|
|
@ -438,12 +438,14 @@ SecurePair.prototype.getCipher = function(err) { |
|
|
|
// - cert: string.
|
|
|
|
// - ca: string or array of strings.
|
|
|
|
//
|
|
|
|
// emit 'authorized'
|
|
|
|
// function (cleartext) { }
|
|
|
|
// emit 'secureConnection'
|
|
|
|
// function (cleartextStream, encryptedStream) { }
|
|
|
|
//
|
|
|
|
// 'cleartextStream' has the boolean property 'authorized' to determine if
|
|
|
|
// it was verified by the CA. If 'authorized' is false, a property
|
|
|
|
// 'authorizationError' is set on cleartextStream and has the possible
|
|
|
|
// values:
|
|
|
|
//
|
|
|
|
// emit 'unauthorized'
|
|
|
|
// function (cleartext, verifyError) { }
|
|
|
|
// Possible errors:
|
|
|
|
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
|
|
|
|
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
|
|
|
|
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
|
|
|
@ -489,19 +491,23 @@ function Server(/* [options], listener */) { |
|
|
|
socket.pipe(pair.encrypted); |
|
|
|
|
|
|
|
pair.on('secure', function() { |
|
|
|
pair.cleartext.authorized = false; |
|
|
|
if (!self.requestCert) { |
|
|
|
self.emit('unauthorized', pair.cleartext); |
|
|
|
self.emit('secureConnection', pair.cleartext, pair.encrypted); |
|
|
|
} else { |
|
|
|
var verifyError = pair._ssl.verifyError(); |
|
|
|
if (verifyError) { |
|
|
|
pair.cleartext.authorizationError = verifyError; |
|
|
|
|
|
|
|
if (self.rejectUnauthorized) { |
|
|
|
socket.destroy(); |
|
|
|
pair._destroy(); |
|
|
|
} else { |
|
|
|
self.emit('unauthorized', pair.cleartext, verifyError); |
|
|
|
self.emit('secureConnection', pair.cleartext, pair.encrypted); |
|
|
|
} |
|
|
|
} else { |
|
|
|
self.emit('authorized', pair.cleartext); |
|
|
|
pair.cleartext.authorized = true; |
|
|
|
self.emit('secureConnection', pair.cleartext, pair.encrypted); |
|
|
|
} |
|
|
|
} |
|
|
|
}); |
|
|
@ -521,8 +527,7 @@ function Server(/* [options], listener */) { |
|
|
|
}); |
|
|
|
|
|
|
|
if (listener) { |
|
|
|
this.on('authorized', listener); |
|
|
|
this.on('unauthorized', listener); |
|
|
|
this.on('secureConnection', listener); |
|
|
|
} |
|
|
|
|
|
|
|
// Handle option defaults:
|
|
|
|