-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.js
72 lines (61 loc) · 1.68 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
var fs = require('fs');
var https = require('https');
var constants = require('constants');
clientPrefix=""
if (process.argv[2]) {
var clientPrefix= process.argv[2];
}
var serverName="server"+clientPrefix+"-key";
var serverFolder=__dirname+"/server";
var serverKeyFile=[
serverFolder,
"private",
serverName+".pem"
].join("/");
var serverCertFile=[
serverFolder,
"certs",
serverName+".cert.pem"
].join("/");
var serverCertChainFile=[
serverFolder,
"certs",
serverName+".chain.cert.pem"
].join("/");
var crlFile = __dirname + "/intermediate/crl/intermediate.crl.pem";
var options = {
key: fs.readFileSync(serverKeyFile),
cert: fs.readFileSync(serverCertFile),
ca: fs.readFileSync(serverCertChainFile),
// crl: fs.readFileSync(crlFile),
passphrase:"",
requestCert: true,
rejectUnauthorized: true,
ciphers: [
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"AES128-GCM-SHA256",
"!RC4",
"HIGH",
"!MD5",
"!aNULL"
].join(":"),
honorCipherOrder: true,
secureProtocol: 'TLSv1_method'
};
https.globalAgent.options.ca = [];
https.globalAgent.options.ca.push(fs.readFileSync(__dirname+"/intermediate/certs/ca-chain.cert.pem"));
https.createServer(options, function (req, res) {
if (req.socket.authorized){ // shouldn't even get here if not authorized
console.log([
new Date(),
req.connection.remoteAddress,
req.socket.getPeerCertificate().subject.CN
].join("\t"))
res.writeHead(200);
res.end("hello world\n");
} else {
console.log("Rejected")
}
}).listen(4433);
console.log('listening on 0.0.0.0:4433');