current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

I set up a HTTPS node.js server, but I'm having trouble understanding how to use it correctly.

app.get('/test', function(req, res){
    console.log('got in');
    if(req.client.authorized){
        res.send(200, 'certified');
    }else{
        res.send(200, 'idk who you are');
    }
});

require('https').createServer({
    key: fs.readFileSync('key.pem'),
    cert: fs.readFileSync('cert.pem'),
    requestCert: true,
    rejectUnauthorized: false
}, app).listen(8080);

What does the client have to do to be 'authorized' on my server?

I can browse to

https://localhost:8080/test

and it tells me that my certificate isn't trusted (that's okay, the SSL is self signed for now.). I proceed anyway but I always go to 'idk who you are', meaning the SSL authentication failed.

I'm pretty sure I'm missing a step here.

P.S., if it is important, I am setting up SSL for encryption purposes.

share|improve this question
    
req.client.authorized what is it? Perhaps it is undefined, that's why you always get 'idk who you are'. –  Edgar Jun 25 at 13:46
    
it console logs to false –  user997739 Jun 25 at 13:57
add comment

1 Answer

up vote 1 down vote

The authorized property is false because the certificate provided by the client is not signed by a trusted certificate authority. Being as rejectUnauthorized is false, the connection is not rejected, rather it is marked as un-authorized.

See here - https://github.com/joyent/node/blob/master/lib/_tls_wrap.js#L512

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.