Different certificate being presented to node.js v

2019-07-24 11:21发布

When I access https://gmail.com in the browser I'm sent a 301 redirect to https://mail.google.com. When I try to do the same thing using node.js I get a "Hostname/IP doesn't match certificate's altnames" error.

This makes sense since the certificate offered by gmail.com to node.js doesn't include "gmail.com" as ther common name nor as an alt-name. This is the certificate being presented by gmail.com...

{ subject: 
   { C: 'US',
     ST: 'California',
     L: 'Mountain View',
     O: 'Google Inc',
     CN: 'mail.google.com' },
  issuer: { C: 'US', O: 'Google Inc', CN: 'Google Internet Authority G2' },
  subjectaltname: 'DNS:mail.google.com',
  exponent: '10001',
  valid_from: 'Feb 25 15:21:00 2014 GMT',
  valid_to: 'May 26 00:00:00 2014 GMT'}

When I check the certificate that should be presented by the server I see http://www.sslshopper.com/ssl-checker.html#hostname=gmail.com which DOES include the gmail.com extension. I assume this is what the browser is recieving.

Why is node being sent a different certificate to the browser? Could this have anything to do with CNAMEs and DNS?

标签： node.js ssl https

1条回答

你好瞎i

2楼-- · 2019-07-24 11:56

This could be because your browser supports Server Name Indication (SNI) and Node.js (or rather, the client module you're using) does not. Since certificate negotiation happens before HTTP can begin, SNI is needed in order to serve more than one hostname from a single IP address.

0人赞添加讨论(0) 举报

Different certificate being presented to node.js v

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间