socket.client.request.client.getPeerCertificate() always returns null.
See original GitHub issueIf client certificates are enabled on the server there is no way to get to the underlying clientCertificate as socket.client.request.client.getPeerCertificate() always returns null.
This happens even if the the client certificate is valid and authorized.
socket.client.request.client.authorized = true
I belive this is the result of a change in node tls functionality.
https://github.com/nodejs/node/commit/eff8c3e02417652b78436eaa10d049e8c60e5275
`
var httpsOptions = { key: fs.readFileSync(path.join(__dirname, ‘serverkey.pem’)), cert: fs.readFileSync(path.join(__dirname, ‘servercert.pem’)), requestCert: true, rejectUnauthorized:false }; https_srv = https.createServer(httpsOptions, app).listen(objOptions.httpsport, function () { //console.log('Express server listening on port ’ + port); writeToLog(“info”,'Express server listening on https port ’ + objOptions.httpsport); }); io.attach(https_srv);
io.on(‘connection’, function (socket) { let cert = socket.client.request.client.getPeerCertificate(); if (cert) { console.log(cert.subject.CN); }else{ console.log(“cert is null”); } } `
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (2 by maintainers)
Top GitHub Comments
did this PR make it into the latest version I upgraded to latest 2 months ago and it wasn’t there, I did create an example as well using openssl and a way to create client certs with CA so more complicated in code example wise but shows how you can use client Auth but got pulled off on another project so never got to testing it like I wanted. I will try to work on it when I get home next week. https://github.com/Andrewiski/socket.io-chat-client-certificate this is not yet complete .
This https://github.com/Andrewiski/socket.io is my version of latest Sockte.IO with getPeerCertificate fix, but I had to namespace it as with Type Script I have to do a build to “compile/convert” Typescript to Javascript which then must be deployed to npm so not as simple as it was with straight JavaScript.
Anyways the fix is the same.
if ( conn && conn.request && conn.request.client && conn.request.client.getPeerCertificate ) { this.peerCertificate = conn.request.client.getPeerCertificate(); } else { this.peerCertificate = null; }
Please try this simple example
toggle between my library and current socket.io in server.js
Note how using my pull request @Andrewiski/socket.io you can determine who is connected via socket by using the client cert.
Note how using your example (https://socket.io/docs/v4/server-initialization/#with-an-https-server) does not work as no client certificate can be used as it is always null.