Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Start tunnel using HTTPS authentication request #3

Open
wildabeast opened this issue Aug 14, 2014 · 6 comments
Open

Start tunnel using HTTPS authentication request #3

wildabeast opened this issue Aug 14, 2014 · 6 comments

Comments

@wildabeast
Copy link

Thanks for the awesome lib!

In my use case, I'd like to remove the use of certificate verification, and add some simple HTTP authentication to initiate the tunnel. I see that you have something similar in your roadmap:

Client should make a simple HTTPS request to the control port to start a new tunnel and not hold a TLS connection open

I'd be happy to work on this and contribute back, but am looking for some help with a starting point, where this would happen, etc.
@pghalliday
Copy link
Owner

Phew, it's been over 18 months since I actually did any real coding on this - i'll have to give it a once over to see what changes would be needed.

Just to clarify you want your private client to be able to establish a connection to the public server without having to authenticate? It seems a little insecure but might be quite simple to do :)

I'm not sure this relates to the HTTPS thing in the roadmap which is more about just streamlining the process of establishing a connection and would still have involved authentication

@pghalliday
Copy link
Owner

It may be as simple as making the following requestCert and rejectUnauthorized settings optional in src/Server/Server.js

    var secureServer = tls.createServer({
        key: options.key,
        cert: options.cert,
        requestCert: true,
        rejectUnauthorized: true,
        ca: options.ca
    });

Similarly in src/Client/Client.js there is a check to authenticate that the server is the real server which requires the clients to know the server's certs in advance. Look for the rejectUnauthorized settings in there.

@pghalliday
Copy link
Owner

Oh there's also the tunnel created in src/Server/Switchboard.js

        var server = new Server({
          key: options.key,
          cert: options.cert,
          ca: options.ca, 
          requireCert: true,
          rejectUnauthorized: true  
        });

@pghalliday
Copy link
Owner

Just so you know if this disappears down a rabbit hole into single-tls-tunnel then I also maintain that library

@pghalliday
Copy link
Owner

Just rereading - i missed the bit about simple HTTP authentication - now I see why you want to switch to the HTTPS method. That will be more work indeed but the bit you're wanting to replace is that secureServer instance from src/Server/Server.js

@wildabeast
Copy link
Author

@pghalliday thanks! sorry for not responding sooner, I posted this right before disconnecting for a couple of weeks. i'm hopin to start playing with this over the next few weeks -- so thanks for the starting points!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wildabeast @pghalliday