Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tls: introduce
secureContext for tls.connect
Add `secureContext` option to `tls.connect`. It is useful for caching client certificates, key, and CA certificates. PR-URL: #4246 Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -597,6 +597,10 @@ Creates a new client connection to the given `port` and `host` (old API) or | |
| SSL version 3. The possible values depend on your installation of | ||
| OpenSSL and are defined in the constant [SSL_METHODS][]. | ||
|
|
||
| - `secureContext`: An optional TLS context object from | ||
| `tls.createSecureContext( ... )`. Could it be used for caching client | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. 
indutny
Author
Member
|
||
| certificates, key, and CA certificates. | ||
|
|
||
| - `session`: A `Buffer` instance, containing TLS session. | ||
|
|
||
| - `minDHSize`: Minimum size of DH parameter in bits to accept a TLS | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| 'use strict'; | ||
| const common = require('../common'); | ||
| const assert = require('assert'); | ||
|
|
||
| if (!common.hasCrypto) { | ||
| console.log('1..0 # Skipped: missing crypto'); | ||
| return; | ||
| } | ||
| const tls = require('tls'); | ||
|
|
||
| const fs = require('fs'); | ||
| const path = require('path'); | ||
|
|
||
| const keysDir = path.join(common.fixturesDir, 'keys'); | ||
|
|
||
| const ca = fs.readFileSync(path.join(keysDir, 'ca1-cert.pem')); | ||
| const cert = fs.readFileSync(path.join(keysDir, 'agent1-cert.pem')); | ||
| const key = fs.readFileSync(path.join(keysDir, 'agent1-key.pem')); | ||
|
|
||
| const server = tls.createServer({ | ||
| cert: cert, | ||
| key: key | ||
| }, function(c) { | ||
| c.end(); | ||
| }).listen(common.PORT, function() { | ||
| const secureContext = tls.createSecureContext({ | ||
| ca: ca | ||
| }); | ||
|
|
||
| const socket = tls.connect({ | ||
| secureContext: secureContext, | ||
| servername: 'agent1', | ||
| port: common.PORT | ||
| }, common.mustCall(function() { | ||
| server.close(); | ||
| socket.end(); | ||
| })); | ||
| }); |
Shouldn't this be
It could be usedinstead of the "asking way"Could it be used?