Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

checking client certificate match

See original GitHub issue

Hi, In nodejs/express we can do the following:

julie-ng source code

app.get('/authenticate', (req, res) => {
	const cert = req.socket.getPeerCertificate();

	if (req.client.authorized) {
		res.send(`Hello ${cert.subject.CN}, your certificate was issued by ${cert.issuer.CN}!`);

	} else if (cert.subject) {
		res.status(403)
			 .send(`Sorry ${cert.subject.CN}, certificates from ${cert.issuer.CN} are not welcome here.`);

	} else {
		res.status(401)
		   .send(`Sorry, but you need to provide a client certificate to continue.`);
	}
});

what would be the equivalent in koa to verify client certificate?

Issue Analytics

State:
Created 3 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

3imed-jabericommented, Jan 28, 2021

Welcome @ilanl, I believe that the problem is from @types/koa. So you need to do something like that:

// the 1st solution: access from socket inside the koa context.
import * as Koa from 'koa'
import { TLSSocket } from 'tls'

const app = new Koa()

// the current Koa types use Socket from 'net' module 
// where 'getPeerCertificate' from 'tls' module.
interface IKoaContext extends Koa.Context {
  socket: TLSSocket
}

function middleware (ctx: IKoaContext, next: Koa.Next) {
  ctx.socket.getPeerCertificate()
}

// the 2nd solution: access from raw request inside the koa context or both.
import * as Koa from 'koa'
import { IncomingMessage } from 'http'
import { TLSSocket } from 'tls'

const app = new Koa()


interface RawRequest extends IncomingMessage {
  socket: TLSSocket
}

interface IKoaContext extends Koa.Context {
  socket: TLSSocket, // line 1
  req: RawRequest // line 2
}

function middleware (ctx: IKoaContext, next: Koa.Next) {
  ctx.socket.getPeerCertificate() // given from line 1
  ctx.req.socket.getPeerCertificate() // given from line 2
}

0reactions

miwnwskicommented, Feb 17, 2021

As a full working example was provided and this ticket has been stale for 20 days I’m going to close it. Please re-open if you feel you still need help or feedback.

Top Results From Across the Web

Client Certificate Authentication - text/plain

A client may choose not to send a certificate (either because no matching certificate is available, or because the user declined to supply...

Client Certificate CN Checking - F5 Cloud Docs

These iRules will check the presented client certificate for a valid CN, allowing or rejecting. For either example, if you will be examining...

How to verify if a Private Key Matches a Certificate? - IBM

If they are identical then the private key matches the certificate. Follow a example: C:\Program Files\OpenSSL\bin>openssl x509 -noout -modulus ...

Client SSL Certificate Validation - Avi Networks

A client's certificate must match the CA as the root of the chain. If the presented certificate has an intermediate chain, then each...

Verify the Integrity of an SSL/TLS certificate and Private Key Pair

Use OpenSSL to confirm Private Key's Integrity · Confirm the Modulus Value Matching with Private Key and SSL/TLS certificate Key Pair · Perform ......