tls: support changing credentials dynamically #23644
Conversation
vsemozhetbyt
added
the
semver-minor
| .update(process.argv.join(' ')) | ||
| .digest('hex') | ||
| .slice(0, 32); | ||
| } |
There was a problem hiding this comment.
Can't you call this.setOptions(options)?
There was a problem hiding this comment.
I did that originally, but setOptions() doesn't unset values that might have been passed on the first call, but omitted on subsequent calls. I also didn't want to change the behavior of setOptions().
EDIT: I guess one option would be to call setOptions() to set the options, and leave the undefined assignments in this function to clear old values.
EDIT2: Actually, setOptions() sets values unrelated to the secure context (requestCert, rejectUnauthorized, etc.), so I think I'd prefer to not call it from setSecureContext().
There was a problem hiding this comment.
@bnoordhuis long term, I'd prefer to deprecate/remove setOptions() because it's undocumented and only used in the tls server constructor. The few fields that don't overlap with setSecureContext() could be inlined in the constructor.
| this.ticketKeys = options.ticketKeys; | ||
| this.setTicketKeys(this.ticketKeys); | ||
| } else { | ||
| this.setTicketKeys(this.getTicketKeys()); |
There was a problem hiding this comment.
For my understanding: that means there is no way to disable ticket keys using .setSecureContext() if they've been enabled before?
There was a problem hiding this comment.
I was trying to focus on maintaining any keys that were already set, and figured the {set,get}TicketKeys() APIs could be used for any additional configuration.
There was a problem hiding this comment.
@cjihrig I'm somehow not understanding this code. get returns a buffer with the wrap->ticket_key_ data, and set copies its buffer argument into the wrap->ticket_key_ data... making this a no-op AFAICT. What am I missing? If the previous value of _sharedCreds (if any) had been saved, and that was used for the get, then I would understand @bnoordhuis's comment.
There was a problem hiding this comment.
@sam-github I think it is just a mistake on my part. I just ran the test suite locally with that line commented out and everything passed.
There was a problem hiding this comment.
OK, thanks for looking into it. I'm doing some session/ticket work, I'll remove the code in that PR, unless you want to.
There was a problem hiding this comment.
If you want to include it in #25713, I think that would be fine.
doc/api/tls.md
Outdated
| `ca`, etc). | ||
|
|
||
| The `server.setSecureContext()` method replaces the secure context of an | ||
| existing server. |
There was a problem hiding this comment.
What is the effect on current connections? Will those that have completed handshaking continue to be valid?
There was a problem hiding this comment.
@sam-github existing connections should not be impacted. I've updated the docs to specify this, and updated the tests to validate it.
cjihrig
force-pushed
the
swap-credentials
branch
from
b105ef4
to
44be199
Compare
| if (options.pfx) | ||
| this.pfx = options.pfx; | ||
| else | ||
| this.pfx = undefined; |
There was a problem hiding this comment.
It could get a bit messy with so many options, but the following pattern may save a bit of boilerplate code in this method...
Server.prototype.setSecureContext = function({
pfx = undefined,
key = undefined,
passphrase = undefined,
cert = undefined,
clientCertEngine = undefined,
ca = undefined,
secureProtocol = undefined,
crl = undefined,
ciphers = undefined,
ecdhCurve = undefined,
dhparam = undefined,
honorCipherOrder = false,
secureOptions,
sessionIdContext
} = {}) {
this.pfx = pfx;
this.key = key;
// ...
}Not sure it's actually that much better tho ;-)
There was a problem hiding this comment.
@jasnell I like that pattern, because I think it would be helpful for code coverage purposes. But I'm a little worried that it's just slightly different enough from the existing options handling (setOptions()) to cause problems. For example, right now falsy values get filtered out in most cases, but that would no longer be the case. The current structure also allows us to make the validation stricter, because right now it seems rather loose.
I already plan to follow this up with a deprecation PR for setOptions(). I'd like to also revisit the argument validation here, but that will be semver-major.
This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: nodejs#4464 Refs: nodejs#10349 Refs: nodejs/help#603 Refs: nodejs#15115 PR-URL: nodejs#23644 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cjihrig
force-pushed
the
swap-credentials
branch
from
44be199
to
96a986d
Compare
|
It looks like the new test |
This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: #4464 Refs: #10349 Refs: nodejs/help#603 Refs: #15115 PR-URL: #23644 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
Would it be reasonable to allow Either: server.setSecureContext(secureContext);Or: server.setSecureContext({ secureContext: secureContext }); |
|
Backported in #27432, to reduce TLS1.3 conflicts. PTAL if I did it correctly. EDIT: I had to add min/maxversion back into the options (I guess due to out-of-order landing of features), and to remove a semver-major SNICallback type check. |
This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: nodejs#4464 Refs: nodejs#10349 Refs: nodejs/help#603 Refs: nodejs#15115 PR-URL: nodejs#23644 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit adds a
setSecureContext()method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a newSecureContext, rather than an instance ofSecureContext.Fixes: #4464
Refs: #10349
Refs: nodejs/help#603
Refs: #15115
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesGreen CI: https://ci.nodejs.org/job/node-test-pull-request/17941/