tls: new tls.TLSSocket() supports sec ctx options

Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: https://github.com/nodejs/node/issues/10538 PR-URL: https://github.com/nodejs/node/pull/11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
2017-01-16 19:36:42 -08:00 · 2017-01-16 19:36:42 -08:00 · 4e6efc1dec
commit 4e6efc1dec
parent bd947def9b
3 changed files with 18 additions and 3 deletions
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@ -483,7 +483,12 @@ added: v0.11.4
    will be emitted on the socket before establishing a secure communication
  * `secureContext`: Optional TLS context object created with
    [`tls.createSecureContext()`][]. If a `secureContext` is _not_ provided, one
-    will be created by calling [`tls.createSecureContext()`][] with no options.
+    will be created by passing the entire `options` object to
+    `tls.createSecureContext()`. *Note*: In effect, all
+    [`tls.createSecureContext()`][] options can be provided, but they will be
+    _completely ignored_ unless the `secureContext` option is missing.
+  * ...: Optional [`tls.createSecureContext()`][] options can be provided, see
+    the `secureContext` option for more information.

 Construct a new `tls.TLSSocket` object from an existing TCP socket.

--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@ -344,7 +344,7 @@ TLSSocket.prototype._wrapHandle = function(wrap) {
  // Wrap socket's handle
  var context = options.secureContext ||
                options.credentials ||
-                tls.createSecureContext();
+                tls.createSecureContext(options);
  res = tls_wrap.wrap(handle._externalStream,
                      context.context,
                      !!options.isServer);
--- a/test/parallel/test-tls-socket-default-options.js
+++ b/test/parallel/test-tls-socket-default-options.js
@ -1,7 +1,7 @@
 'use strict';
 const common = require('../common');

-// Test a directly created TLS socket supports no options, and empty options.
+// Test directly created TLS sockets and options.

 const assert = require('assert');
 const join = require('path').join;
@ -26,6 +26,16 @@ test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => {
  assert.ifError(err);
 });

+test({ca: keys.agent1.ca}, (err) => {
+  assert.ifError(err);
+});
+
+// Secure context options, like ca, are ignored if a sec ctx is explicitly
+// provided.
+test({secureContext: tls.createSecureContext(), ca: keys.agent1.ca}, (err) => {
+  assert.strictEqual(err.message, 'unable to verify the first certificate');
+});
+
 function test(client, callback) {
  callback = common.mustCall(callback);
  connect({