Last active
February 27, 2025 07:18
-
-
Save anhldbk/3ea07d006c0fd411f19c0e362d4e0ec0 to your computer and use it in GitHub Desktop.
Revisions
-
anhldbk revised this gist
Aug 29, 2016 . 2 changed files with 46 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,13 @@ ### 1. Overview This is an example of using module `tls` in NodeJS to create a client securely connecting to a TLS server. It is a modified version from [documentation about TLS](https://nodejs.org/api/tls.html), in which: + The server is a simple echo one. Clients connect to it, get the same thing back if they send anything to the server. + The server is a TLS-based server. + Clients somehow get the server's public key and use it to work securely with the server ### 2. Preparation We need to generate keys & certs for the server. Pay attention to `Common Name (e.g. server FQDN or YOUR name)` when creating `server-csr.pem`. It should be your domain name. @@ -36,4 +41,20 @@ Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: ``` ### 3. Run the demo ```sh $ node server.js & $ node client.js & ``` You may have following things printed out: ```text server bound server connected unauthorized client connected authorized welcome! ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,21 @@ const tls = require('tls'); const fs = require('fs'); const options = { ca: [ fs.readFileSync('server-cert.pem') ] }; var socket = tls.connect(8000, 'evolastech.com', options, () => { console.log('client connected', socket.authorized ? 'authorized' : 'unauthorized'); process.stdin.pipe(socket); process.stdin.resume(); }); socket.setEncoding('utf8'); socket.on('data', (data) => { console.log(data); }); socket.on('end', () => { console.log('Ended') }); -
Aug 29, 2016 . 1 changed file with 20 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ const tls = require('tls'); const fs = require('fs'); const options = { key: fs.readFileSync('server-key.pem'), cert: fs.readFileSync('server-cert.pem'), rejectUnauthorized: true, }; const server = tls.createServer(options, (socket) => { console.log('server connected', socket.authorized ? 'authorized' : 'unauthorized'); socket.write('welcome!\n'); socket.setEncoding('utf8'); socket.pipe(socket); }); server.listen(8000, () => { console.log('server bound'); }); -
Aug 29, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,39 @@ ### Overview This is an example of using module `tls` in NodeJS to create a client securely connecting to a TLS server ( Let's assume that the client somehow gets the server's public key) ### Preparation We need to generate keys & certs for the server. Pay attention to `Common Name (e.g. server FQDN or YOUR name)` when creating `server-csr.pem`. It should be your domain name. ```sh $ mkdir tls $ cd tls $ openssl genrsa -out server-key.pem 4096 $ openssl req -new -key server-key.pem -out server-csr.pem $ openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem ``` For example: ```sh $ openssl req -new -key server-key.pem -out server-csr.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:VN State or Province Name (full name) [Some-State]:Hanoi Locality Name (eg, city) []:Hanoi Organization Name (eg, company) [Internet Widgits Pty Ltd]:Evolas Technologies Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:evolastech.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: ```