mirror of https://github.com/nodejs/node.git
tls: add `options` argument to createSecurePair
Helps in implementation of #6204, where some options passed to `createSecurePair()` are ignored before this patch. These options are very helpful if someone wants to pass `options.servername` or `options.SNICallback` to securepair. PR-URL: https://github.com/nodejs/node/pull/2441 Reviewed-By: Fedor Indutny <fedor@indutny.com>pull/2818/head^2
parent
0803962860
commit
d8db75730f
|
@ -511,7 +511,7 @@ publicly trusted list of CAs as given in
|
|||
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.
|
||||
|
||||
|
||||
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized])
|
||||
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
|
||||
|
||||
Creates a new secure pair object with two streams, one of which reads/writes
|
||||
encrypted data, and one reads/writes cleartext data.
|
||||
|
@ -530,6 +530,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
|
|||
automatically reject clients with invalid certificates. Only applies to
|
||||
servers with `requestCert` enabled.
|
||||
|
||||
- `options`: An object with common SSL options. See [tls.TLSSocket][].
|
||||
|
||||
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
|
||||
`encrypted` stream properties.
|
||||
|
||||
|
|
|
@ -761,11 +761,13 @@ function securePairNT(self, options) {
|
|||
exports.createSecurePair = function(context,
|
||||
isServer,
|
||||
requestCert,
|
||||
rejectUnauthorized) {
|
||||
rejectUnauthorized,
|
||||
options) {
|
||||
var pair = new SecurePair(context,
|
||||
isServer,
|
||||
requestCert,
|
||||
rejectUnauthorized);
|
||||
rejectUnauthorized,
|
||||
options);
|
||||
return pair;
|
||||
};
|
||||
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,27 @@
|
|||
'use strict';
|
||||
|
||||
const common = require('../common');
|
||||
const assert = require('assert');
|
||||
const fs = require('fs');
|
||||
const tls = require('tls');
|
||||
|
||||
const sslcontext = tls.createSecureContext({
|
||||
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
|
||||
key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
|
||||
});
|
||||
|
||||
var catchedServername;
|
||||
const pair = tls.createSecurePair(sslcontext, true, false, false, {
|
||||
SNICallback: common.mustCall(function(servername, cb) {
|
||||
catchedServername = servername;
|
||||
})
|
||||
});
|
||||
|
||||
// captured traffic from browser's request to https://www.google.com
|
||||
const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin');
|
||||
|
||||
pair.encrypted.write(sslHello);
|
||||
|
||||
process.on('exit', function() {
|
||||
assert.strictEqual('www.google.com', catchedServername);
|
||||
});
|
Loading…
Reference in New Issue