tls: introduce secureContext for tls.connect

Add `secureContext` option to `tls.connect`. It is useful for caching client certificates, key, and CA certificates. PR-URL: #4246 Reviewed-By: James M Snell <jasnell@gmail.com>
nodejs · Oct 27, 2016 · d9b5437 · d9b5437
1 parent 90e0573
commit d9b5437
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 1 deletion.
diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -694,6 +694,10 @@ Creates a new client connection to the given `port` and `host` (old API) or
     SSL version 3. The possible values depend on your installation of
     OpenSSL and are defined in the constant [SSL_METHODS][].
 
+  - `secureContext`: An optional TLS context object from
+     `tls.createSecureContext( ... )`. Could it be used for caching client
+     certificates, key, and CA certificates.
+
   - `session`: A `Buffer` instance, containing TLS session.
 
 The `callback` parameter will be added as a listener for the

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -973,7 +973,7 @@ exports.connect = function(/* [port, host], options, cb */) {
                  (options.socket && options.socket._host) ||
                  'localhost';
   const NPN = {};
-  const context = tls.createSecureContext(options);
+  const context = options.secureContext || tls.createSecureContext(options);
   tls.convertNPNProtocols(options.NPNProtocols, NPN);
 
   var socket = new TLSSocket(options.socket, {

diff --git a/test/parallel/test-tls-connect-secure-context.js b/test/parallel/test-tls-connect-secure-context.js
@@ -0,0 +1,37 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto) {
+  console.log('1..0 # Skipped: missing crypto');
+  return;
+}
+const tls = require('tls');
+
+const fs = require('fs');
+const path = require('path');
+
+const keysDir = path.join(common.fixturesDir, 'keys');
+
+const ca = fs.readFileSync(path.join(keysDir, 'ca1-cert.pem'));
+const cert = fs.readFileSync(path.join(keysDir, 'agent1-cert.pem'));
+const key = fs.readFileSync(path.join(keysDir, 'agent1-key.pem'));
+
+const server = tls.createServer({
+  cert: cert,
+  key: key
+}, function(c) {
+  c.end();
+}).listen(common.PORT, function() {
+  const secureContext = tls.createSecureContext({
+    ca: ca
+  });
+
+  const socket = tls.connect({
+    secureContext: secureContext,
+    servername: 'agent1',
+    port: common.PORT
+  }, common.mustCall(function() {
+    server.close();
+    socket.end();
+  }));
+});