");
server.on('connection', function(stream) {
  console.log("Connected: " + stream.address().address);

  stream.on('data', function(d) {
    stream.write(("" + d).split("").reverse().join(""));
    stream.destroy();
  });

  stream.write("The sky above the port was the color of television, tuned to a dead channel");
});

客户代码:

var tls = require("tls");
var fs = require("fs");

const streamOptions = {
  key: fs.readFileSync("backend.key"),
  cert: fs.readFileSync("backend.pem"),
  ca: [ fs.readFileSync("root-ca.pem") ],
  requestCert: true,
  host: "localhost",
  port: "4532",
};

var stream = tls.connect(streamOptions, function(){console.log("Connected")});
var flag = 0;
stream.on('data', function(d) {
  console.log("Received " + d);
  if (flag === 0) {
    stream.write("This string in reverse, please");
    flag = 1;
  } else {
    stream.destroy();
  }
});

我用来自动生成ssl证书(bash)的代码:

# create server directory
mkdir -pv server

# create a root CA, used to sign off on others
openssl genrsa \
  -out server/root-ca.key \
  2048

# sign the root CA
openssl req \
  -x509 \
  -new \
  -nodes \
  -key server/root-ca.key \
  -days 1024 \
  -out server/root-ca.pem \
  -subj "/C=US/ST=California/L=Provo/O=Nobody/CN=localhost"

# function to create a device certificate for a particular domain
create_certificate() {
  # $1 should be name, $2 should be domain
  name=$1
  domain=$2

  echo "------- Creating certificate $name -------"

  # generate key
  mkdir -pv $name
  openssl genrsa \
    -out $name/$name.key \
    2048

  # create request for signing
  openssl req -new \
    -key $name/$name.key \
    -out $name/$name.csr \
    -subj "/C=US/ST=California/L=Provo/O=Nobody/CN=$domain"

  # sign the request using the root CA
  openssl x509 \
    -req -in $name/$name.csr \
    -CA server/root-ca.pem \
    -CAkey server/root-ca.key \
    -CAcreateserial \
    -out $name/$name.pem \
    -days 500

  rsync -a server/root-ca.pem $name/root-ca.pem
}

create_certificate frontend localhost
create_certificate backend localhost

当我运行服务器代码时,它似乎可以正常工作。但是,当我运行客户端代码时,它给了我错误:

  

错误:139701226773376:错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议:s23_clnt.c:827:

请注意,第一个数字(139701226773376)因运行而异。

是什么导致此错误,什么是解决该错误的最佳方法?

0 个答案:

没有答案
相关问题
最新问题