tls: export TLSSocket

doc/api/tls.markdown

@@ -329,6 +329,34 @@ Or
       server.close();
     });
 
+## Class: tls.TLSSocket
+
+Wrapper for instance of [net.Socket][], replaces internal socket read/write
+routines to perform transparent encryption/decryption of incoming/outgoing data.
+
+## new tls.TLSSocket(socket, options)
+
+Construct a new TLSSocket object from existing TCP socket.
+
+`socket` is an instance of [net.Socket][]
+
+`options` is an object that might contain following properties:
+
+  - `credentials`: An optional credentials object from
+     `crypto.createCredentials( ... )`
+
+  - `isServer`: If true - TLS socket will be instantiated in server-mode
+
+  - `server`: An optional [net.Server][] instance
+
+  - `requestCert`: Optional, see [tls.createSecurePair][]
+
+  - `rejectUnauthorized`: Optional, see [tls.createSecurePair][]
+
+  - `NPNProtocols`: Optional, see [tls.createServer][]
+
+  - `SNICallback`: Optional, see [tls.createServer][]
+
 ## tls.createSecurePair([credentials], [isServer], [requestCert], [rejectUnauthorized])
 
     Stability: 0 - Deprecated. Use tls.TLSSocket instead.
@@ -572,7 +600,11 @@ The numeric representation of the local port.
 
 [OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
 [BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+[tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener
+[tls.createSecurePair]: #tls_tls_createsecurepair_credentials_isserver_requestcert_rejectunauthorized
 [tls.TLSSocket]: #tls_class_tls_tlssocket
+[net.Server]: net.html#net_class_net_server
+[net.Socket]: net.html#net_class_net_socket
 [net.Server.address()]: net.html#net_server_address
 ['secureConnect']: #tls_event_secureconnect
 [secureConnection]: #tls_event_secureconnection

lib/_tls_wrap.js

@@ -63,6 +63,7 @@ function onclienthello(hello) {
   }
 
   if (hello.sessionId.length <= 0 ||
+      this.server &&
       !this.server.emit('resumeSession', hello.sessionId, callback)) {
     callback(null, null);
   }
@@ -70,6 +71,7 @@ function onclienthello(hello) {
 
 
 function onnewsession(key, session) {
+  if (this.server)
     this.server.emit('newSession', key, session);
 }
 
@@ -103,6 +105,7 @@ function TLSSocket(socket, options) {
     this._init();
 }
 util.inherits(TLSSocket, net.Socket);
+exports.TLSSocket = TLSSocket;
 
 TLSSocket.prototype._init = function() {
   assert(this._handle);
@@ -137,8 +140,9 @@ TLSSocket.prototype._init = function() {
     this.ssl.lastHandshakeTime = 0;
     this.ssl.handshakes = 0;
 
-    if (this.server.listeners('resumeSession').length > 0 ||
+    if (this.server &&
-        this.server.listeners('newSession').length > 0) {
+        (this.server.listeners('resumeSession').length > 0 ||
+         this.server.listeners('newSession').length > 0)) {
       this.ssl.enableSessionCallbacks();
     }
   } else {
@@ -164,7 +168,9 @@ TLSSocket.prototype._init = function() {
 
   if (process.features.tls_sni &&
       options.isServer &&
-      options.SNICallback && options.server._contexts.length) {
+      options.server &&
+      options.SNICallback &&
+      options.server._contexts.length) {
     this.ssl.onsniselect = options.SNICallback;
   }
 

lib/tls.js

@@ -207,6 +207,7 @@ exports.parseCertString = function parseCertString(s) {
 };
 
 // Public API
+exports.TLSSocket = require('_tls_wrap').TLSSocket;
 exports.Server = require('_tls_wrap').Server;
 exports.createServer = require('_tls_wrap').createServer;
 exports.connect = require('_tls_wrap').connect;