Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trouble using pkcs12 with https server #406

Open
dondod opened this issue Oct 25, 2024 · 3 comments
Open

Trouble using pkcs12 with https server #406

dondod opened this issue Oct 25, 2024 · 3 comments

Comments

@dondod
Copy link

dondod commented Oct 25, 2024

Hi, I'm currently trying to upgrade an application from node 10.x to node 22.10.0 and the following now fails for me (when it worked in node 10).

const https = require('https')
const pem = require('pem')
const passphrase = 'topsecret';

pem.createPrivateKey((err, privateKey) => {
    if (err) {
        throw err;
    }

    pem.createCertificate({days: 1, selfSigned: true, clientKey: privateKey.key}, (err, keys) => {
        if (err) {
            throw err;
        }

        pem.createPkcs12(keys.clientKey, keys.certificate, passphrase, (err, pkcs12) => {
            if (err) {
                throw err;
            }

            https.createServer({pfx: pkcs12.pkcs12, passphrase: passphrase}, (req, res) => {
                res.end('foo');
            }).listen(443);
        });
    });
});

The error is thrown at https.createServer. Error message:

Error: Unsupported PKCS12 PFX data
    at configSecureContext (node:internal/tls/secure-context:290:15)
    at Object.createSecureContext (node:_tls_common:114:3)
    at Server.setSecureContext (node:_tls_wrap:1490:27)
    at Server (node:_tls_wrap:1354:8)
    at new Server (node:https:80:3)
    at Object.createServer (node:https:135:10)

Any ideas?

@dondod
Copy link
Author

dondod commented Oct 25, 2024

I just tested in some other versions of nodejs as well. It works in node 16 but fails in 17.

@dondod
Copy link
Author

dondod commented Oct 25, 2024

I guess it works if I pass in --openssl-legacy-provider, due to node using openssl 3 instead of 1. But I don't quite get how to make this work in the code above. I tried passing in options with cipher, but still not working.

@dondod
Copy link
Author

dondod commented Dec 5, 2024

This could be fixed if the -certpbe param could be added to the options passed to the createPkcs12 method.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant