-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
equivalent function to curl --verbose? #25383
Comments
I know that TLSSocket.getPeerCertificate() works well to get certificate, but how to get the handshake process? |
This issue tracker is for reporting bugs in node core and submitting feature requests for node core. General help questions should be posted to the nodejs/help issue tracker instead. Issues with third-party modules, npm, or other tools that use node, should be posted to the appropriate issue tracker for that project, unless it can be proven that the issue is in fact with node core and not the module/tool in question. |
@cailin-lai I have code locally to enable TLS trace output, but formalizing it into an API is a fair amount of work because there are many choices to be made, with lots of tradeoffs. There are two callbacks that give information about TLS progress (at different granularity). There are multiple ways to format the info from the callback, and one of the ways of formatting the info isn't even compiled by default -- Use wireshark to observe the handshake, or see if you can enable TLS tracing for the non-node side of the handshake. Also, |
@mscdex While this was formulated as a question, I think it implies a feature request. I don't know if its worth keeping open to track, though, our issue tracker could grow without bounds, and its surely not |
Thanks @sam-github. |
Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - nodejs#25383 - nodejs#17936 - postmanlabs/postman-app-support#5918 (comment)
Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - #25383 - #17936 - postmanlabs/postman-app-support#5918 (comment) PR-URL: #27376 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - #25383 - #17936 - postmanlabs/postman-app-support#5918 (comment) PR-URL: #27376 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Hi Team,
Is there equivalent function to curl --verbose? See following outputs, it will be good for trouble-shooting connection issue. Thanks!
curl --verbose -I https://github.com
Rebuilt URL to: https://github.com/
Trying 192.30.253.112...
TCP_NODELAY set
Connected to github.com (192.30.253.112) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@strength
successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: none
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use http/1.1
Server certificate:
subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
start date: May 8 00:00:00 2018 GMT
expire date: Jun 3 12:00:00 2020 GMT
issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
SSL certificate verify ok.
.....
The text was updated successfully, but these errors were encountered: