From c5b4f6bc996e25f9e24db8ed31df86010d2dfcec Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Fri, 11 Dec 2015 15:47:39 -0500 Subject: [PATCH] tls: introduce `secureContext` for `tls.connect` Add `secureContext` option to `tls.connect`. It is useful for caching client certificates, key, and CA certificates. PR-URL: https://github.com/nodejs/node/pull/4246 Reviewed-By: James M Snell --- doc/api/tls.markdown | 4 ++ lib/_tls_wrap.js | 2 +- .../test-tls-connect-secure-context.js | 38 +++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-connect-secure-context.js diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index f523c1bf372809..bbe0be876993c3 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -597,6 +597,10 @@ Creates a new client connection to the given `port` and `host` (old API) or SSL version 3. The possible values depend on your installation of OpenSSL and are defined in the constant [SSL_METHODS][]. + - `secureContext`: An optional TLS context object from + `tls.createSecureContext( ... )`. Could it be used for caching client + certificates, key, and CA certificates. + - `session`: A `Buffer` instance, containing TLS session. - `minDHSize`: Minimum size of DH parameter in bits to accept a TLS diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index ef5769ce650743..3d0c6a74c2170b 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -984,7 +984,7 @@ exports.connect = function(/* [port, host], options, cb */) { 'localhost', NPN = {}, ALPN = {}, - context = tls.createSecureContext(options); + context = options.secureContext || tls.createSecureContext(options); tls.convertNPNProtocols(options.NPNProtocols, NPN); tls.convertALPNProtocols(options.ALPNProtocols, ALPN); diff --git a/test/parallel/test-tls-connect-secure-context.js b/test/parallel/test-tls-connect-secure-context.js new file mode 100644 index 00000000000000..3b080432e49d44 --- /dev/null +++ b/test/parallel/test-tls-connect-secure-context.js @@ -0,0 +1,38 @@ +'use strict'; +const common = require('../common'); +const assert = require('assert'); + +if (!common.hasCrypto) { + console.log('1..0 # Skipped: missing crypto'); + return; +} +const tls = require('tls'); + +const fs = require('fs'); +const path = require('path'); + +const keysDir = path.join(common.fixturesDir, 'keys'); + +const ca = fs.readFileSync(path.join(keysDir, 'ca1-cert.pem')); +const cert = fs.readFileSync(path.join(keysDir, 'agent1-cert.pem')); +const key = fs.readFileSync(path.join(keysDir, 'agent1-key.pem')); + +const server = tls.createServer({ + cert: cert, + key: key +}, function(c) { + c.end(); +}).listen(common.PORT, function() { + const secureContext = tls.createSecureContext({ + ca: ca + }); + + const socket = tls.connect({ + secureContext: secureContext, + servername: 'agent1', + port: common.PORT + }, common.mustCall(function() { + server.close(); + socket.end(); + })); +});