0

I have a nodejs client and server interacting via https. I have self signed certificate authority, server certificate and a couple of test client certificates. I have tested the certificates are 'working' using openssl s_server and s_client, using the necessary command line options for self signed certs and no errors are generated.

When the client connects to server via https, the server immediately generates an error stating it could not get peer certificate:

`Error: 140735833322304:error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate:../deps/openssl/openssl/ssl/s3_srvr.c:3330:`

On the client the error is:

`{ Error: socket hang up
    at TLSSocket.onConnectEnd (_tls_wrap.js:1073:19)
    at Object.onceWrapper (events.js:322:30)
    at emitNone (events.js:120:20)
    at TLSSocket.emit (events.js:218:7)
    at endReadableNT (_stream_readable.js:1054:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)
  code: 'ECONNRESET',
  path: null,
  host: 'localhost',
  port: 443,
  localAddress: undefined }`

`140735833322304:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:1494:SSL alert number 40`

`140735833322304:error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:1217:
`

However the handler for the URL executes and calls req.socket.getPeerCertificate() and the client certificate has clearly been sent:

`{ subject: 
   { C: 'US',
     ST: 'MA',
     L: 'Boston',
     O: 'Example Co',
     OU: 'techops',
     CN: 'client2',
     emailAddress: 'certs@example.com' },
  issuer: 
   { C: 'US',
     ST: 'MA',
     L: 'Boston',
     O: 'Example Co',
     OU: 'techops',
     CN: 'ca',
     emailAddress: 'certs@example.com' },
  modulus: 'B97D65....etc....}`

Why would I get these errors when the client has indeed sent the certificate?

Any help would be appreciated.

drclaw
  • 2,463
  • 9
  • 23
  • This may solve your problem buddy : https://stackoverflow.com/questions/27611193/curl-ssl-with-self-signed-certificate – krish Nov 14 '17 at 05:22

1 Answers1

0

Looks like I had two issues. Firstly the reason I was still able to read the certificate was because there was a second https get request being issued elsewhere in the code unknowingly.

Secondly the error of client not sending certificate is a little miss leading as the the certificate was sent, It ultimately was the inappropriate CA chain the server was using to verify the client.

Thank you for your help

drclaw
  • 2,463
  • 9
  • 23