Open wildabeast opened 9 years ago
Phew, it's been over 18 months since I actually did any real coding on this - i'll have to give it a once over to see what changes would be needed.
Just to clarify you want your private client to be able to establish a connection to the public server without having to authenticate? It seems a little insecure but might be quite simple to do :)
I'm not sure this relates to the HTTPS thing in the roadmap which is more about just streamlining the process of establishing a connection and would still have involved authentication
It may be as simple as making the following requestCert
and rejectUnauthorized
settings optional in src/Server/Server.js
var secureServer = tls.createServer({
key: options.key,
cert: options.cert,
requestCert: true,
rejectUnauthorized: true,
ca: options.ca
});
Similarly in src/Client/Client.js
there is a check to authenticate that the server is the real server which requires the clients to know the server's certs in advance. Look for the rejectUnauthorized
settings in there.
Oh there's also the tunnel created in src/Server/Switchboard.js
var server = new Server({
key: options.key,
cert: options.cert,
ca: options.ca,
requireCert: true,
rejectUnauthorized: true
});
Just so you know if this disappears down a rabbit hole into single-tls-tunnel
then I also maintain that library
Just rereading - i missed the bit about simple HTTP authentication - now I see why you want to switch to the HTTPS method. That will be more work indeed but the bit you're wanting to replace is that secureServer
instance from src/Server/Server.js
@pghalliday thanks! sorry for not responding sooner, I posted this right before disconnecting for a couple of weeks. i'm hopin to start playing with this over the next few weeks -- so thanks for the starting points!
Thanks for the awesome lib!
In my use case, I'd like to remove the use of certificate verification, and add some simple HTTP authentication to initiate the tunnel. I see that you have something similar in your roadmap:
I'd be happy to work on this and contribute back, but am looking for some help with a starting point, where this would happen, etc.