Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure pair fix #2441

Closed
wants to merge 1 commit into from
Closed

Secure pair fix #2441

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion doc/api/tls.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,7 +506,7 @@ publicly trusted list of CAs as given in
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.


## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized])
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])

Creates a new secure pair object with two streams, one of which reads/writes
encrypted data, and one reads/writes cleartext data.
Expand All @@ -525,6 +525,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
automatically reject clients with invalid certificates. Only applies to
servers with `requestCert` enabled.

- `options`: An object with common SSL options. See [tls.TLSSocket][].

`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
`encrypted` stream properties.

Expand Down
6 changes: 4 additions & 2 deletions lib/_tls_legacy.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -761,11 +761,13 @@ function securePairNT(self, options) {
exports.createSecurePair = function(context,
isServer,
requestCert,
rejectUnauthorized) {
rejectUnauthorized,
options) {
var pair = new SecurePair(context,
isServer,
requestCert,
rejectUnauthorized);
rejectUnauthorized,
options);
return pair;
};

Expand Down
Binary file added test/fixtures/google_ssl_hello.bin
View file
Open in desktop
Binary file not shown.
27 changes: 27 additions & 0 deletions test/parallel/test-tls-securepair-fiftharg.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
'use strict';

const common = require('../common');
const assert = require('assert');
const fs = require('fs');
const tls = require('tls');

const sslcontext = tls.createSecureContext({
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
});

var catchedServername;
const pair = tls.createSecurePair(sslcontext, true, false, false, {
SNICallback: common.mustCall(function(servername, cb) {
catchedServername = servername;
})
});

// captured traffic from browser's request to https://www.google.com
const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin');

pair.encrypted.write(sslHello);

process.on('exit', function() {
assert.strictEqual('www.google.com', catchedServername);
});