CODEWITHSUNDEEP
node.jssslproxynode-http-proxy
Grant Herman
Grant Herman

Reputation: 973

HTTP Proxy( Node.js) Not Performing Proper SSL Verification

I need to create a proxy server that is able to handle SSL certificate verification. I have been working with Node.js 's http-proxy library to handle ssl verification. My problem is that the proxy server does not do anything in regards to verifying if the client has the proper credentials.

I have a proxy server and I pass the server options that have the ssl certRequire = true and rejectUnauthroized = true. However, the client is able to connect to the server with no cert/key and I am not sure why.

Here is my code:

 var options = {
        ssl: {
        key:   fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-key.pem'),
        cert: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-crt.pem'),
        requestCert: true,
        rejectUnauthorized: true
    }   
};

var proxy = new httpProxy.createProxyServer(options);



http.createServer(function (req, res) {
  setTimeout(function () {
    proxy.web(req, res, {
        target: {
        host: 'localhost',
        port: 9002
        }
});
  }, 200);
}).listen(8002);

//Server
http.createServer(function (request, response) {

//Handles the response
response.writeHead(200, {'Content-Type': 'text/plain'});
response.write('request successfully proxied to server');
response.end();


response.on('data', function(data){
    console.log(data);
});

response.on('end', function(){
    console.log("end");
});

response.on('error', function(err){
    console.log(err);
});
}).listen(9002);

Please let me know if you need any clarification!

*****UPDATE*****

Here is my code after I remove the ssl object.

var options = {
        key: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-key.pem'),
        cert: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-crt.pem'),
        requestCert: true,
        rejectUnauthorized: false

};

Even with this, I am still able to connect to the proxy without a certificate.

Upvotes: 1

Views: 878

Answers (1)

Joe
Joe

Reputation: 42646

 var options = {
        ssl: {
        key:   fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-key.pem'),
        cert: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-crt.pem'),
        requestCert: true,
        rejectUnauthorized: true
    }   
};

The problem is your nesting -- these options don't exist inside the ssl object, they are top-level items in options. Take out the interior ssl section and move those options to the top level.

Upvotes: 1

Related Questions