Code Monkey home page Code Monkey logo

node-easy-cert's People

Contributors

codingfishman avatar dickeylth avatar ottomao avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

haigecao gitby15 bojoyzhou jiangtao enducode netdreamwing argctl zhoulinxiang fengliu222 puppeteer701vungle aminoo540 miracledan silentcloud tronsbibubibu zhousufa hsuehic lingmax dickeylth iguzhi bryntum wulv damoncoo joyexpr

node-easy-cert's Issues

Inconsistency on creation of certificate

On first creation of the certificate the keys are strings, on re-use the keys are a buffer.

In practise it will not matter much, it's just inconsistent :-)

crtMgr.getCertificate('localhost', (error, keyContent, crtContent) => {
  if (error === 'ROOT_CA_NOT_EXISTS') {
    // handle the issue
  }

  console.log(keyContent, crtContent)
})
$ ts-node certer.ts 
/home/rhalff/.config/chix
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCmrfIWZXow8em5esVNXz9X2vUVDvAAPURqoVRl56Ozg355aHLI
/HIt6DfSmzurpZwBdocIFCrY6B+AQLCjdWAbzw1BSA+VZPK+bdErxzAN7KtAw4t2
JAmqc4eZMnz9ynvCPjEsyIo6eoRp9ElH/xP55hU69eGRtQu8bPfPEiOyzwIDAQAB
AoGANMsnwLxHpbUaCKvATq96isNJmW/vyMOfJf8Pkm96RGPD7YSNxude6veApu6Q
Sd/cuAHo50AsCiQLxj23NS76T5G7T7MLjAeKObSVdj+7mJGObqgQh3v+j0s2NeVA
0joWfQHQYtSRYgc6o04eCTvUtvVHmMJwbIz7r6/w2dha3rECQQDP8iDnMrnihtcK
2ant/4Yiayox91xn8HbJJW+wRNjIiYxVcFDP2WH5RFeefc18sZeZa4aWV8XJbYPh
JqFGnpMFAkEAzTKKby2GJ41Cr+hm3+aBqKsuiX+Vq76weWeM141R4xTHFbNopmFk
TLSIt/69pkwmomq73vf9CTzu4Db5igy+wwJAUnsc9/eT6blIVMJvd7qR7tcI/pa6
LXQg+boCqi00u55rbnxFYZw9E007X99QgXRDyJPw53NbPYFV/RmAgO1nLQJAK8y+
+e5ItYaUloHP+7jzMjKf81+Vbhx9BN0SliwnL4aO3FX4X5NoWmsqx8OLbcTRdle8
FGLw0xj7kEaLy2jfCwJBAJLIY5IjyFrhTLYyMpybpW92bpnTsjybxqeQo5TylX9x
D8LJyDiGDbrdQ6U0FsaWd4ZUbQDh+owF3MvrTtOP0nI=
-----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIQQhqpDgefoya2SU+BKtE+eTANBgkqhkiG9w0BAQsFADBp
MQswCQYDVQQGEwJDTjEYMBYGA1UEChMPQ2hpeENlcnRNYW5hZ2VyMQswCQYDVQQI
EwJTSDEcMBoGA1UECxMTQ2hpeENlcnRNYW5hZ2VyIFNTTDEVMBMGA1UEAxMMY2hp
eC1ydW50aW1lMB4XDTA4MDgwOTExNDYxNFoXDTI4MDgwOTExNDYxNFowZjELMAkG
A1UEBhMCQ04xGDAWBgNVBAoTD0NoaXhDZXJ0TWFuYWdlcjELMAkGA1UECBMCU0gx
HDAaBgNVBAsTE0NoaXhDZXJ0TWFuYWdlciBTU0wxEjAQBgNVBAMTCWxvY2FsaG9z
dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApq3yFmV6MPHpuXrFTV8/V9r1
FQ7wAD1EaqFUZeejs4N+eWhyyPxyLeg30ps7q6WcAXaHCBQq2OgfgECwo3VgG88N
QUgPlWTyvm3RK8cwDeyrQMOLdiQJqnOHmTJ8/cp7wj4xLMiKOnqEafRJR/8T+eYV
OvXhkbULvGz3zxIjss8CAwEAAaMjMCEwCQYDVR0TBAIwADAUBgNVHREEDTALggls
b2NhbGhvc3QwDQYJKoZIhvcNAQELBQADgYEAAWQNzIFK814E8aR17wQj9KMgTwgQ
xtRoXm/ERE0b1Kw02nJC8o0N4X9Ipu1z6oB1ULi0ZoefsX40EtMfb+L/JjIvvm8q
xVceeMU1ruwGuXxJBBPXElqd9zqbzfchqIjTSVPi/omoMc4JEXyjZGue4RM5ouUx
32O5UpzcXzeFJWw=
-----END CERTIFICATE-----

rhalff@rhalff-GL552VW:/srv/data/git/chix/chix/packages/chix-runtime$ ts-node certer.ts 
/home/rhalff/.config/chix
<Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0d 0a 4d 49 49 43 58 41 49 42 41 41 4b 42 67 51 43 6d 72 ... > <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0d 0a 4d 49 49 43 64 7a 43 43 41 65 43 67 41 77 49 42 41 67 49 51 51 ... >
rhalff@rhalff-GL552VW:/srv/data/git/chix/chix/packages/chix-runtime$ ts-node certer.ts 
/home/rhalff/.config/chix
<Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0d 0a 4d 49 49 43 58 41 49 42 41 41 4b 42 67 51 43 6d 72 ... > <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0d 0a 4d 49 49 43 64 7a 43 43 41 65 43 67 41 77 49 42 41 67 49 51 51 ... >

Security vulnerability

Hi,

npm audit reports, your package depends on node-forge which had a security vulnerability prior version 0.10.0. Currently the required version of "node-forge" is "^0.6.42"

Can you please bump the node-forge version to 0.10.0 or higher and release a new version?

Thanks and regards, Nickolay

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution in node-forge                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ node-forge                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 0.10.0                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-easy-cert                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-easy-cert > node-forge                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1561                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

MAC Chrome 56.0.2924.87 (64-bit) 下 证书验证失败

Line 44~47, 84 ~87 证书的扩展为何要注释掉?

背景:在使用Anyproxy的时候浏览器中CA证书验证出错。最终定位问题到该模块
解决:参考node-forge 生成x.509证书的代码,发现扩展是要设置的。去掉注释后浏览器HTTPS请求成功通过CA认证。

请问这里为何要注释掉这几行扩展?虽然去掉就能成功通过验证,但还是不大清楚其具体作用。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.