From d9b5437fea4f880e5127a105a99e8e0e913999a5 Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor@indutny.com>
Date: Fri, 11 Dec 2015 15:47:39 -0500
Subject: [PATCH] tls: introduce `secureContext` for `tls.connect`

Add `secureContext` option to `tls.connect`. It is useful for caching
client certificates, key, and CA certificates.

PR-URL: https://github.com/nodejs/node/pull/4246
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 doc/api/tls.md                                |  4 ++
 lib/_tls_wrap.js                              |  2 +-
 .../test-tls-connect-secure-context.js        | 37 +++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 test/parallel/test-tls-connect-secure-context.js

diff --git a/doc/api/tls.md b/doc/api/tls.md
index d42e062b408f53..4d836b5e7f7be1 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -694,6 +694,10 @@ Creates a new client connection to the given `port` and `host` (old API) or
     SSL version 3. The possible values depend on your installation of
     OpenSSL and are defined in the constant [SSL_METHODS][].
 
+  - `secureContext`: An optional TLS context object from
+     `tls.createSecureContext( ... )`. Could it be used for caching client
+     certificates, key, and CA certificates.
+
   - `session`: A `Buffer` instance, containing TLS session.
 
 The `callback` parameter will be added as a listener for the
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 6acf5e26a65ebf..0c069b9da30231 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -973,7 +973,7 @@ exports.connect = function(/* [port, host], options, cb */) {
                  (options.socket && options.socket._host) ||
                  'localhost';
   const NPN = {};
-  const context = tls.createSecureContext(options);
+  const context = options.secureContext || tls.createSecureContext(options);
   tls.convertNPNProtocols(options.NPNProtocols, NPN);
 
   var socket = new TLSSocket(options.socket, {
diff --git a/test/parallel/test-tls-connect-secure-context.js b/test/parallel/test-tls-connect-secure-context.js
new file mode 100644
index 00000000000000..c7519ed770fd50
--- /dev/null
+++ b/test/parallel/test-tls-connect-secure-context.js
@@ -0,0 +1,37 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto) {
+  console.log('1..0 # Skipped: missing crypto');
+  return;
+}
+const tls = require('tls');
+
+const fs = require('fs');
+const path = require('path');
+
+const keysDir = path.join(common.fixturesDir, 'keys');
+
+const ca = fs.readFileSync(path.join(keysDir, 'ca1-cert.pem'));
+const cert = fs.readFileSync(path.join(keysDir, 'agent1-cert.pem'));
+const key = fs.readFileSync(path.join(keysDir, 'agent1-key.pem'));
+
+const server = tls.createServer({
+  cert: cert,
+  key: key
+}, function(c) {
+  c.end();
+}).listen(common.PORT, function() {
+  const secureContext = tls.createSecureContext({
+    ca: ca
+  });
+
+  const socket = tls.connect({
+    secureContext: secureContext,
+    servername: 'agent1',
+    port: common.PORT
+  }, common.mustCall(function() {
+    server.close();
+    socket.end();
+  }));
+});