From 0ea0b921b7cdf682bacb2f692edd54f454da56a3 Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Wed, 8 Dec 2010 12:05:19 -0800 Subject: [PATCH] TLS: emit 'secureConnection' instead of two events --- lib/tls.js | 25 ++++++++++++++--------- test/simple/test-tls-server-verify.js | 29 ++++++++++++++------------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/lib/tls.js b/lib/tls.js index cff61c44d9..c1bb320329 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -438,12 +438,14 @@ SecurePair.prototype.getCipher = function(err) { // - cert: string. // - ca: string or array of strings. // -// emit 'authorized' -// function (cleartext) { } +// emit 'secureConnection' +// function (cleartextStream, encryptedStream) { } +// +// 'cleartextStream' has the boolean property 'authorized' to determine if +// it was verified by the CA. If 'authorized' is false, a property +// 'authorizationError' is set on cleartextStream and has the possible +// values: // -// emit 'unauthorized' -// function (cleartext, verifyError) { } -// Possible errors: // "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL", // "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE", // "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE", @@ -489,19 +491,23 @@ function Server(/* [options], listener */) { socket.pipe(pair.encrypted); pair.on('secure', function() { + pair.cleartext.authorized = false; if (!self.requestCert) { - self.emit('unauthorized', pair.cleartext); + self.emit('secureConnection', pair.cleartext, pair.encrypted); } else { var verifyError = pair._ssl.verifyError(); if (verifyError) { + pair.cleartext.authorizationError = verifyError; + if (self.rejectUnauthorized) { socket.destroy(); pair._destroy(); } else { - self.emit('unauthorized', pair.cleartext, verifyError); + self.emit('secureConnection', pair.cleartext, pair.encrypted); } } else { - self.emit('authorized', pair.cleartext); + pair.cleartext.authorized = true; + self.emit('secureConnection', pair.cleartext, pair.encrypted); } } }); @@ -521,8 +527,7 @@ function Server(/* [options], listener */) { }); if (listener) { - this.on('authorized', listener); - this.on('unauthorized', listener); + this.on('secureConnection', listener); } // Handle option defaults: diff --git a/test/simple/test-tls-server-verify.js b/test/simple/test-tls-server-verify.js index 624726016f..cc5539ec36 100644 --- a/test/simple/test-tls-server-verify.js +++ b/test/simple/test-tls-server-verify.js @@ -177,24 +177,25 @@ function runTest (testIndex) { var cas = tcase.CAs.map(loadPEM); - var server = tls.Server({ key: serverKey, - cert: serverCert, - ca: cas, - requestCert: tcase.requestCert, - rejectUnauthorized: tcase.rejectUnauthorized }); + var serverOptions = { + key: serverKey, + cert: serverCert, + ca: cas, + requestCert: tcase.requestCert, + rejectUnauthorized: tcase.rejectUnauthorized + }; var connections = 0; - server.on('authorized', function(c) { + var server = tls.Server(serverOptions, function (c) { connections++; - console.error('- authed connection'); - c.write('\n_authed\n'); - }); - - server.on('unauthorized', function(c, e) { - connections++; - console.error('- unauthed connection: %s', e); - c.write('\n_unauthed\n'); + if (c.authorized) { + console.error('- authed connection'); + c.write('\n_authed\n'); + } else { + console.error('- unauthed connection: %s', c.authorizationError); + c.write('\n_unauthed\n'); + } }); function runNextClient (clientIndex) {