nodejs创建TLS服务

by 伍雪颖

server.js

var tls = require('tls');var fs = require('fs');var options = {     key: fs.readFileSync('./keys/server.key'),     cert: fs.readFileSync('./keys/server.crt'),     requestCert: true,     ca: [ fs.readFileSync('./keys/ca.crt')]};var server = tls.createServer(options,function(stream) {     console.log('server connected',stream.authorized?'authorized':'unauthorized');     stream.write("welcome!\n");     stream.setEncoding('utf8');     stream.pipe(stream);});server.listen(8000,function() {     console.log('server bound');});

client.js

var tls = require('tls');var fs = require('fs');var options = {     key: fs.readFileSync('./keys/client.key'),     cert: fs.readFileSync('./keys/client.crt'),     ca: [ fs.readFileSync('./keys/ca.crt')]};var stream = tls.connect(8000,options,function() {     console.log('client connected',stream.authorized?'authorized':'unauthorized');     process.stdin.pipe(stream);});stream.setEncoding('utf8');stream.on('data',function(data) {     console.log(data);});stream.on('end',function() {     server.close();});

证书生成:

server.key,client.key

openssl genrsa -out server.key 1024

openssl genrsa -out client.key 1024

ca.crt

openssl genrsa -out ca.key 1024

openssl req -new -key ca.key -out ca.csr

openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt

server.crt

openssl req -new -key server.key -out server.csr

openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt

client.crt

openssl req -new -key client.key -out client.csr

openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt