mirror of https://github.com/nodejs/node.git
tls: add client-side session resumption support
parent
b66d225c6e
commit
eb99083d0b
19
lib/tls.js
19
lib/tls.js
|
@ -184,6 +184,21 @@ CryptoStream.prototype.getPeerCertificate = function() {
|
|||
return null;
|
||||
};
|
||||
|
||||
CryptoStream.prototype.getSession = function() {
|
||||
if (this.pair.ssl) {
|
||||
return this.pair.ssl.getSession();
|
||||
}
|
||||
|
||||
return null;
|
||||
};
|
||||
|
||||
CryptoStream.prototype.isSessionReused = function() {
|
||||
if (this.pair.ssl) {
|
||||
return this.pair.ssl.isSessionReused();
|
||||
}
|
||||
|
||||
return null;
|
||||
};
|
||||
|
||||
CryptoStream.prototype.getCipher = function(err) {
|
||||
if (this.pair.ssl) {
|
||||
|
@ -956,6 +971,10 @@ exports.connect = function(port /* host, options, cb */) {
|
|||
servername: options.servername || host
|
||||
});
|
||||
|
||||
if (options.session) {
|
||||
pair.ssl.setSession(options.session);
|
||||
}
|
||||
|
||||
var cleartext = pipe(pair, socket);
|
||||
|
||||
socket.connect(port, host);
|
||||
|
|
|
@ -588,6 +588,9 @@ void Connection::Initialize(Handle<Object> target) {
|
|||
NODE_SET_PROTOTYPE_METHOD(t, "clearPending", Connection::ClearPending);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "encPending", Connection::EncPending);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "getPeerCertificate", Connection::GetPeerCertificate);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "getSession", Connection::GetSession);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "setSession", Connection::SetSession);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "isSessionReused", Connection::IsSessionReused);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "isInitFinished", Connection::IsInitFinished);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "verifyError", Connection::VerifyError);
|
||||
NODE_SET_PROTOTYPE_METHOD(t, "getCurrentCipher", Connection::GetCurrentCipher);
|
||||
|
@ -1175,6 +1178,91 @@ Handle<Value> Connection::GetPeerCertificate(const Arguments& args) {
|
|||
return scope.Close(info);
|
||||
}
|
||||
|
||||
Handle<Value> Connection::GetSession(const Arguments& args) {
|
||||
HandleScope scope;
|
||||
|
||||
Connection *ss = Connection::Unwrap(args);
|
||||
|
||||
if (ss->ssl_ == NULL) return Undefined();
|
||||
|
||||
SSL_SESSION* sess = SSL_get_session(ss->ssl_);
|
||||
if (!sess) return Undefined();
|
||||
|
||||
int slen = i2d_SSL_SESSION(sess, NULL);
|
||||
assert(slen > 0);
|
||||
|
||||
Local<Value> s;
|
||||
|
||||
if (slen > 0) {
|
||||
void* pp = malloc(slen);
|
||||
if (pp)
|
||||
{
|
||||
unsigned char* p = (unsigned char*)pp;
|
||||
i2d_SSL_SESSION(sess, &p);
|
||||
s = Encode(pp, slen, BINARY);
|
||||
free(pp);
|
||||
}
|
||||
else
|
||||
return False();
|
||||
}
|
||||
else
|
||||
return False();
|
||||
|
||||
return scope.Close(s);
|
||||
}
|
||||
|
||||
Handle<Value> Connection::SetSession(const Arguments& args) {
|
||||
HandleScope scope;
|
||||
|
||||
Connection *ss = Connection::Unwrap(args);
|
||||
|
||||
if (args.Length() < 1 || !args[0]->IsString()) {
|
||||
Local<Value> exception = Exception::TypeError(String::New("Bad argument"));
|
||||
return ThrowException(exception);
|
||||
}
|
||||
|
||||
ASSERT_IS_STRING_OR_BUFFER(args[0]);
|
||||
ssize_t slen = DecodeBytes(args[0], BINARY);
|
||||
|
||||
if (slen < 0) {
|
||||
Local<Value> exception = Exception::TypeError(String::New("Bad argument"));
|
||||
return ThrowException(exception);
|
||||
}
|
||||
|
||||
char* sbuf = new char[slen];
|
||||
|
||||
ssize_t wlen = DecodeWrite(sbuf, slen, args[0], BINARY);
|
||||
assert(wlen == slen);
|
||||
|
||||
const unsigned char* p = (unsigned char*) sbuf;
|
||||
SSL_SESSION* sess = d2i_SSL_SESSION(NULL, &p, wlen);
|
||||
|
||||
delete [] sbuf;
|
||||
|
||||
if (!sess)
|
||||
return Undefined();
|
||||
|
||||
int r = SSL_set_session(ss->ssl_, sess);
|
||||
SSL_SESSION_free(sess);
|
||||
|
||||
if (!r) {
|
||||
Local<String> eStr = String::New("SSL_set_session error");
|
||||
return ThrowException(Exception::Error(eStr));
|
||||
}
|
||||
|
||||
return True();
|
||||
}
|
||||
|
||||
Handle<Value> Connection::IsSessionReused(const Arguments& args) {
|
||||
HandleScope scope;
|
||||
|
||||
Connection *ss = Connection::Unwrap(args);
|
||||
|
||||
if (ss->ssl_ == NULL) return False();
|
||||
return SSL_session_reused(ss->ssl_) ? True() : False();
|
||||
}
|
||||
|
||||
|
||||
Handle<Value> Connection::Start(const Arguments& args) {
|
||||
HandleScope scope;
|
||||
|
||||
|
|
|
@ -120,6 +120,9 @@ class Connection : ObjectWrap {
|
|||
static v8::Handle<v8::Value> EncOut(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> ClearIn(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> GetPeerCertificate(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> GetSession(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> SetSession(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> IsSessionReused(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> IsInitFinished(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> VerifyError(const v8::Arguments& args);
|
||||
static v8::Handle<v8::Value> GetCurrentCipher(const v8::Arguments& args);
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
// Copyright Joyent, Inc. and other Node contributors.
|
||||
//
|
||||
// Permission is hereby granted, free of charge, to any person obtaining a
|
||||
// copy of this software and associated documentation files (the
|
||||
// "Software"), to deal in the Software without restriction, including
|
||||
// without limitation the rights to use, copy, modify, merge, publish,
|
||||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
||||
// persons to whom the Software is furnished to do so, subject to the
|
||||
// following conditions:
|
||||
//
|
||||
// The above copyright notice and this permission notice shall be included
|
||||
// in all copies or substantial portions of the Software.
|
||||
//
|
||||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
||||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
||||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
||||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
||||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
||||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
// Create an ssl server. First connection, validate that not resume.
|
||||
// Cache session and close connection. Use session on second connection.
|
||||
// ASSERT resumption.
|
||||
|
||||
if (!process.versions.openssl) {
|
||||
console.error("Skipping because node compiled without OpenSSL.");
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
var common = require('../common');
|
||||
var assert = require('assert');
|
||||
var tls = require('tls');
|
||||
var fs = require('fs');
|
||||
|
||||
var options = {
|
||||
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
|
||||
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem')
|
||||
};
|
||||
|
||||
var connections = 0;
|
||||
|
||||
// create server
|
||||
var server = tls.Server(options, function(socket) {
|
||||
socket.end("Goodbye");
|
||||
connections++;
|
||||
});
|
||||
|
||||
// start listening
|
||||
server.listen(common.PORT, function() {
|
||||
|
||||
var session1 = null;
|
||||
var client1 = tls.connect(common.PORT, function () {
|
||||
console.log('connect1');
|
||||
assert.ok(!client1.isSessionReused(), "Session *should not* be reused.");
|
||||
session1 = client1.getSession();
|
||||
});
|
||||
|
||||
client1.on('close', function() {
|
||||
console.log('close1');
|
||||
|
||||
var client2 = tls.connect(common.PORT, {'session':session1}, function () {
|
||||
console.log('connect2');
|
||||
assert.ok(client2.isSessionReused(), "Session *should* be reused.");
|
||||
});
|
||||
|
||||
client2.on('close', function() {
|
||||
console.log('close2');
|
||||
server.close();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
process.on('exit', function() {
|
||||
assert.equal(2, connections);
|
||||
});
|
Loading…
Reference in New Issue