uWebSockets copied to clipboard
get ceryficate some info like hash or name
- can't find the way to use "Cloudflare Origin Certificate"
- use then blocking IP list provided by Cloudflare that ignore many Asian exit countrys Siggapur,Thailand,Laos,Vietnam i.e missing from cloudflare.com/ips/
- try to contact this m-o-r-o-n-s from Cloudflare like year ago but they don't provide basic support as is too expensive
What is my problem:
- need somehow hide my server identify by verify hash of cloudflare certyficate or some basic details about cert
// example nanoexpress use: uWebSockets.js
app.get('/24325325141', async (req, res) => {
// this is a dummy - users from google please ignore
res.end( req.cert.CommonName == 'sni.cloudflaressl.com' );
You want SNI?
right now just checking if 'cf-connecting-ip' header exist but need something "real" that can't be spoofed
cloudflare issue a Edge Certificates and in my opinion best way to (without bottleneck) "verify" certificate is to compare "thumbprint" or "SerialNumber"
Can you author a coherent message with a clear description of what why how you want here? Are you reporting a bug?
Need verify "client certificate" ( Cloudflare Origin Certificate, edge certyficate ) when its connecting to my nanoexpress that use uWebSockets.js
example varible like: req.clientcert.thumbprint or req.clientcert.SerialNumber
if ( req.clientcert.SerialNumber != 3938729374e719838' ) { res.end( 'not a Cloudflare user' ); }
somthing like in nginx ssl_client_certificate /etc/nginx/cloudflare.crt;
whatever just add in cludflare header to verify in: "HTTP Request Header Modification" and checking value if exist by my secret key
If you use node 15.6.0 or later with uWebSockets.js you could get the identifier of a certificate using this code.
const crypto = require('crypto');
const getCertIdentifier = (cert, unique = true) => {
try {
const x509 = new crypto.X509Certificate(Buffer.from(cert));
return unique ? x509.fingerprint256 : x509.serialNumber;
} catch {
return null;
const identifier = getCertIdentifier('<cert in pem format>');