Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Support client certificates in node #551

Closed
daguej opened this Issue May 1, 2013 · 22 comments

Comments

Projects
None yet

daguej commented May 1, 2013

In the browser, client SSL certificates are supported because the browser automatically sends the client cert that the user picked when loading the page while making a WebSocket connection. (Although checking that cert on the server currently requires a bit of a hack.)

However, it looks like there's no way to specify a client certificate when using socket.io-client from node. The client does not pass connection options to the transport (which ends up being ws in node) and the ws module does not allow you to specify cert/ca connection options anyway.

This may be related to #550 since it's a matter of passing connection options to the transport.

Yes these two issues should be combined. I believe there is some isSecure property inside the transport object which if TRUE (i.e. https/wss transports) can be used to allow these options to be passed to xmlhttprequest object. Otherwise, even if user passes certificates and keys, they will be silently ignored.

smyleh commented May 1, 2013

This feature is vital for those applications need to have trusted communication channel supported with personal key, cert & ca. For example, setup a private cluster in an intranet with socket.io talking to each other, make some secured RPC framework based on socket.io technology. In sush cases, server only accepts connections with cert signed by its trusted ca and then determine its identity to know who it is actually talking just like what node's tls/ssl module provides. Right now it looks like there are no appropriate solution to do it directly using socket.io.

Yes especially since these days, with modern multi-core servers, who wants to use HTTP anyway? Maybe ok for intranets, but otherwise wss/https should be fully supported to the same extent as the node.js options allow. So yes, I agree, this is very important feature. Unfortunately it has to be done at the same time in the xmlhttprequest project which is managed separately.

qrpike commented May 30, 2013

+1

maxkueng commented Jun 5, 2013

+1 This would be really great.

slbruce commented Mar 20, 2014

+1

Please ! +1

Contributor

rauchg commented Apr 13, 2014

Definitely will work on adding the right API for this.

That's a great info ! My week starts well. THK

adrai commented Aug 20, 2014

@guille any progress about this topic?

r0bing commented Sep 15, 2014

+1

Contributor

rauchg commented Sep 15, 2014

This will be included in 1.2

@rase- rase- added this to the 1.2.0 milestone Oct 11, 2014

@rase- rase- self-assigned this Oct 11, 2014

@rase- rase- added the In Progress label Oct 11, 2014

@rase- rase- added Pending Review and removed In Progress labels Oct 12, 2014

scaret commented Oct 23, 2014

+1

adrai commented Oct 28, 2014

not included in 1.2? :-(

@rase- rase- modified the milestones: 1.3.0, 1.2.0 Oct 28, 2014

Contributor

rase- commented Oct 28, 2014

@adrai we did an early 1.2. Will be in 1.3. :)

adrai commented Oct 28, 2014

Ok, thanks.

@rauchg rauchg closed this Nov 25, 2014

adrai commented Nov 25, 2014

???

Contributor

rauchg commented Nov 25, 2014

Sorry accidentally closed it :D

@rauchg rauchg reopened this Nov 25, 2014

adrai commented Nov 25, 2014

accidentally ;-)

Contributor

rauchg commented Nov 26, 2014

Keep in mind we already have a PR with an implementation for this.

@rase- rase- removed the Pending Review label Dec 4, 2014

Contributor

rase- commented Dec 4, 2014

Merged in with Automattic/engine.io-client#356.

Will be released with 1.3.

@rase- rase- closed this Dec 4, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment