Add HTTP client TLS support
This commit is contained in:
parent
a9ea21feb4
commit
5b1a535cd8
25
lib/http.js
25
lib/http.js
@ -505,6 +505,7 @@ function connectionListener (connection) {
|
||||
|
||||
exports.createClient = function (port, host) {
|
||||
var client = new process.http.Client();
|
||||
var secure_credentials={ secure : false };
|
||||
|
||||
var requests = [];
|
||||
|
||||
@ -513,6 +514,13 @@ exports.createClient = function (port, host) {
|
||||
if (client.readyState == "closed") {
|
||||
//sys.debug("HTTP CLIENT request flush. reconnect. readyState = " + client.readyState);
|
||||
client.connect(port, host); // reconnect
|
||||
if (secure_credentials.secure) {
|
||||
client.tcpSetSecure(secure_credentials.format_type,
|
||||
secure_credentials.ca_certs,
|
||||
secure_credentials.crl_list,
|
||||
secure_credentials.private_key,
|
||||
secure_credentials.certificate);
|
||||
}
|
||||
return;
|
||||
}
|
||||
//sys.debug("client flush readyState = " + client.readyState);
|
||||
@ -521,6 +529,16 @@ exports.createClient = function (port, host) {
|
||||
requests.push(req);
|
||||
};
|
||||
|
||||
client.tcpSetSecure = client.setSecure;
|
||||
client.setSecure = function(format_type, ca_certs, crl_list, private_key, certificate) {
|
||||
secure_credentials.secure = true;
|
||||
secure_credentials.format_type = format_type;
|
||||
secure_credentials.ca_certs = ca_certs;
|
||||
secure_credentials.crl_list = crl_list;
|
||||
secure_credentials.private_key = private_key;
|
||||
secure_credentials.certificate = certificate;
|
||||
}
|
||||
|
||||
client.addListener("connect", function () {
|
||||
client.resetParser();
|
||||
requests[0].flush();
|
||||
@ -543,6 +561,13 @@ exports.createClient = function (port, host) {
|
||||
if (requests.length > 0 && client.readyState != "opening") {
|
||||
//sys.debug("HTTP CLIENT: reconnecting readyState = " + client.readyState);
|
||||
client.connect(port, host); // reconnect
|
||||
if (secure_credentials.secure) {
|
||||
client.tcpSetSecure(secure_credentials.format_type,
|
||||
secure_credentials.ca_certs,
|
||||
secure_credentials.crl_list,
|
||||
secure_credentials.private_key,
|
||||
secure_credentials.certificate);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
@ -599,19 +599,6 @@ void Connection::OnClose() {
|
||||
};
|
||||
|
||||
Emit("close", 2, argv);
|
||||
|
||||
#if EVCOM_HAVE_GNUTLS
|
||||
if (secure_) {
|
||||
if (stream_.session) {
|
||||
gnutls_deinit(stream_.session);
|
||||
stream_.session = NULL;
|
||||
}
|
||||
if (!stream_.server && credentials) {
|
||||
gnutls_certificate_free_credentials(credentials);
|
||||
credentials = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void Connection::OnConnect() {
|
||||
|
@ -134,6 +134,19 @@ class Connection : public EventEmitter {
|
||||
assert(connection->stream_.recvfd < 0);
|
||||
assert(connection->stream_.sendfd < 0);
|
||||
|
||||
#if EVCOM_HAVE_GNUTLS
|
||||
if (connection->secure_) {
|
||||
if (connection->stream_.session) {
|
||||
gnutls_deinit(connection->stream_.session);
|
||||
connection->stream_.session = NULL;
|
||||
}
|
||||
if (!connection->stream_.server && connection->credentials) {
|
||||
gnutls_certificate_free_credentials(connection->credentials);
|
||||
connection->credentials = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
connection->OnClose();
|
||||
|
||||
assert(connection->attached_);
|
||||
|
107
test/mjsunit/test-http-tls.js
Normal file
107
test/mjsunit/test-http-tls.js
Normal file
@ -0,0 +1,107 @@
|
||||
process.mixin(require("./common"));
|
||||
http = require("http");
|
||||
PORT = 8888;
|
||||
|
||||
HOST = "localhost";
|
||||
|
||||
var have_tls;
|
||||
try {
|
||||
var dummy_server = http.createServer();
|
||||
dummy_server.setSecure();
|
||||
have_tls=true;
|
||||
} catch (e) {
|
||||
have_tls=false;
|
||||
puts("Not compiled with TLS support.");
|
||||
process.exit();
|
||||
}
|
||||
|
||||
|
||||
var responses_sent = 0;
|
||||
var responses_recvd = 0;
|
||||
var body0 = "";
|
||||
var body1 = "";
|
||||
var caPem = posix.cat(fixturesDir+"/test_ca.pem").wait();
|
||||
var certPem = posix.cat(fixturesDir+"/test_cert.pem").wait();
|
||||
var keyPem = posix.cat(fixturesDir+"/test_key.pem").wait();
|
||||
|
||||
|
||||
var http_server=http.createServer(function (req, res) {
|
||||
var verified = req.connection.verifyPeer();
|
||||
var peerDN = req.connection.getPeerCertificate("DNstring");
|
||||
assertEquals(verified, 1);
|
||||
assertEquals(peerDN, "C=UK,ST=Acknack Ltd,L=Rhys Jones,O=node.js,"
|
||||
+ "OU=Test TLS Certificate,CN=localhost");
|
||||
|
||||
if (responses_sent == 0) {
|
||||
assertEquals("GET", req.method);
|
||||
assertEquals("/hello", req.uri.path);
|
||||
|
||||
p(req.headers);
|
||||
assertTrue("accept" in req.headers);
|
||||
assertEquals("*/*", req.headers["accept"]);
|
||||
|
||||
assertTrue("foo" in req.headers);
|
||||
assertEquals("bar", req.headers["foo"]);
|
||||
}
|
||||
|
||||
if (responses_sent == 1) {
|
||||
assertEquals("POST", req.method);
|
||||
assertEquals("/world", req.uri.path);
|
||||
this.close();
|
||||
}
|
||||
|
||||
req.addListener("complete", function () {
|
||||
res.sendHeader(200, {"Content-Type": "text/plain"});
|
||||
res.sendBody("The path was " + req.uri.path);
|
||||
res.finish();
|
||||
responses_sent += 1;
|
||||
});
|
||||
|
||||
//assertEquals("127.0.0.1", res.connection.remoteAddress);
|
||||
});
|
||||
http_server.setSecure("X509_PEM", caPem, 0, keyPem, certPem);
|
||||
http_server.listen(PORT);
|
||||
|
||||
var client = http.createClient(PORT, HOST);
|
||||
client.setSecure("x509_PEM", caPem, 0, keyPem, certPem);
|
||||
var req = client.get("/hello", {"Accept": "*/*", "Foo": "bar"});
|
||||
req.finish(function (res) {
|
||||
var verified = res.connection.verifyPeer();
|
||||
var peerDN = res.connection.getPeerCertificate("DNstring");
|
||||
assertEquals(verified, 1);
|
||||
assertEquals(peerDN, "C=UK,ST=Acknack Ltd,L=Rhys Jones,O=node.js,"
|
||||
+ "OU=Test TLS Certificate,CN=localhost");
|
||||
assertEquals(200, res.statusCode);
|
||||
responses_recvd += 1;
|
||||
res.setBodyEncoding("ascii");
|
||||
res.addListener("body", function (chunk) { body0 += chunk; });
|
||||
debug("Got /hello response");
|
||||
});
|
||||
|
||||
setTimeout(function () {
|
||||
req = client.post("/world");
|
||||
req.finish(function (res) {
|
||||
var verified = res.connection.verifyPeer();
|
||||
var peerDN = res.connection.getPeerCertificate("DNstring");
|
||||
assertEquals(verified, 1);
|
||||
assertEquals(peerDN, "C=UK,ST=Acknack Ltd,L=Rhys Jones,O=node.js,"
|
||||
+ "OU=Test TLS Certificate,CN=localhost");
|
||||
assertEquals(200, res.statusCode);
|
||||
responses_recvd += 1;
|
||||
res.setBodyEncoding("utf8");
|
||||
res.addListener("body", function (chunk) { body1 += chunk; });
|
||||
debug("Got /world response");
|
||||
});
|
||||
}, 1);
|
||||
|
||||
process.addListener("exit", function () {
|
||||
debug("responses_recvd: " + responses_recvd);
|
||||
assertEquals(2, responses_recvd);
|
||||
|
||||
debug("responses_sent: " + responses_sent);
|
||||
assertEquals(2, responses_sent);
|
||||
|
||||
assertEquals("The path was /hello", body0);
|
||||
assertEquals("The path was /world", body1);
|
||||
});
|
||||
|
Loading…
x
Reference in New Issue
Block a user