From 359de5c6d8613ea78dfaccb1aa51033600dd7934 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 16 Jan 2017 19:36:42 -0800 Subject: [PATCH] tls: new tls.TLSSocket() supports sec ctx options Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: https://github.com/nodejs/node/issues/10538 PR-URL: https://github.com/nodejs/node/pull/11005 Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell --- doc/api/tls.md | 7 ++++++- lib/_tls_wrap.js | 2 +- test/parallel/test-tls-socket-default-options.js | 12 +++++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index f83ed1df3e4..158d41a0a28 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -483,7 +483,12 @@ added: v0.11.4 will be emitted on the socket before establishing a secure communication * `secureContext`: Optional TLS context object created with [`tls.createSecureContext()`][]. If a `secureContext` is _not_ provided, one - will be created by calling [`tls.createSecureContext()`][] with no options. + will be created by passing the entire `options` object to + `tls.createSecureContext()`. *Note*: In effect, all + [`tls.createSecureContext()`][] options can be provided, but they will be + _completely ignored_ unless the `secureContext` option is missing. + * ...: Optional [`tls.createSecureContext()`][] options can be provided, see + the `secureContext` option for more information. Construct a new `tls.TLSSocket` object from an existing TCP socket. diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index a4e3d6bd08b..a4bda406f81 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -355,7 +355,7 @@ TLSSocket.prototype._wrapHandle = function(wrap) { // Wrap socket's handle var context = options.secureContext || options.credentials || - tls.createSecureContext(); + tls.createSecureContext(options); res = tls_wrap.wrap(handle._externalStream, context.context, !!options.isServer); diff --git a/test/parallel/test-tls-socket-default-options.js b/test/parallel/test-tls-socket-default-options.js index 26199713eff..8114574437c 100644 --- a/test/parallel/test-tls-socket-default-options.js +++ b/test/parallel/test-tls-socket-default-options.js @@ -1,7 +1,7 @@ 'use strict'; const common = require('../common'); -// Test a directly created TLS socket supports no options, and empty options. +// Test directly created TLS sockets and options. const assert = require('assert'); const join = require('path').join; @@ -26,6 +26,16 @@ test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => { assert.ifError(err); }); +test({ca: keys.agent1.ca}, (err) => { + assert.ifError(err); +}); + +// Secure context options, like ca, are ignored if a sec ctx is explicitly +// provided. +test({secureContext: tls.createSecureContext(), ca: keys.agent1.ca}, (err) => { + assert.strictEqual(err.message, 'unable to verify the first certificate'); +}); + function test(client, callback) { callback = common.mustCall(callback); connect({