nodejs TLS 只加密,未授权,进一步完善

const tls = require('tls');
const fs = require('fs');

const options = {
    key: fs.readFileSync('my_key.pem'),
    cert: fs.readFileSync('my_cert.pem'),

    // This is necessary only if using the client certificate authentication.
    requestCert: false,

    // This is necessary only if the client uses the self-signed certificate.
    ca: [fs.readFileSync('user_cert.pem')]
};

const server = tls.createServer(options, (socket) => {
    console.log('server connected',
        socket.authorized ? 'authorized' : 'unauthorized');
    socket.write('welcome!\n');
    socket.setEncoding('utf8');
    socket.pipe(socket);
});
server.listen(8000, () => {
    console.log('server bound');
});

　　

const tls = require('tls');
const fs = require('fs');

const options = {
    // Necessary only if using the client certificate authentication
    key: fs.readFileSync('user_key.pem'),
    cert: fs.readFileSync('user_cert.pem'),
    rejectUnauthorized: false,
    // Necessary only if the server uses the self-signed certificate
    ca: [fs.readFileSync('my_cert.pem')]
};

const socket = tls.connect(8000, options, () => {
    console.log('client connected',
        socket.authorized ? 'authorized' : 'unauthorized');
    process.stdin.pipe(socket);
    process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
    console.log(data);
});
socket.on('end', () => {
    server.close();
});

 

密钥:摘自nodejs 官方文档

openssl genrsa -out ryans-key.pem 2048;

openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem;

openssl x509 -req -in ryans-csr.pem -signkey ryans-key.pem -out ryans-cert.pem