HTTP Proxy( Node.js) Not Performing Proper SSL Verification

Question

I need to create a proxy server that is able to handle SSL certificate verification. I have been working with Node.js 's http-proxy library to handle ssl verification. My problem is that the proxy server does not do anything in regards to verifying if the client has the proper credentials.

I have a proxy server and I pass the server options that have the ssl certRequire = true and rejectUnauthroized = true. However, the client is able to connect to the server with no cert/key and I am not sure why.

Here is my code:

 var options = {
        ssl: {
        key:   fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-key.pem'),
        cert: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-crt.pem'),
        requestCert: true,
        rejectUnauthorized: true
    }   
};

var proxy = new httpProxy.createProxyServer(options);



http.createServer(function (req, res) {
  setTimeout(function () {
    proxy.web(req, res, {
        target: {
        host: 'localhost',
        port: 9002
        }
});
  }, 200);
}).listen(8002);

//Server
http.createServer(function (request, response) {

//Handles the response
response.writeHead(200, {'Content-Type': 'text/plain'});
response.write('request successfully proxied to server');
response.end();


response.on('data', function(data){
    console.log(data);
});

response.on('end', function(){
    console.log("end");
});

response.on('error', function(err){
    console.log(err);
});
}).listen(9002);

Please let me know if you need any clarification!

*****UPDATE*****

Here is my code after I remove the ssl object.

var options = {
        key: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-key.pem'),
        cert: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-crt.pem'),
        requestCert: true,
        rejectUnauthorized: false

};

Even with this, I am still able to connect to the proxy without a certificate.

score 1 · Accepted Answer · answered Nov 23 '15 at 23:16

1

 var options = {
        ssl: {
        key:   fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-key.pem'),
        cert: fs.readFileSync('/Users/grantherman/Desktop/ssl_certificates/client1-crt.pem'),
        requestCert: true,
        rejectUnauthorized: true
    }   
};

The problem is your nesting -- these options don't exist inside the ssl object, they are top-level items in options. Take out the interior ssl section and move those options to the top level.

answered Nov 23 '15 at 23:16

Joe

41,484
20
104
125

So even once I remove the ssl and have everything by them selves, the proxy is still does not handle the proxy. I done a curl and I have used my browser and I am still able to connect to the proxy without certificate. I will update my post with the new code. – Grant Herman Nov 24 '15 at 14:14
you're creating a http server. you need the `https` module instead (and call `https.createServer`) – Joe Nov 24 '15 at 14:48
So that worked! Why is that the case? Why does the proxy settings only work for a https server instead of a http server? – Grant Herman Nov 24 '15 at 14:57
It's not that it's a proxy problem, but SSL client certs only work with SSL. – Joe Nov 24 '15 at 16:39

HTTP Proxy( Node.js) Not Performing Proper SSL Verification

1 Answers1