socket.request.client.getPeerCertificate() always returns null

[Andrewiski]

Original Ticket
#3567 Opened Mar 26, 2020 Pull request #3568

In version 4.5.3 issue still exists

Please try this simple example

https://github.com/Andrewiski/socket.io-certificate-test
toggle between my library and current socket.io in server.js

const socketio = require('@andrewiski/socket.io');

const socketio = require('socket.io');
Note how using my pull request @Andrewiski/socket.io you can determine who is connected via socket by using the client cert.

Note how using your example (https://socket.io/docs/v4/server-initialization/#with-an-https-server) does not work as no client certificate can be used as it is always null.

// This always returns null socket.request.client.getPeerCertificate()
if(socket.request.client.getPeerCertificate) {
let cert = socket.request.client.getPeerCertificate();
if (cert){
debug("io.onConnection", socket.id, "socket.request.client.getPeerCertificate() client certificate was presented use,", cert.subject.CN, " issued by ", cert.issuer.CN );
}else{
debug("io.onConnection", socket.id, "socket.request.client.getPeerCertificate() is null");
}
}

//This only successfull if running @Andrewiski/socket.io
if(socket.client.peerCertificate) {
  let cert = socket.client.peerCertificate;
  if (cert){
    debug("io.onConnection", socket.id, "Andrewiski socket.client.peerCertificate certificate was presented use,", cert.subject.CN, " issued by ", cert.issuer.CN );
  }else{
    debug("io.onConnection", socket.id, "no client.peerCertificate certificate");
  }
} 

[Andrewiski]

I updated GitHub andrewiski/socket.io to main branch reapplied my pull request changes to client.ts, and republished my working version of getPeerCertificate() to NPM as well as upgraded the example above highlighting the current broken socket.io and the working Andrewiski/socket.io with the three lines enhancement.

[Andrewiski]

@darrachequesne I am offering a $100 reward paid via Paypal if you can highlight where there is a mistake in example server.js that is causing getPeerCertificate() to return null.

[darrachequesne]

@Andrewiski I can't reach the repository you provided (404), could you please grant me access to it?

[Andrewiski]

@darrachequesne My bad it defaulted to private, it is now a public project

[darrachequesne]

@Andrewiski it seems you are missing the following part:

io.engine.on("connection", (rawSocket) => {
  // if you need the certificate details (it is no longer available once the handshake is completed)
  rawSocket.peerCertificate = rawSocket.request.client.getPeerCertificate();
});

Could you please check?

Reference: https://socket.io/docs/v4/server-initialization/#with-an-https-server

[Andrewiski]

I completely missed the .engine. on io.engine.on('connection') on the example. If I remember I first cut and pasted the code but because I late bind server .engine was undefined and I fixed the error anyways I have updated my example removing references to @andrewiski/socket.io added additional comments to the code highlighting the changes so anyone finding this issue will also find the fix.

The frustration and time spent try to work around this issue is well worth the $100. Please PM me your PayPal email.