Closed
Description
I have created an HTTPS server with socket.io and a client with socket.io-client.
Problem is that apparently socket.io-client does not check validity of HTTPS connection by the given CA in it's option.
For clarification here's a sample code: In simple https request if I do not provide CA in client I get Error: unable to verify the first certificate, but with socket.io-client connection establishes, which is totally not what I want.
//Client
var https = require('https'),
socketClient = require('socket.io-client'),
fs = require('fs');
var options = {
// IT'S EXPECTED THAT I DON'T PROVIED CA, HTTPS CONNECTION FAILS
//ca: fs.readFileSync('cert/ca.crt'),
agent: false
};
var socket = socketClient('https://localhost', options);
socket.on('connect', function() {
console.log('Connected to hub');
socket.emit('msg', function(resp){
console.log('Response: ' + resp);
});
});
And server :
// Server
var https = require('https'),
socketIo = require('socket.io'),
fs = require('fs');
var options = {
// CERTIFICATE HAS BEEN SIGNED WITH CA
cert: fs.readFileSync('cert/signed.crt'),
key: fs.readFileSync('cert/signed.key'),
rejectUnauthorized: false
};
var app = https.createServer(options, function(req, res) {
res.end('Hi');
});
var io = socketIo(app);
io.on('connection', function(socket) {
console.log('Connected !');
socket.on('msg', function(cb) {
console.log('Msg recved');
cb('Client got it');
});
});
app.listen(443, function() {
console.log('Server Started ...');
});
Metadata
Metadata
Assignees
Labels
No labels