lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

tls: new tls.TLSSocket() supports sec ctx options 

Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: https://github.com/nodejs/node/issues/10538
PR-URL: https://github.com/nodejs/node/pull/11005
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
v6.x
Sam Roberts 8 years ago
committed by Myles Borins
parent
861fa65bdf
commit
7cad5613c7
No known key found for this signature in database GPG Key ID: 933B01F40B5CA946
3 changed files with 18 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      doc/api/tls.md
  2. 2
      lib/_tls_wrap.js
  3. 12
      test/parallel/test-tls-socket-default-options.js

7
doc/api/tls.md
View File

@ -483,7 +483,12 @@ added: v0.11.4
will be emitted on the socket before establishing a secure communication will be emitted on the socket before establishing a secure communication
* `secureContext`: Optional TLS context object created with * `secureContext`: Optional TLS context object created with
[`tls.createSecureContext()`][]. If a `secureContext` is _not_ provided, one [`tls.createSecureContext()`][]. If a `secureContext` is _not_ provided, one
will be created by calling [`tls.createSecureContext()`][] with no options. will be created by passing the entire `options` object to
`tls.createSecureContext()`. *Note*: In effect, all
[`tls.createSecureContext()`][] options can be provided, but they will be
_completely ignored_ unless the `secureContext` option is missing.
* ...: Optional [`tls.createSecureContext()`][] options can be provided, see
the `secureContext` option for more information.
Construct a new `tls.TLSSocket` object from an existing TCP socket. Construct a new `tls.TLSSocket` object from an existing TCP socket.

2
lib/_tls_wrap.js
View File

@ -355,7 +355,7 @@ TLSSocket.prototype._wrapHandle = function(wrap) {
// Wrap socket's handle // Wrap socket's handle
var context = options.secureContext || var context = options.secureContext ||
options.credentials || options.credentials ||
tls.createSecureContext(); tls.createSecureContext(options);
res = tls_wrap.wrap(handle._externalStream, res = tls_wrap.wrap(handle._externalStream,
context.context, context.context,
!!options.isServer); !!options.isServer);

12
test/parallel/test-tls-socket-default-options.js
View File

@ -1,7 +1,7 @@
'use strict'; 'use strict';
const common = require('../common'); const common = require('../common');
// Test a directly created TLS socket supports no options, and empty options. // Test directly created TLS sockets and options.
const assert = require('assert'); const assert = require('assert');
const join = require('path').join; const join = require('path').join;
@ -26,6 +26,16 @@ test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => {
assert.ifError(err); assert.ifError(err);
}); });
test({ca: keys.agent1.ca}, (err) => {
assert.ifError(err);
});
// Secure context options, like ca, are ignored if a sec ctx is explicitly
// provided.
test({secureContext: tls.createSecureContext(), ca: keys.agent1.ca}, (err) => {
assert.strictEqual(err.message, 'unable to verify the first certificate');
});
function test(client, callback) { function test(client, callback) {
callback = common.mustCall(callback); callback = common.mustCall(callback);
connect({ connect({

Write Preview
Loading…
Cancel
Save