(一)代码分析
本章旨在通过实际Node.JS代码进行之前所说的证书与TLS简单内容的确认,废话不多直接上代码,首先看服务器端代码:
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('./certs/server.key'),
cert: fs.readFileSync('./certs/server.crt'),
ca: [fs.readFileSync('./certs/ca.crt')],
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, (req, resp) => {
if(req.client.authorized) {
console.log('Authorized Client:', req.client.getPeerCertificate().subject.CN);
resp.writeHead(200, {'Content-Type':'text/plain'});
resp.end('Hello world')
} else {
console.log('Denied Client:', req.client.getPeerCertificate().subject.CN);
resp.writeHead(401, {'Content-Type':'text/plain'});
resp.end('Denied')
}
}).listen(8888);
有了之前证书的基础,代码相对比较好理解,服务器端首先指定的自身的证书和私钥文件(cert&key),同时,也将签发的CA证书一并包含,CA证书的主要目的有两个:
1. 在TL