如何在现有的NodeJS后端中启用ocsp装订?

时间:2019-05-07 08:26:54

标签: node.js ssl ssl-certificate ocsp

我对NodeJS完全陌生,今天我不得不在现有NodeJS后端中更新ssl证书。我从来没有对node做任何事情,而编写应用程序的人对公司来说再也无法工作了。

到目前为止,一切都很好...更新证书没有问题,我只需要更改路径即可。重新启动节点后端并检查应用程序后,由于需要进行ocsp装订,因此浏览器出现错误。

我已经在apache和nginx中启用了ocsp,但是我不知道该如何处理node。

我已经通过npm安装了ocsp节点模块。

这是app.js代码:

var http = require('http');
var https = require('https');
var config = require('./config.js');
var express = require('express');
var fs = require('fs');
var bodyParser = require('body-parser');

// ssl options
if (config.https) {
    var options = {
        ca: fs.readFileSync(config.sslCa),
        key: fs.readFileSync(config.sslKey),
        cert: fs.readFileSync(config.sslCert)
    };
}

var app = express();
var server;
if (config.https) {
    server = https.createServer(options, app);
} else {
    server = http.Server(app);
}

var io = require('socket.io').listen(server);
require('./socketEvents')(io);
var rest = require('./restRoutes')(io);
var morgan = require('morgan');
var cors = require('cors');
var verifyToken = require('./verifyToken');
var fileManagement = require('./fileManagement')(io);
var authorization = require('./authorization');
var restFiles = require('./restFiles')(io);

// serve static files
app.use('/bundles', express.static(config.iboxWebDir + '/bundles'));

var multer = require('multer');

// path for diskStorage
var storage = multer.diskStorage({
    destination: function (req, file, callback) {
        callback(null, './files');
    },
    filename: function (req, file, callback) {
        callback(null, file.fieldname + '-' + Date.now())
    }
});

// multer function to store the file
var upload = multer({storage: storage});

// CORS OPTIONS
app.use(cors({credentials: true, origin: true, maxAge: 600}));
app.use(morgan('dev')); // use morgan to log requests to the console

app.use('/icons', express.static(__dirname + '/../' + 'icons'));

// icon files
app.use('/restfiles', restFiles);

// app.use(bodyParser.urlencoded({extended: true})); // parse json-request
app.post('/file/upload', verifyToken, upload.fields([{name: 'roomId'}, {name: 'threadId'}, {name: 'files'}]), fileManagement.postFile);

// configure body-parser
app.use(bodyParser.json()); // parse json-request
app.use(bodyParser.urlencoded({extended: true})); // parse urlencoded from requests

app.get('/file/get', verifyToken, fileManagement.getFile);
app.post('/file/get', verifyToken, fileManagement.getFile);
app.post('/file/remove', verifyToken, authorization.canRemoveFile, fileManagement.removeFile);

// add router for rest api
app.use('/rest', rest);

module.exports = server;

希望有人可以给我一些帮助。

非常感谢!

菲利普

1 个答案:

答案 0 :(得分:0)

您可以尝试以下操作:

...
var ocsp = require('ocsp')
...
var app = express();
var server;
if (config.https) {
    var ocspCache = new ocsp.Cache()
    server = https.createServer(options, app);

    server.on('OCSPRequest', function(cert, issuer, callback) {
        ocsp.getOCSPURI(cert, function(err, uri) {
            if (err) return callback(error);
            var req = ocsp.request.generate(cert, issuer);
            var options = {
                url: uri,
                ocsp: req.data
            };
            ocspCache.request(req.id, options, callback);
        });
    });

    // eventually you can omit this
    var sslSessionCache = {};
    server.on('newSession', function(sessionId, sessionData, callback) {
        sslSessionCache[sessionId] = sessionData;
        callback();
    });
    server.on('resumeSession', function (sessionId, callback) {
        callback(null, sslSessionCache[sessionId]);
    });
} else {
    server = http.Server(app);
}
...

我从这里得到了修改

  

https://github.com/nodejs/node-v0.x-archive/issues/8660

最诚挚的问候

迪特里希