no way to handle peer certificates?

[jcayzac]

I don't see any way to access req.connection from inside socket.io's authorization callback. Is there any? I need to access the peer certificate to get the identity of the connected user (over wss://)

Currently I must hot-swap Manager.handshakeData for the method below, which adds the peer certificate to the data passed to the authorization callback, but it would be nice to have a clearly defined way.

if (typeof io.Manager.prototype._handshakeDataPC !== "function") {
    io.Manager.prototype._handshakeDataPC = io.Manager.prototype.handshakeData
    io.Manager.prototype.handshakeData = function(data) {
        var d = this._handshakeDataPC(data),
            connection = data.request.connection
        d['peer certificate'] = connection.authorized ? connection.getPeerCertificate() : null
        return d
    }
}

[daguej]

+1

[smyleh]

+1

interesting, @jcayzac how did you manage to send your customized peer certificate from client to server? I didn't find such configurable options in official socket.io client. Maybe you are using other 3rd websocket client?

[daguej]

@smyleh, in the context of a browser, the client cert gets sent automatically. In most cases, you'll have picked a client cert when you loaded the page. The browser uses that cert for all subsequent requests in the session, including WebSocket connections.

Using socket.io-client from node is a different story. The client does not pass connection options to the transport (which ends up being ws in node) and the ws module does not allow you to specify cert/ca connection options anyway. Basically, it looks like you can't use a client cert with socket.io-client.

[smyleh]

@daguej yeah, thank you for sharing. Right now if I need to implement similar feature, I have to switch to use node's tls/ssl module. Anyway I am curious how @jcayzac managed to send his certificates from the client side. I would love to know his solution if he would love to share.

[jcayzac]

@smyleh my client was a browser.

[arashthk]

You could get authorized property and call getPeerCertificate function from socket.client.request.client