From c86627e0d1ac4cc0ee161cdf2fdf6844d8f9051b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9A=D0=BE=D1=80=D0=B5=D0=BD=D0=B1=D0=B5=D1=80=D0=B3=20?= =?UTF-8?q?=D0=9C=D0=B0=D1=80=D0=BA?= Date: Tue, 5 May 2015 12:41:16 +0500 Subject: [PATCH] tls: add `options` argument to createSecurePair Helps in implementation of #6204, where some options passed to `createSecurePair()` are ignored before this patch. These options are very helpful if someone wants to pass `options.servername` or `options.SNICallback` to securepair. PR-URL: https://github.com/nodejs/node/pull/2441 Reviewed-By: Fedor Indutny --- doc/api/tls.markdown | 4 ++- lib/_tls_legacy.js | 6 ++-- test/fixtures/google_ssl_hello.bin | Bin 0 -> 517 bytes test/parallel/test-tls-securepair-fiftharg.js | 27 ++++++++++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 test/fixtures/google_ssl_hello.bin create mode 100644 test/parallel/test-tls-securepair-fiftharg.js diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 469b0d64733b..2df457baff04 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -661,7 +661,7 @@ publicly trusted list of CAs as given in . -## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized]) +## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options]) Creates a new secure pair object with two streams, one of which reads/writes encrypted data, and one reads/writes cleartext data. @@ -680,6 +680,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream. automatically reject clients with invalid certificates. Only applies to servers with `requestCert` enabled. + - `options`: An object with common SSL options. See [tls.TLSSocket][]. + `tls.createSecurePair()` returns a SecurePair object with `cleartext` and `encrypted` stream properties. diff --git a/lib/_tls_legacy.js b/lib/_tls_legacy.js index 3471ccb2d03b..54ffb0a903b7 100644 --- a/lib/_tls_legacy.js +++ b/lib/_tls_legacy.js @@ -763,11 +763,13 @@ function securePairNT(self, options) { exports.createSecurePair = function(context, isServer, requestCert, - rejectUnauthorized) { + rejectUnauthorized, + options) { var pair = new SecurePair(context, isServer, requestCert, - rejectUnauthorized); + rejectUnauthorized, + options); return pair; }; diff --git a/test/fixtures/google_ssl_hello.bin b/test/fixtures/google_ssl_hello.bin new file mode 100644 index 0000000000000000000000000000000000000000..5170533ab2170fb6ea89bb6c65944a5ae59f222e GIT binary patch literal 517 zcmWe*W@KVuWMKTm%v`Oa@Z!+d+6#M*zFShAsw%pd<^JuXn|(G1EZW}}e0Of3LUqQ< zOY>zLo@#1%i-pZ&Qx4dBs($X~fVu_;GjE5ly>G@EL(&ChdAs>{kIahY@c z+!bfz$!0S%Rp?D=`_sS@Bi5A%E9Mo?3Y>j?0l&zzrE0g1osr9X(W5sbn%H-uWA*r2!IWNCyEz|z-;vwdx2f1U-8S)~{#~u-$ysV4GtGn2XYKed-qX5m z?F)zfT9?0`QJ5vhT{TUl_>tCA-&cacT31(x3a|BZaQl4IxC9su0t`|N5*)<^DV6%hdWNhS zM!JS392q4g1^R}1hNS^O6|4-bz%T#;At2@jk^(G@tc*;IEX=ITOw24yOiT=-3^rgD GWD)?}{iWpq literal 0 HcmV?d00001 diff --git a/test/parallel/test-tls-securepair-fiftharg.js b/test/parallel/test-tls-securepair-fiftharg.js new file mode 100644 index 000000000000..b4610117889c --- /dev/null +++ b/test/parallel/test-tls-securepair-fiftharg.js @@ -0,0 +1,27 @@ +'use strict'; + +const common = require('../common'); +const assert = require('assert'); +const fs = require('fs'); +const tls = require('tls'); + +const sslcontext = tls.createSecureContext({ + cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'), + key: fs.readFileSync(common.fixturesDir + '/test_key.pem') +}); + +var catchedServername; +const pair = tls.createSecurePair(sslcontext, true, false, false, { + SNICallback: common.mustCall(function(servername, cb) { + catchedServername = servername; + }) +}); + +// captured traffic from browser's request to https://www.google.com +const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin'); + +pair.encrypted.write(sslHello); + +process.on('exit', function() { + assert.strictEqual('www.google.com', catchedServername); +});