Skip to content

Commit

Permalink
tls: add options argument to createSecurePair
Browse files Browse the repository at this point in the history
Helps in implementation of #6204, where some options passed to
`createSecurePair()` are ignored before this patch.

These options are very helpful if someone wants to pass
`options.servername` or `options.SNICallback` to securepair.

PR-URL: #2441
Reviewed-By: Fedor Indutny <fedor@indutny.com>
  • Loading branch information
socketpair authored and Myles Borins committed Feb 18, 2016
1 parent fd26960 commit c86627e
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 3 deletions.
4 changes: 3 additions & 1 deletion doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -661,7 +661,7 @@ publicly trusted list of CAs as given in
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.


## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized])
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])

Creates a new secure pair object with two streams, one of which reads/writes
encrypted data, and one reads/writes cleartext data.
Expand All @@ -680,6 +680,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
automatically reject clients with invalid certificates. Only applies to
servers with `requestCert` enabled.

- `options`: An object with common SSL options. See [tls.TLSSocket][].

`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
`encrypted` stream properties.

Expand Down
6 changes: 4 additions & 2 deletions lib/_tls_legacy.js
Original file line number Diff line number Diff line change
Expand Up @@ -763,11 +763,13 @@ function securePairNT(self, options) {
exports.createSecurePair = function(context,
isServer,
requestCert,
rejectUnauthorized) {
rejectUnauthorized,
options) {
var pair = new SecurePair(context,
isServer,
requestCert,
rejectUnauthorized);
rejectUnauthorized,
options);
return pair;
};

Expand Down
Binary file added test/fixtures/google_ssl_hello.bin
Binary file not shown.
27 changes: 27 additions & 0 deletions test/parallel/test-tls-securepair-fiftharg.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
'use strict';

const common = require('../common');
const assert = require('assert');
const fs = require('fs');
const tls = require('tls');

const sslcontext = tls.createSecureContext({
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
});

var catchedServername;
const pair = tls.createSecurePair(sslcontext, true, false, false, {
SNICallback: common.mustCall(function(servername, cb) {
catchedServername = servername;
})
});

// captured traffic from browser's request to https://www.google.com
const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin');

pair.encrypted.write(sslHello);

process.on('exit', function() {
assert.strictEqual('www.google.com', catchedServername);
});

0 comments on commit c86627e

Please sign in to comment.