1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: add options argument to createSecurePair

Browse Source 
Helps in implementation of #6204, where some options passed to
`createSecurePair()` are ignored before this patch.

These options are very helpful if someone wants to pass
`options.servername` or `options.SNICallback` to securepair.

PR-URL: https://github.com/nodejs/node/pull/2441
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This commit is contained in:
Коренберг Марк 2015-05-05 12:41:16 +05:00 committed by Fedor Indutny
parent 0803962860
commit d8db75730f
4 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/api/tls.markdown
View File

@ -511,7 +511,7 @@ publicly trusted list of CAs as given in
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>. <http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized]) ## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
Creates a new secure pair object with two streams, one of which reads/writes Creates a new secure pair object with two streams, one of which reads/writes
encrypted data, and one reads/writes cleartext data. encrypted data, and one reads/writes cleartext data.
@ -530,6 +530,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
automatically reject clients with invalid certificates. Only applies to automatically reject clients with invalid certificates. Only applies to
servers with `requestCert` enabled. servers with `requestCert` enabled.
- `options`: An object with common SSL options. See [tls.TLSSocket][].
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and `tls.createSecurePair()` returns a SecurePair object with `cleartext` and
`encrypted` stream properties. `encrypted` stream properties.

6
lib/_tls_legacy.js
View File

@ -761,11 +761,13 @@ function securePairNT(self, options) {
exports.createSecurePair = function(context, exports.createSecurePair = function(context,
isServer, isServer,
requestCert, requestCert,
rejectUnauthorized) { rejectUnauthorized,
options) {
var pair = new SecurePair(context, var pair = new SecurePair(context,
isServer, isServer,
requestCert, requestCert,
rejectUnauthorized); rejectUnauthorized,
options);
return pair; return pair;
}; };

BIN
test/fixtures/google_ssl_hello.bin vendored Normal file
View File

Binary file not shown.

27
test/parallel/test-tls-securepair-fiftharg.js Normal file
View File

@ -0,0 +1,27 @@
'use strict';
const common = require('../common');
const assert = require('assert');
const fs = require('fs');
const tls = require('tls');
const sslcontext = tls.createSecureContext({
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
});
var catchedServername;
const pair = tls.createSecurePair(sslcontext, true, false, false, {
SNICallback: common.mustCall(function(servername, cb) {
catchedServername = servername;
})
});
// captured traffic from browser's request to https://www.google.com
const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin');
pair.encrypted.write(sslHello);
process.on('exit', function() {
assert.strictEqual('www.google.com', catchedServername);
});