Accessing the client certificate in TLS/HTTPS

[August Lilleaas]

I want to use client certificates for authentication. It seems node
doesn't provide a way of accessing that. All I could find was this:

https://github.com/ry/node/blob/0474ce67908c9afddab6/src/node_crypto.cc#L968

I assume line 975 here means that the client certificate is only used
to return an error string from verifyError.

So, is there a way for TLS/HTTPS servers in node to get a hold of the
client certificate?

[August Lilleaas]

Just found it: it is already in node

https://github.com/ry/node/blob/0474ce67908c9afddab6/lib/tls.js#L123

On Feb 17, 5:28 pm, August Lilleaas <augustlille...@gmail.com> wrote:
> I want to use client certificates for authentication. It seems node
> doesn't provide a way of accessing that. All I could find was this:
>

> https://github.com/ry/node/blob/0474ce67908c9afddab6/src/node_crypto....

[Wes Widner]

Were you able to access the client's certificate data? All I've seen so far is how to set a flag to request the certificate.

[Wes Widner]

I figured it out, my sample code is:

var https = require('https');

var sys = require("sys");

var fs = require('fs');

var options = {

  key: fs.readFileSync('./ssl/privatekey.pem'),

  cert: fs.readFileSync('./ssl/certificate.pem'),

  requestCert: true,

};

https.createServer(options, function (req, res) {

res.end(sys.inspect(req.socket.pair._ssl.getPeerCertificate()));

}).listen(8000);

[Ryan Dahl]

req.connection.getPeerCertificate() is the preferred way.

[Mike Post]

That gives you the certificate data, but it's only a representation of the certificate -- not the full certificate data.  For example, the certificate's serial number, version, and SKI are not available from getPeerCertificate as of node 0.10.35.