Skip to content

Commit

Permalink
tls: introduce secureContext for tls.connect
Browse files Browse the repository at this point in the history
Add `secureContext` option to `tls.connect`. It is useful for caching
client certificates, key, and CA certificates.

PR-URL: #4246
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
indutny committed Dec 12, 2015
1 parent 425a354 commit c5b4f6b
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 1 deletion.
4 changes: 4 additions & 0 deletions doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,10 @@ Creates a new client connection to the given `port` and `host` (old API) or
SSL version 3. The possible values depend on your installation of
OpenSSL and are defined in the constant [SSL_METHODS][].

- `secureContext`: An optional TLS context object from
`tls.createSecureContext( ... )`. Could it be used for caching client

This comment has been minimized.

Copy link
@AdriVanHoudt

AdriVanHoudt Dec 16, 2015

Contributor

Shouldn't this be It could be used instead of the "asking way" Could it be used?

This comment has been minimized.

Copy link
@indutny

indutny Dec 16, 2015

Author Member

Haha! Of course, thanks for catching this. Would you be interested in sending a Pull Request for this?

This comment has been minimized.

Copy link
@AdriVanHoudt

AdriVanHoudt Dec 16, 2015

Contributor

Definitely!

This comment has been minimized.

Copy link
@AdriVanHoudt

AdriVanHoudt Dec 16, 2015

Contributor

done #4315

certificates, key, and CA certificates.

- `session`: A `Buffer` instance, containing TLS session.

- `minDHSize`: Minimum size of DH parameter in bits to accept a TLS
Expand Down
2 changes: 1 addition & 1 deletion lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -984,7 +984,7 @@ exports.connect = function(/* [port, host], options, cb */) {
'localhost',
NPN = {},
ALPN = {},
context = tls.createSecureContext(options);
context = options.secureContext || tls.createSecureContext(options);
tls.convertNPNProtocols(options.NPNProtocols, NPN);
tls.convertALPNProtocols(options.ALPNProtocols, ALPN);

Expand Down
38 changes: 38 additions & 0 deletions test/parallel/test-tls-connect-secure-context.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
'use strict';
const common = require('../common');
const assert = require('assert');

if (!common.hasCrypto) {
console.log('1..0 # Skipped: missing crypto');
return;
}
const tls = require('tls');

const fs = require('fs');
const path = require('path');

const keysDir = path.join(common.fixturesDir, 'keys');

const ca = fs.readFileSync(path.join(keysDir, 'ca1-cert.pem'));
const cert = fs.readFileSync(path.join(keysDir, 'agent1-cert.pem'));
const key = fs.readFileSync(path.join(keysDir, 'agent1-key.pem'));

const server = tls.createServer({
cert: cert,
key: key
}, function(c) {
c.end();
}).listen(common.PORT, function() {
const secureContext = tls.createSecureContext({
ca: ca
});

const socket = tls.connect({
secureContext: secureContext,
servername: 'agent1',
port: common.PORT
}, common.mustCall(function() {
server.close();
socket.end();
}));
});

0 comments on commit c5b4f6b

Please sign in to comment.