- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Wed, 31 Aug 2011 01:00:17 +0200
- To: Thomas Fritz <fritztho@gmail.com>
- Cc: WebID List <public-xg-webid@w3.org>
On 30 August 2011 21:29, Thomas Fritz <fritztho@gmail.com> wrote:
> Hello!
>
> For anyones interest, i just began to play with node and wanted to try
> to create a simple webid demo with it. At the moment i have a simple
> https server, it requests a client certificate and i can
> (theoretically) read the client certificate. But it seems there is an
> issue in nodes SSL/TLS implementation because i just get the "subject"
> property from the certificate.
> The server code:
> var https = require("https");
> var fs = require("fs");
>
> var options = {
> key: fs.readFileSync('keys/agent-key.pem'),
> cert: fs.readFileSync('keys/agent-cert.pem'),
> requestCert:true
> };
>
> https.createServer(options, function(req, res) {
> console.log(req.connection.getPeerCertificate());
> res.writeHead(200);
> res.end("Hello WebID\n");
> }).listen(8000);
>
>
>
> I generated a certificate here: https://webid.fcns.eu/certgen.php
> When i export it and call from the shell: openssl x509 -in Cert.pem -text
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> f5:8a:b2:d1:76:06:13:d7
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=FR, ST=Essonne, O=webid.fcns.eu,
> CN=webid.fcns.eu/emailAddress=webid@fcns.eu
> Validity
> Not Before: Aug 30 18:21:02 2011 GMT
> Not After : Aug 29 18:21:02 2012 GMT
> Subject: C=Austria, O=Test Org, OU=Test Unit, CN=Thomas Fritz
> 2/emailAddress=fritztho@gmail.com
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit)
> Modulus (2048 bit):
> 00:bc:ea:02:e3:4a:1e:c4:f2:a2:c9:db:6b:51:02:
> 84:22:ce:61:53:0e:9f:ce:bd:bc:2f:17:60:c5:e0:
> 4b:c4:65:57:f1:a3:9c:7d:b9:60:69:65:71:ee:1d:
> 40:eb:7f:3d:2c:2a:ff:27:f0:9e:c4:dd:7b:03:b2:
> 52:a2:e2:e5:1b:62:27:f1:07:9b:85:e5:51:79:2a:
> 71:63:f8:fa:1b:46:70:64:10:0c:90:33:75:3b:a7:
> 61:ea:2a:83:03:cb:94:38:f6:45:25:0f:bb:a4:1c:
> 92:04:53:80:b8:d2:c6:76:7c:43:cf:c7:c5:4d:8c:
> ba:50:9e:44:7e:fe:d1:0f:3b:78:4d:eb:6f:01:e9:
> af:a5:fb:ed:49:35:55:07:b4:10:4a:a4:a0:1f:c9:
> 0e:8b:7d:6a:f0:7e:7e:04:64:10:3d:4c:31:e3:88:
> 5b:38:bc:03:e4:a1:09:ec:3e:e5:0d:ba:9d:6a:fa:
> 9b:22:a0:b1:1b:2b:69:5a:e1:51:7c:73:96:a9:13:
> 18:9c:b8:9d:24:7d:d9:28:34:52:f5:67:3f:35:98:
> 76:f2:43:da:d3:9a:82:a4:21:7b:56:cd:26:ae:59:
> 48:14:44:ac:b5:0d:86:cf:86:90:89:31:65:b6:10:
> 5d:a2:0d:4f:90:29:35:a3:bb:41:f9:76:65:16:d3:
> b0:97
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Comment:
> OpenSSL Generated Certificate
> X509v3 Subject Key Identifier:
> 56:81:A8:D8:D7:2E:91:E3:2A:F4:BA:B9:F8:07:1D:6C:C5:24:49:3A
> X509v3 Authority Key Identifier:
>
> keyid:2B:DF:EF:BF:79:13:73:CB:E4:D4:35:A5:0B:EC:18:2C:63:E4:D2:F0
>
> X509v3 Subject Alternative Name:
> email:fritztho@gmail.com, URI:http://fritzthomas.com/profile#me
> Signature Algorithm: sha1WithRSAEncryption
> 8d:d9:06:54:1a:13:27:91:33:1d:a9:a0:33:b9:16:96:69:3a:
> ae:18:39:08:e2:ad:c5:dc:45:0e:b9:21:21:4b:0b:28:08:e8:
> d8:8a:3d:82:c1:cd:c2:5d:35:7e:79:d7:ad:04:c4:74:4f:7c:
> aa:65:49:27:c2:1f:21:a8:37:c0:1b:35:f4:eb:d6:f2:4b:40:
> 1b:4a:8b:97:8f:d9:a2:ef:cf:82:ea:7b:1d:6f:95:e2:5e:7b:
> 49:f9:a9:41:f7:a0:b9:b6:c1:90:c3:f1:d3:7e:2c:2d:d3:ec:
> e3:ee:c5:7d:7d:0d:73:a7:f0:f7:d7:20:a9:61:a1:0e:e2:88:
> 9f:cb
> -----BEGIN CERTIFICATE-----
> MIIDozCCAwygAwIBAgIJAPWKstF2BhPXMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
> BAYTAkZSMRAwDgYDVQQIEwdFc3Nvbm5lMRYwFAYDVQQKEw13ZWJpZC5mY25zLmV1
> MRYwFAYDVQQDEw13ZWJpZC5mY25zLmV1MRwwGgYJKoZIhvcNAQkBFg13ZWJpZEBm
> Y25zLmV1MB4XDTExMDgzMDE4MjEwMloXDTEyMDgyOTE4MjEwMlowdTEQMA4GA1UE
> BhMHQXVzdHJpYTERMA8GA1UEChMIVGVzdCBPcmcxEjAQBgNVBAsTCVRlc3QgVW5p
> dDEXMBUGA1UEAxMOVGhvbWFzIEZyaXR6IDIxITAfBgkqhkiG9w0BCQEWEmZyaXR6
> dGhvQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzq
> AuNKHsTyosnba1EChCLOYVMOn869vC8XYMXgS8RlV/GjnH25YGllce4dQOt/PSwq
> /yfwnsTdewOyUqLi5RtiJ/EHm4XlUXkqcWP4+htGcGQQDJAzdTunYeoqgwPLlDj2
> RSUPu6QckgRTgLjSxnZ8Q8/HxU2MulCeRH7+0Q87eE3rbwHpr6X77Uk1VQe0EEqk
> oB/JDot9avB+fgRkED1MMeOIWzi8A+ShCew+5Q26nWr6myKgsRsraVrhUXxzlqkT
> GJy4nSR92Sg0UvVnPzWYdvJD2tOagqQhe1bNJq5ZSBRErLUNhs+GkIkxZbYQXaIN
> T5ApNaO7Qfl2ZRbTsJcCAwEAAaOBvjCBuzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
> DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUVoGo
> 2NcukeMq9Lq5+AcdbMUkSTowHwYDVR0jBBgwFoAUK9/vv3kTc8vk1DWlC+wYLGPk
> 0vAwQAYDVR0RBDkwN4ESZnJpdHp0aG9AZ21haWwuY29thiFodHRwOi8vZnJpdHp0
> aG9tYXMuY29tL3Byb2ZpbGUjbWUwDQYJKoZIhvcNAQEFBQADgYEAjdkGVBoTJ5Ez
> HamgM7kWlmk6rhg5COKtxdxFDrkhIUsLKAjo2Io9gsHNwl01fnnXrQTEdE98qmVJ
> J8IfIag3wBs19OvW8ktAG0qLl4/Zou/Pgup7HW+V4l57SfmpQfegubbBkMPx034s
> LdPs4+7FfX0Nc6fw99cgqWGhDuKIn8s=
> -----END CERTIFICATE-----
>
>
> That should be correct right? I am asking because there is an issue on
> github for node https://github.com/joyent/node/issues/1568 . In this
> example the subjectAltName gets saved in the certificate in an other
> way than i got from https://webid.fcns.eu/certgen.php
>
>
> The debug output from my tiny node https server when i connect and
> select this certificate:
> { subject:
> { C: 'Austria',
> O: 'Test Org',
> OU: 'Test Unit',
> CN: 'Thomas Fritz 2',
> emailAddress: 'fritztho@gmail.com' },
> issuer:
> { C: 'FR',
> ST: 'Essonne',
> O: 'webid.fcns.eu',
> CN: 'webid.fcns.eu',
> emailAddress: 'webid@fcns.eu' },
> valid_from: 'Aug 30 18:21:02 2011 GMT',
> valid_to: 'Aug 29 18:21:02 2012 GMT',
> fingerprint: '9C:74:C6:AA:95:41:FC:C2:6A:76:61:D7:2C:45:F9:28:8B:0B:69:F6' }
>
> Any ideas
Maybe helpful?
http://groups.google.com/group/nodejs/browse_thread/thread/1d42da4cb2e51536
>
> ---
> Thomas FRITZ
> web http://fritzthomas.com
> twitter http://twitter.com/thomasf
>
>
>
> 2011/8/29 Thomas Fritz <fritztho@gmail.com>:
>> Hi
>>
>> Are there any known implementations for the WebID stack for node.js?
>>
>> Kind regards
>>
>>
>>
>> ---
>> Thomas FRITZ
>> web http://fritzthomas.com
>> twitter http://twitter.com/thomasf
>>
>
>
>
Received on Tuesday, 30 August 2011 23:00:55 UTC