tls: add options
argument to createSecurePair
Helps in implementation of #6204, where some options passed to `createSecurePair()` are ignored before this patch. These options are very helpful if someone wants to pass `options.servername` or `options.SNICallback` to securepair. PR-URL: https://github.com/nodejs/node/pull/2441 Reviewed-By: Fedor Indutny <fedor@indutny.com>
This commit is contained in:
parent
0803962860
commit
d8db75730f
@ -511,7 +511,7 @@ publicly trusted list of CAs as given in
|
|||||||
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.
|
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.
|
||||||
|
|
||||||
|
|
||||||
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized])
|
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
|
||||||
|
|
||||||
Creates a new secure pair object with two streams, one of which reads/writes
|
Creates a new secure pair object with two streams, one of which reads/writes
|
||||||
encrypted data, and one reads/writes cleartext data.
|
encrypted data, and one reads/writes cleartext data.
|
||||||
@ -530,6 +530,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
|
|||||||
automatically reject clients with invalid certificates. Only applies to
|
automatically reject clients with invalid certificates. Only applies to
|
||||||
servers with `requestCert` enabled.
|
servers with `requestCert` enabled.
|
||||||
|
|
||||||
|
- `options`: An object with common SSL options. See [tls.TLSSocket][].
|
||||||
|
|
||||||
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
|
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
|
||||||
`encrypted` stream properties.
|
`encrypted` stream properties.
|
||||||
|
|
||||||
|
@ -761,11 +761,13 @@ function securePairNT(self, options) {
|
|||||||
exports.createSecurePair = function(context,
|
exports.createSecurePair = function(context,
|
||||||
isServer,
|
isServer,
|
||||||
requestCert,
|
requestCert,
|
||||||
rejectUnauthorized) {
|
rejectUnauthorized,
|
||||||
|
options) {
|
||||||
var pair = new SecurePair(context,
|
var pair = new SecurePair(context,
|
||||||
isServer,
|
isServer,
|
||||||
requestCert,
|
requestCert,
|
||||||
rejectUnauthorized);
|
rejectUnauthorized,
|
||||||
|
options);
|
||||||
return pair;
|
return pair;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
BIN
test/fixtures/google_ssl_hello.bin
vendored
Normal file
BIN
test/fixtures/google_ssl_hello.bin
vendored
Normal file
Binary file not shown.
27
test/parallel/test-tls-securepair-fiftharg.js
Normal file
27
test/parallel/test-tls-securepair-fiftharg.js
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
'use strict';
|
||||||
|
|
||||||
|
const common = require('../common');
|
||||||
|
const assert = require('assert');
|
||||||
|
const fs = require('fs');
|
||||||
|
const tls = require('tls');
|
||||||
|
|
||||||
|
const sslcontext = tls.createSecureContext({
|
||||||
|
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
|
||||||
|
key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
|
||||||
|
});
|
||||||
|
|
||||||
|
var catchedServername;
|
||||||
|
const pair = tls.createSecurePair(sslcontext, true, false, false, {
|
||||||
|
SNICallback: common.mustCall(function(servername, cb) {
|
||||||
|
catchedServername = servername;
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
// captured traffic from browser's request to https://www.google.com
|
||||||
|
const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin');
|
||||||
|
|
||||||
|
pair.encrypted.write(sslHello);
|
||||||
|
|
||||||
|
process.on('exit', function() {
|
||||||
|
assert.strictEqual('www.google.com', catchedServername);
|
||||||
|
});
|
Loading…
x
Reference in New Issue
Block a user