Intermediate certs don't work with SNICallback #2772
Labels
tls
Issues and PRs related to the tls subsystem.
Comments
|
+1 - I've just hit the same issue. |
|
/cc @nodejs/crypto |
|
Would concatenating those intermediate certificates alongside your |
|
It should work. Working on fix. |
|
@alexlamsl did you mean something like |
|
@fastner I just did it on the And then specify only |
indutny
added a commit
to indutny/io.js
that referenced
this issue
Oct 27, 2015
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772
|
@alexlamsl Your solution to concatenate cert and intermediates works well - thanks for the solution. |
indutny
added a commit
that referenced
this issue
Nov 17, 2015
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: #2772 PR-URL: #3537 Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
that referenced
this issue
Jan 28, 2016
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: #2772 PR-URL: #3537 Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
that referenced
this issue
Feb 11, 2016
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: #2772 PR-URL: #3537 Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this issue
Feb 11, 2016
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772 PR-URL: nodejs#3537 Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this issue
Feb 15, 2016
Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772 PR-URL: nodejs#3537 Reviewed-By: Ben Noordhuis <[email protected]>
|
Maybe it's a dumb question or the wrong place to ask, but is the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If I give key, cert and ca via options field to https.createServer the whole key chain is returned on connection (correct behaviour). If I try to do the same via SNICallback it is not possible to set whole key chain.
Example code:
Now try to connect via openssl:
Expected and real behaviour is
Verify return code: 0 (OK).If I remove the ca in options map like this
and rerun openssl client the return code is
Verify return code: 21 (unable to verify the first certificate)which indicates that not the whole key chain is returned.The expected behaviour is
Verify return code: 0 (OK)as the ca field is given totls.createSecureContext.This occures in io.js 3.x and Node.js 4.0.0.
The text was updated successfully, but these errors were encountered: