Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Renegotiate the SSL/TLS session if requested to allow to 'requestCert' per http request #2496

Closed
thomasfr opened this issue Jan 9, 2012 · 14 comments
Closed

Renegotiate the SSL/TLS session if requested to allow to 'requestCert' per http request #2496

thomasfr opened this issue Jan 9, 2012 · 14 comments
Assignees
@indutny
Labels
feature-request tls
Milestone
v0.12

Comments

@thomasfr
Copy link

thomasfr commented Jan 9, 2012

At the moment a https server can be configured with 'requestCert:true'. This asks the client to provide a client certificate. In the browser this will pop up a dialog to select a certificate on every request to any url. Sometimes this is OK, but sometimes not. Especially for WebID (http://www.w3.org/2005/Incubator/webid/spec/) Authentication and Authorization (http://webid.info/) you usually want to deliver a nice login UI for your users and just want to show that certificate selection dialog on specific requests to urls like http://example.com/login for instance.

The corresponding Mailing List Thread where initial discussion with @bnoordhuis began: http://groups.google.com/group/nodejs/browse_thread/thread/ac6f4336825a4113

Kind regards
@thomasfr
Copy link
Author

There is a report for current webid implementation in node. with a working module. Maybe this helps to further understand the problem and/or test this issue: http://magnetik.github.com/node-webid-report/

@magnetik
Copy link

+1

@thomasfr
Copy link
Author

Any news or updates on this issue? Will it make it into 0.8?

@bnoordhuis
Copy link
Member

Probably not. I didn't (and don't) have time to work on it.

@DominicBoettger
Copy link

Any news or updates on this issue?

@thomasfr
Copy link
Author

I am also very interested in this! Any news on this?

@isaacs
Copy link

isaacs commented Jan 30, 2013

Wont' be in 0.10. Maybe 0.12.

@DominicBoettger
Copy link

I am using a curl client where i set the certificate. I only want to use this with curl. Can I use req.authenticate , but not force the client to choose a certificate. If I want to use a certificate I set it on the client (curl) manually. Browsers won't create the popup window. Can I configure something like that? It would be a kind of workaround for me....

@isaacs
Copy link

isaacs commented Aug 6, 2013

@indutny Any interest in doing this?

@indutny
Copy link
Member

indutny commented Aug 22, 2013

@isaacs lets see what I can do about it.

@thomasfr
Copy link
Author

Let me know if i can help you in any way. Testing etc. Would be great if we were able to use that in node

@indutny indutny mentioned this issue Aug 23, 2013
Closed
@ghost ghost assigned indutny Aug 23, 2013
@indutny
Copy link
Member

indutny commented Aug 23, 2013

See wip #6114

indutny added a commit to indutny/node that referenced this issue Sep 3, 2013
@indutny
tls: socket.renegotiate(options, callback)
0c59050 
This utility function allows renegotiaion of secure connection after
establishing it.

fix nodejs#2496
@indutny indutny closed this as completed in af76b08 Sep 5, 2013
@indutny
Copy link
Member

indutny commented Sep 5, 2013

Fixed in af76b08 !

@lpbug
Copy link

lpbug commented Aug 25, 2015

@indutny Sorry to be posting this almost 2 years later, but is it possible that you give an example of how this can be used to achieve the desired effect in the original question? Like how you can have certificate selection dialog box only on www.example.com/login, especially if we're using https = require('https').Server(options,app) where options has the fields requestCert and rejectUnauthorized? Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@indutny indutny

Labels
feature-request tls
Projects
None yet
Milestone
v0.12
Development

No branches or pull requests
7 participants
@isaacs @indutny @bnoordhuis @thomasfr @magnetik @DominicBoettger @lpbug