1

I set up a HTTPS node.js server, but I'm having trouble understanding how to use it correctly.

app.get('/test', function(req, res){
    console.log('got in');
    if(req.client.authorized){
        res.send(200, 'certified');
    }else{
        res.send(200, 'idk who you are');
    }
});

require('https').createServer({
    key: fs.readFileSync('key.pem'),
    cert: fs.readFileSync('cert.pem'),
    requestCert: true,
    rejectUnauthorized: false
}, app).listen(8080);

What does the client have to do to be 'authorized' on my server?

I can browse to

https://localhost:8080/test

and it tells me that my certificate isn't trusted (that's okay, the SSL is self signed for now.). I proceed anyway but I always go to 'idk who you are', meaning the SSL authentication failed.

I'm pretty sure I'm missing a step here.

P.S., if it is important, I am setting up SSL for encryption purposes.

Improve this question
2
  • req.client.authorized what is it? Perhaps it is undefined, that's why you always get 'idk who you are'. Commented Jun 25, 2014 at 13:46
  • it console logs to false Commented Jun 25, 2014 at 13:57

1 Answer 1

Reset to default
1

The authorized property is false because the certificate provided by the client is not signed by a trusted certificate authority. Being as rejectUnauthorized is false, the connection is not rejected, rather it is marked as un-authorized.

See here - https://github.com/joyent/node/blob/master/lib/_tls_wrap.js#L512

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.