2017-01-03 21:16:48 +00:00
|
|
|
// Copyright Joyent, Inc. and other Node contributors.
|
|
|
|
//
|
|
|
|
// Permission is hereby granted, free of charge, to any person obtaining a
|
|
|
|
// copy of this software and associated documentation files (the
|
|
|
|
// "Software"), to deal in the Software without restriction, including
|
|
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|
|
|
// persons to whom the Software is furnished to do so, subject to the
|
|
|
|
// following conditions:
|
|
|
|
//
|
|
|
|
// The above copyright notice and this permission notice shall be included
|
|
|
|
// in all copies or substantial portions of the Software.
|
|
|
|
//
|
|
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
|
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|
|
|
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|
|
|
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
|
|
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|
|
|
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
|
2014-11-22 15:59:48 +00:00
|
|
|
'use strict';
|
|
|
|
|
2017-01-16 09:19:32 +00:00
|
|
|
require('internal/util').assertCrypto();
|
2016-03-08 23:31:31 +00:00
|
|
|
|
2015-01-21 16:36:59 +00:00
|
|
|
const assert = require('assert');
|
|
|
|
const crypto = require('crypto');
|
|
|
|
const net = require('net');
|
|
|
|
const tls = require('tls');
|
|
|
|
const util = require('util');
|
|
|
|
const common = require('_tls_common');
|
2017-10-07 14:50:42 +00:00
|
|
|
const { StreamWrap } = require('_stream_wrap');
|
|
|
|
const { Buffer } = require('buffer');
|
2015-01-21 16:36:59 +00:00
|
|
|
const debug = util.debuglog('tls');
|
|
|
|
const tls_wrap = process.binding('tls_wrap');
|
2017-11-20 16:18:40 +00:00
|
|
|
const { TCP, constants: TCPConstants } = process.binding('tcp_wrap');
|
|
|
|
const { Pipe, constants: PipeConstants } = process.binding('pipe_wrap');
|
2018-01-10 17:42:08 +00:00
|
|
|
const {
|
|
|
|
SecureContext: NativeSecureContext
|
|
|
|
} = process.binding('crypto');
|
2018-03-04 21:16:24 +00:00
|
|
|
const {
|
|
|
|
ERR_INVALID_ARG_TYPE,
|
|
|
|
ERR_MULTIPLE_CALLBACK,
|
|
|
|
ERR_SOCKET_CLOSED,
|
|
|
|
ERR_TLS_DH_PARAM_SIZE,
|
|
|
|
ERR_TLS_HANDSHAKE_TIMEOUT,
|
|
|
|
ERR_TLS_RENEGOTIATE,
|
|
|
|
ERR_TLS_RENEGOTIATION_DISABLED,
|
|
|
|
ERR_TLS_REQUIRED_SERVER_NAME,
|
|
|
|
ERR_TLS_SESSION_ATTACK,
|
|
|
|
ERR_TLS_SNI_FROM_SERVER
|
|
|
|
} = require('internal/errors').codes;
|
2017-09-23 18:18:28 +00:00
|
|
|
const kConnectOptions = Symbol('connect-options');
|
2016-11-04 19:37:36 +00:00
|
|
|
const kDisableRenegotiation = Symbol('disable-renegotiation');
|
2017-09-23 18:18:28 +00:00
|
|
|
const kErrorEmitted = Symbol('error-emitted');
|
|
|
|
const kHandshakeTimeout = Symbol('handshake-timeout');
|
|
|
|
const kRes = Symbol('res');
|
|
|
|
const kSNICallback = Symbol('snicallback');
|
|
|
|
|
|
|
|
const noop = () => {};
|
2013-09-24 12:53:49 +00:00
|
|
|
|
2018-02-04 16:51:18 +00:00
|
|
|
function onhandshakestart(now) {
|
2013-06-13 13:36:00 +00:00
|
|
|
debug('onhandshakestart');
|
|
|
|
|
2018-05-02 10:49:13 +00:00
|
|
|
const { lastHandshakeTime } = this;
|
|
|
|
assert(now >= lastHandshakeTime);
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2018-05-02 10:49:13 +00:00
|
|
|
this.lastHandshakeTime = now;
|
2018-02-04 16:51:18 +00:00
|
|
|
|
2018-05-02 10:49:13 +00:00
|
|
|
// If this is the first handshake we can skip the rest of the checks.
|
|
|
|
if (lastHandshakeTime === 0)
|
|
|
|
return;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2018-05-02 10:49:13 +00:00
|
|
|
if ((now - lastHandshakeTime) >= tls.CLIENT_RENEG_WINDOW * 1000)
|
|
|
|
this.handshakes = 1;
|
|
|
|
else
|
|
|
|
this.handshakes++;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2018-05-02 10:49:13 +00:00
|
|
|
const { owner } = this;
|
|
|
|
if (this.handshakes > tls.CLIENT_RENEG_LIMIT) {
|
|
|
|
owner._emitTLSError(new ERR_TLS_SESSION_ATTACK());
|
|
|
|
return;
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
2016-11-04 19:37:36 +00:00
|
|
|
|
2018-05-02 10:49:13 +00:00
|
|
|
if (owner[kDisableRenegotiation])
|
2018-03-04 21:16:24 +00:00
|
|
|
owner._emitTLSError(new ERR_TLS_RENEGOTIATION_DISABLED());
|
2017-09-23 18:18:28 +00:00
|
|
|
}
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
function onhandshakedone() {
|
|
|
|
debug('onhandshakedone');
|
2017-09-23 18:18:28 +00:00
|
|
|
|
|
|
|
const owner = this.owner;
|
|
|
|
|
|
|
|
// `newSession` callback wasn't called yet
|
|
|
|
if (owner._newSessionPending) {
|
|
|
|
owner._securePending = true;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
owner._finishInit();
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function loadSession(hello) {
|
|
|
|
const owner = this.owner;
|
|
|
|
|
2014-04-14 17:15:57 +00:00
|
|
|
var once = false;
|
|
|
|
function onSession(err, session) {
|
|
|
|
if (once)
|
2018-03-04 21:16:24 +00:00
|
|
|
return owner.destroy(new ERR_MULTIPLE_CALLBACK());
|
2014-04-14 17:15:57 +00:00
|
|
|
once = true;
|
2013-06-17 10:11:13 +00:00
|
|
|
|
|
|
|
if (err)
|
2017-09-23 18:18:28 +00:00
|
|
|
return owner.destroy(err);
|
2013-06-17 10:11:13 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (owner._handle === null)
|
2018-03-04 21:16:24 +00:00
|
|
|
return owner.destroy(new ERR_SOCKET_CLOSED());
|
2015-05-14 08:38:18 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
owner._handle.loadSession(session);
|
|
|
|
owner._handle.endParser();
|
2014-04-14 17:15:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (hello.sessionId.length <= 0 ||
|
|
|
|
hello.tlsTicket ||
|
2017-09-23 18:18:28 +00:00
|
|
|
owner.server &&
|
|
|
|
!owner.server.emit('resumeSession', hello.sessionId, onSession)) {
|
|
|
|
owner._handle.endParser();
|
2014-04-14 17:15:57 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function loadSNI(info) {
|
|
|
|
const owner = this.owner;
|
|
|
|
const servername = info.servername;
|
|
|
|
if (!servername || !owner._SNICallback)
|
|
|
|
return requestOCSP(owner, info);
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
let once = false;
|
|
|
|
owner._SNICallback(servername, (err, context) => {
|
2014-04-14 17:15:57 +00:00
|
|
|
if (once)
|
2018-03-04 21:16:24 +00:00
|
|
|
return owner.destroy(new ERR_MULTIPLE_CALLBACK());
|
2014-04-14 17:15:57 +00:00
|
|
|
once = true;
|
|
|
|
|
|
|
|
if (err)
|
2017-09-23 18:18:28 +00:00
|
|
|
return owner.destroy(err);
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (owner._handle === null)
|
2018-03-04 21:16:24 +00:00
|
|
|
return owner.destroy(new ERR_SOCKET_CLOSED());
|
2015-05-14 08:38:18 +00:00
|
|
|
|
2014-04-14 17:15:57 +00:00
|
|
|
// TODO(indutny): eventually disallow raw `SecureContext`
|
|
|
|
if (context)
|
2017-09-23 18:18:28 +00:00
|
|
|
owner._handle.sni_context = context.context || context;
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
requestOCSP(owner, info);
|
2014-04-14 17:15:57 +00:00
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function requestOCSP(socket, info) {
|
|
|
|
if (!info.OCSPRequest || !socket.server)
|
|
|
|
return requestOCSPDone(socket);
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
let ctx = socket._handle.sni_context;
|
2017-01-09 13:38:31 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (!ctx) {
|
|
|
|
ctx = socket.server._sharedCreds;
|
|
|
|
|
|
|
|
// TLS socket is using a `net.Server` instead of a tls.TLSServer.
|
|
|
|
// Some TLS properties like `server._sharedCreds` will not be present
|
|
|
|
if (!ctx)
|
|
|
|
return requestOCSPDone(socket);
|
|
|
|
}
|
2017-01-09 13:38:31 +00:00
|
|
|
|
|
|
|
// TODO(indutny): eventually disallow raw `SecureContext`
|
2014-04-14 17:15:57 +00:00
|
|
|
if (ctx.context)
|
|
|
|
ctx = ctx.context;
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (socket.server.listenerCount('OCSPRequest') === 0) {
|
|
|
|
return requestOCSPDone(socket);
|
2014-04-14 17:15:57 +00:00
|
|
|
}
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
let once = false;
|
|
|
|
const onOCSP = (err, response) => {
|
2014-04-14 17:15:57 +00:00
|
|
|
if (once)
|
2018-03-04 21:16:24 +00:00
|
|
|
return socket.destroy(new ERR_MULTIPLE_CALLBACK());
|
2014-04-14 17:15:57 +00:00
|
|
|
once = true;
|
|
|
|
|
|
|
|
if (err)
|
2017-09-23 18:18:28 +00:00
|
|
|
return socket.destroy(err);
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (socket._handle === null)
|
2018-03-04 21:16:24 +00:00
|
|
|
return socket.destroy(new ERR_SOCKET_CLOSED());
|
2015-05-14 08:38:18 +00:00
|
|
|
|
2014-04-14 17:15:57 +00:00
|
|
|
if (response)
|
2017-09-23 18:18:28 +00:00
|
|
|
socket._handle.setOCSPResponse(response);
|
|
|
|
requestOCSPDone(socket);
|
|
|
|
};
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
socket.server.emit('OCSPRequest',
|
|
|
|
ctx.getCertificate(),
|
|
|
|
ctx.getIssuer(),
|
|
|
|
onOCSP);
|
2015-04-18 08:19:23 +00:00
|
|
|
}
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function requestOCSPDone(socket) {
|
|
|
|
try {
|
|
|
|
socket._handle.certCbDone();
|
|
|
|
} catch (e) {
|
|
|
|
socket.destroy(e);
|
|
|
|
}
|
2013-06-17 10:11:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function onnewsession(key, session) {
|
2017-09-23 18:18:28 +00:00
|
|
|
const owner = this.owner;
|
|
|
|
|
|
|
|
if (!owner.server)
|
2014-02-14 13:01:34 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
var once = false;
|
2017-09-23 18:18:28 +00:00
|
|
|
const done = () => {
|
2014-02-14 13:01:34 +00:00
|
|
|
if (once)
|
|
|
|
return;
|
|
|
|
once = true;
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (owner._handle === null)
|
2018-03-04 21:16:24 +00:00
|
|
|
return owner.destroy(new ERR_SOCKET_CLOSED());
|
2015-05-14 08:38:18 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
this.newSessionDone();
|
2014-02-14 13:01:34 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
owner._newSessionPending = false;
|
|
|
|
if (owner._securePending)
|
|
|
|
owner._finishInit();
|
|
|
|
owner._securePending = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
owner._newSessionPending = true;
|
|
|
|
if (!owner.server.emit('newSession', key, session, done))
|
|
|
|
done();
|
2013-06-17 10:11:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-04-14 17:15:57 +00:00
|
|
|
function onocspresponse(resp) {
|
2017-09-23 18:18:28 +00:00
|
|
|
this.owner.emit('OCSPResponse', resp);
|
|
|
|
}
|
|
|
|
|
|
|
|
function onerror(err) {
|
|
|
|
const owner = this.owner;
|
|
|
|
|
|
|
|
if (owner._writableState.errorEmitted)
|
|
|
|
return;
|
|
|
|
|
|
|
|
// Destroy socket if error happened before handshake's finish
|
|
|
|
if (!owner._secureEstablished) {
|
|
|
|
// When handshake fails control is not yet released,
|
|
|
|
// so self._tlsError will return null instead of actual error
|
|
|
|
owner.destroy(err);
|
|
|
|
} else if (owner._tlsOptions.isServer &&
|
|
|
|
owner._rejectUnauthorized &&
|
|
|
|
/peer did not return a certificate/.test(err.message)) {
|
|
|
|
// Ignore server's authorization errors
|
|
|
|
owner.destroy();
|
|
|
|
} else {
|
|
|
|
// Throw error
|
|
|
|
owner._emitTLSError(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
owner._writableState.errorEmitted = true;
|
2014-04-14 17:15:57 +00:00
|
|
|
}
|
|
|
|
|
2015-06-08 22:25:06 +00:00
|
|
|
function initRead(tls, wrapped) {
|
|
|
|
// If we were destroyed already don't bother reading
|
|
|
|
if (!tls._handle)
|
|
|
|
return;
|
|
|
|
|
|
|
|
// Socket already has some buffered data - emulate receiving it
|
2017-05-05 12:42:21 +00:00
|
|
|
if (wrapped && wrapped.readableLength) {
|
2015-06-08 22:25:06 +00:00
|
|
|
var buf;
|
|
|
|
while ((buf = wrapped.read()) !== null)
|
|
|
|
tls._handle.receive(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
tls.read(0);
|
|
|
|
}
|
2014-04-14 17:15:57 +00:00
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
/**
|
|
|
|
* Provides a wrap of socket stream to do encrypted communication.
|
|
|
|
*/
|
|
|
|
|
2017-10-31 20:03:28 +00:00
|
|
|
function TLSSocket(socket, opts) {
|
|
|
|
const tlsOptions = Object.assign({}, opts);
|
|
|
|
|
|
|
|
if (tlsOptions.ALPNProtocols)
|
|
|
|
tls.convertALPNProtocols(tlsOptions.ALPNProtocols, tlsOptions);
|
|
|
|
|
|
|
|
this._tlsOptions = tlsOptions;
|
2013-06-13 13:36:00 +00:00
|
|
|
this._secureEstablished = false;
|
2014-02-14 13:01:34 +00:00
|
|
|
this._securePending = false;
|
|
|
|
this._newSessionPending = false;
|
2013-06-13 13:36:00 +00:00
|
|
|
this._controlReleased = false;
|
2013-08-03 17:29:54 +00:00
|
|
|
this._SNICallback = null;
|
2013-06-13 13:36:00 +00:00
|
|
|
this.servername = null;
|
2015-04-23 06:25:15 +00:00
|
|
|
this.alpnProtocol = null;
|
2013-06-13 13:36:00 +00:00
|
|
|
this.authorized = false;
|
|
|
|
this.authorizationError = null;
|
2017-09-23 18:18:28 +00:00
|
|
|
this[kRes] = null;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2015-02-23 20:09:44 +00:00
|
|
|
// Wrap plain JS Stream into StreamWrap
|
2015-03-03 20:17:43 +00:00
|
|
|
var wrap;
|
2017-05-02 17:36:50 +00:00
|
|
|
if ((socket instanceof net.Socket && socket._handle) || !socket)
|
2015-03-03 20:17:43 +00:00
|
|
|
wrap = socket;
|
2017-05-02 17:36:50 +00:00
|
|
|
else
|
|
|
|
wrap = new StreamWrap(socket);
|
2015-02-23 20:09:44 +00:00
|
|
|
|
2013-12-19 09:04:34 +00:00
|
|
|
// Just a documented property to make secure sockets
|
|
|
|
// distinguishable from regular ones.
|
|
|
|
this.encrypted = true;
|
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
net.Socket.call(this, {
|
2015-06-06 22:37:35 +00:00
|
|
|
handle: this._wrapHandle(wrap),
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
allowHalfOpen: socket && socket.allowHalfOpen,
|
|
|
|
readable: false,
|
|
|
|
writable: false
|
|
|
|
});
|
|
|
|
|
|
|
|
// Proxy for API compatibility
|
|
|
|
this.ssl = this._handle;
|
|
|
|
|
2016-10-01 19:17:51 +00:00
|
|
|
this.on('error', this._tlsError);
|
2013-08-07 12:50:36 +00:00
|
|
|
|
2015-03-03 20:17:43 +00:00
|
|
|
this._init(socket, wrap);
|
2014-04-14 10:12:35 +00:00
|
|
|
|
2016-04-26 20:27:08 +00:00
|
|
|
// Make sure to setup all required properties like: `connecting` before
|
2014-04-14 10:12:35 +00:00
|
|
|
// starting the flow of the data
|
|
|
|
this.readable = true;
|
|
|
|
this.writable = true;
|
2015-06-08 22:25:06 +00:00
|
|
|
|
|
|
|
// Read on next tick so the caller has a chance to setup listeners
|
|
|
|
process.nextTick(initRead, this, socket);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
util.inherits(TLSSocket, net.Socket);
|
2013-07-03 07:46:01 +00:00
|
|
|
exports.TLSSocket = TLSSocket;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
var proxiedMethods = [
|
2015-06-06 22:37:35 +00:00
|
|
|
'ref', 'unref', 'open', 'bind', 'listen', 'connect', 'bind6',
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
'connect6', 'getsockname', 'getpeername', 'setNoDelay', 'setKeepAlive',
|
|
|
|
'setSimultaneousAccepts', 'setBlocking',
|
2013-06-13 13:36:00 +00:00
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
// PipeWrap
|
|
|
|
'setPendingInstances'
|
|
|
|
];
|
|
|
|
|
2015-03-09 14:50:29 +00:00
|
|
|
// Proxy HandleWrap, PipeWrap and TCPWrap methods
|
2017-02-26 06:41:45 +00:00
|
|
|
function makeMethodProxy(name) {
|
|
|
|
return function methodProxy(...args) {
|
2015-03-09 14:50:29 +00:00
|
|
|
if (this._parent[name])
|
2017-02-13 21:26:42 +00:00
|
|
|
return this._parent[name].apply(this._parent, args);
|
2015-03-09 14:50:29 +00:00
|
|
|
};
|
2017-02-26 06:41:45 +00:00
|
|
|
}
|
|
|
|
for (var n = 0; n < proxiedMethods.length; n++) {
|
|
|
|
tls_wrap.TLSWrap.prototype[proxiedMethods[n]] =
|
|
|
|
makeMethodProxy(proxiedMethods[n]);
|
|
|
|
}
|
2015-03-09 14:50:29 +00:00
|
|
|
|
2016-10-15 22:02:43 +00:00
|
|
|
tls_wrap.TLSWrap.prototype.close = function close(cb) {
|
2016-11-12 21:08:59 +00:00
|
|
|
let ssl;
|
|
|
|
if (this.owner) {
|
|
|
|
ssl = this.owner.ssl;
|
2016-02-09 21:00:24 +00:00
|
|
|
this.owner.ssl = null;
|
2016-11-12 21:08:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Invoke `destroySSL` on close to clean up possibly pending write requests
|
|
|
|
// that may self-reference TLSWrap, leading to leak
|
|
|
|
const done = () => {
|
|
|
|
if (ssl) {
|
|
|
|
ssl.destroySSL();
|
|
|
|
if (ssl._secureContext.singleUse) {
|
|
|
|
ssl._secureContext.context.close();
|
|
|
|
ssl._secureContext.context = null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (cb)
|
|
|
|
cb();
|
|
|
|
};
|
2016-02-09 21:00:24 +00:00
|
|
|
|
2015-06-06 22:37:35 +00:00
|
|
|
if (this._parentWrap && this._parentWrap._handle === this._parent) {
|
2016-11-12 21:08:59 +00:00
|
|
|
this._parentWrap.once('close', done);
|
2015-06-06 22:37:35 +00:00
|
|
|
return this._parentWrap.destroy();
|
|
|
|
}
|
2016-11-12 21:08:59 +00:00
|
|
|
return this._parent.close(done);
|
2015-06-06 22:37:35 +00:00
|
|
|
};
|
|
|
|
|
2016-11-04 19:37:36 +00:00
|
|
|
TLSSocket.prototype.disableRenegotiation = function disableRenegotiation() {
|
|
|
|
this[kDisableRenegotiation] = true;
|
|
|
|
};
|
|
|
|
|
2015-06-06 22:37:35 +00:00
|
|
|
TLSSocket.prototype._wrapHandle = function(wrap) {
|
|
|
|
var handle;
|
|
|
|
|
|
|
|
if (wrap)
|
|
|
|
handle = wrap._handle;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
var options = this._tlsOptions;
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (!handle) {
|
2017-11-20 16:18:40 +00:00
|
|
|
handle = options.pipe ?
|
|
|
|
new Pipe(PipeConstants.SOCKET) :
|
|
|
|
new TCP(TCPConstants.SOCKET);
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
handle.owner = this;
|
|
|
|
}
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
// Wrap socket's handle
|
2017-09-23 18:18:28 +00:00
|
|
|
const context = options.secureContext ||
|
|
|
|
options.credentials ||
|
|
|
|
tls.createSecureContext(options);
|
2018-01-10 17:42:08 +00:00
|
|
|
const externalStream = handle._externalStream;
|
|
|
|
assert(typeof externalStream === 'object',
|
|
|
|
'handle must be a LibuvStreamWrap');
|
|
|
|
assert(context.context instanceof NativeSecureContext,
|
|
|
|
'context.context must be a NativeSecureContext');
|
|
|
|
const res = tls_wrap.wrap(externalStream,
|
2017-09-23 18:18:28 +00:00
|
|
|
context.context,
|
|
|
|
!!options.isServer);
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
res._parent = handle;
|
2015-06-06 22:37:35 +00:00
|
|
|
res._parentWrap = wrap;
|
2015-03-06 01:27:58 +00:00
|
|
|
res._secureContext = context;
|
2015-02-27 23:07:25 +00:00
|
|
|
res.reading = handle.reading;
|
2017-09-23 18:18:28 +00:00
|
|
|
this[kRes] = res;
|
|
|
|
defineHandleReading(this, handle);
|
|
|
|
|
|
|
|
this.on('close', onSocketCloseDestroySSL);
|
|
|
|
|
|
|
|
return res;
|
|
|
|
};
|
|
|
|
|
|
|
|
// This eliminates a cyclic reference to TLSWrap
|
|
|
|
// Ref: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
|
|
|
|
function defineHandleReading(socket, handle) {
|
2015-02-28 18:14:07 +00:00
|
|
|
Object.defineProperty(handle, 'reading', {
|
2017-09-23 18:18:28 +00:00
|
|
|
get: () => {
|
|
|
|
return socket[kRes].reading;
|
2015-02-28 18:14:07 +00:00
|
|
|
},
|
2017-09-23 18:18:28 +00:00
|
|
|
set: (value) => {
|
|
|
|
socket[kRes].reading = value;
|
2015-02-28 18:14:07 +00:00
|
|
|
}
|
|
|
|
});
|
2017-09-23 18:18:28 +00:00
|
|
|
}
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function onSocketCloseDestroySSL() {
|
|
|
|
// Make sure we are not doing it on OpenSSL's stack
|
|
|
|
setImmediate(destroySSL, this);
|
|
|
|
this[kRes] = null;
|
|
|
|
}
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
|
2015-05-18 18:24:19 +00:00
|
|
|
function destroySSL(self) {
|
|
|
|
self._destroySSL();
|
|
|
|
}
|
|
|
|
|
2015-04-26 12:26:57 +00:00
|
|
|
TLSSocket.prototype._destroySSL = function _destroySSL() {
|
2015-05-01 21:59:05 +00:00
|
|
|
if (!this.ssl) return;
|
2015-04-27 07:39:48 +00:00
|
|
|
this.ssl.destroySSL();
|
2015-05-01 21:59:05 +00:00
|
|
|
if (this.ssl._secureContext.singleUse) {
|
2015-04-27 07:39:48 +00:00
|
|
|
this.ssl._secureContext.context.close();
|
2015-05-01 21:59:05 +00:00
|
|
|
this.ssl._secureContext.context = null;
|
|
|
|
}
|
|
|
|
this.ssl = null;
|
2015-04-26 12:26:57 +00:00
|
|
|
};
|
|
|
|
|
2015-03-03 20:17:43 +00:00
|
|
|
TLSSocket.prototype._init = function(socket, wrap) {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
var options = this._tlsOptions;
|
|
|
|
var ssl = this._handle;
|
|
|
|
|
2015-06-06 22:37:35 +00:00
|
|
|
this.server = options.server;
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
// For clients, we will always have either a given ca list or be using
|
|
|
|
// default one
|
2016-01-12 21:04:50 +00:00
|
|
|
const requestCert = !!options.requestCert || !options.isServer;
|
|
|
|
const rejectUnauthorized = !!options.rejectUnauthorized;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2013-08-23 13:53:16 +00:00
|
|
|
this._requestCert = requestCert;
|
|
|
|
this._rejectUnauthorized = rejectUnauthorized;
|
2013-06-13 13:36:00 +00:00
|
|
|
if (requestCert || rejectUnauthorized)
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
ssl.setVerifyMode(requestCert, rejectUnauthorized);
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
if (options.isServer) {
|
2017-09-23 18:18:28 +00:00
|
|
|
ssl.onhandshakestart = onhandshakestart;
|
|
|
|
ssl.onhandshakedone = onhandshakedone;
|
|
|
|
ssl.onclienthello = loadSession;
|
|
|
|
ssl.oncertcb = loadSNI;
|
|
|
|
ssl.onnewsession = onnewsession;
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
ssl.lastHandshakeTime = 0;
|
|
|
|
ssl.handshakes = 0;
|
2013-06-17 10:11:13 +00:00
|
|
|
|
2015-04-18 08:19:23 +00:00
|
|
|
if (this.server) {
|
2015-08-11 18:31:50 +00:00
|
|
|
if (this.server.listenerCount('resumeSession') > 0 ||
|
|
|
|
this.server.listenerCount('newSession') > 0) {
|
2015-04-18 08:19:23 +00:00
|
|
|
ssl.enableSessionCallbacks();
|
|
|
|
}
|
2015-08-11 18:31:50 +00:00
|
|
|
if (this.server.listenerCount('OCSPRequest') > 0)
|
2015-04-18 08:19:23 +00:00
|
|
|
ssl.enableCertCb();
|
2013-06-17 10:11:13 +00:00
|
|
|
}
|
2013-06-13 13:36:00 +00:00
|
|
|
} else {
|
2017-09-23 18:18:28 +00:00
|
|
|
ssl.onhandshakestart = noop;
|
|
|
|
ssl.onhandshakedone = this._finishInit.bind(this);
|
|
|
|
ssl.onocspresponse = onocspresponse;
|
2014-02-03 21:32:13 +00:00
|
|
|
|
|
|
|
if (options.session)
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
ssl.setSession(options.session);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
ssl.onerror = onerror;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2013-08-02 16:11:17 +00:00
|
|
|
// If custom SNICallback was given, or if
|
|
|
|
// there're SNI contexts to perform match against -
|
|
|
|
// set `.onsniselect` callback.
|
2013-06-13 13:36:00 +00:00
|
|
|
if (process.features.tls_sni &&
|
|
|
|
options.isServer &&
|
2015-06-06 22:37:35 +00:00
|
|
|
options.SNICallback &&
|
2013-08-02 16:11:17 +00:00
|
|
|
(options.SNICallback !== SNICallback ||
|
2017-12-23 08:01:58 +00:00
|
|
|
(options.server && options.server._contexts.length))) {
|
2013-08-02 16:11:17 +00:00
|
|
|
assert(typeof options.SNICallback === 'function');
|
2013-08-03 17:29:54 +00:00
|
|
|
this._SNICallback = options.SNICallback;
|
2015-04-18 08:19:23 +00:00
|
|
|
ssl.enableCertCb();
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
2015-04-23 06:25:15 +00:00
|
|
|
if (process.features.tls_alpn && options.ALPNProtocols) {
|
|
|
|
// keep reference in secureContext not to be GC-ed
|
|
|
|
ssl._secureContext.alpnBuffer = options.ALPNProtocols;
|
|
|
|
ssl.setALPNProtocols(ssl._secureContext.alpnBuffer);
|
|
|
|
}
|
|
|
|
|
2013-08-23 13:53:16 +00:00
|
|
|
if (options.handshakeTimeout > 0)
|
|
|
|
this.setTimeout(options.handshakeTimeout, this._handleTimeout);
|
2014-01-23 12:55:28 +00:00
|
|
|
|
2015-03-03 20:17:43 +00:00
|
|
|
if (socket instanceof net.Socket) {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
this._parent = socket;
|
|
|
|
|
|
|
|
// To prevent assertion in afterConnect() and properly kick off readStart
|
2016-04-26 20:27:08 +00:00
|
|
|
this.connecting = socket.connecting || !socket._handle;
|
2017-09-23 18:18:28 +00:00
|
|
|
socket.once('connect', () => {
|
|
|
|
this.connecting = false;
|
|
|
|
this.emit('connect');
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
});
|
2014-01-23 12:55:28 +00:00
|
|
|
}
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
|
|
|
|
// Assume `tls.connect()`
|
2015-03-03 20:17:43 +00:00
|
|
|
if (wrap) {
|
2017-09-23 18:18:28 +00:00
|
|
|
wrap.on('error', (err) => this._emitTLSError(err));
|
2015-03-03 20:17:43 +00:00
|
|
|
} else {
|
|
|
|
assert(!socket);
|
2016-04-26 20:27:08 +00:00
|
|
|
this.connecting = true;
|
2015-03-03 20:17:43 +00:00
|
|
|
}
|
2013-08-23 13:53:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype.renegotiate = function(options, callback) {
|
2015-04-26 12:26:57 +00:00
|
|
|
if (this.destroyed)
|
|
|
|
return;
|
|
|
|
|
2018-01-10 17:42:08 +00:00
|
|
|
let requestCert = !!this._requestCert;
|
|
|
|
let rejectUnauthorized = !!this._rejectUnauthorized;
|
2017-09-23 18:18:28 +00:00
|
|
|
|
|
|
|
if (options.requestCert !== undefined)
|
2013-08-23 13:53:16 +00:00
|
|
|
requestCert = !!options.requestCert;
|
2017-09-23 18:18:28 +00:00
|
|
|
if (options.rejectUnauthorized !== undefined)
|
2013-08-23 13:53:16 +00:00
|
|
|
rejectUnauthorized = !!options.rejectUnauthorized;
|
|
|
|
|
|
|
|
if (requestCert !== this._requestCert ||
|
|
|
|
rejectUnauthorized !== this._rejectUnauthorized) {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
this._handle.setVerifyMode(requestCert, rejectUnauthorized);
|
2013-08-23 13:53:16 +00:00
|
|
|
this._requestCert = requestCert;
|
|
|
|
this._rejectUnauthorized = rejectUnauthorized;
|
|
|
|
}
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (!this._handle.renegotiate()) {
|
2013-08-23 13:53:16 +00:00
|
|
|
if (callback) {
|
2018-03-04 21:16:24 +00:00
|
|
|
process.nextTick(callback, new ERR_TLS_RENEGOTIATE());
|
2013-08-23 13:53:16 +00:00
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ensure that we'll cycle through internal openssl's state
|
|
|
|
this.write('');
|
|
|
|
|
|
|
|
if (callback) {
|
2017-09-23 18:18:28 +00:00
|
|
|
this.once('secure', () => callback(null));
|
2013-08-23 13:53:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
};
|
|
|
|
|
2014-01-17 18:46:49 +00:00
|
|
|
TLSSocket.prototype.setMaxSendFragment = function setMaxSendFragment(size) {
|
2016-11-29 23:58:05 +00:00
|
|
|
return this._handle.setMaxSendFragment(size) === 1;
|
2014-01-17 18:46:49 +00:00
|
|
|
};
|
|
|
|
|
2014-02-03 21:32:13 +00:00
|
|
|
TLSSocket.prototype.getTLSTicket = function getTLSTicket() {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
return this._handle.getTLSTicket();
|
2014-02-03 21:32:13 +00:00
|
|
|
};
|
|
|
|
|
2013-08-23 13:53:16 +00:00
|
|
|
TLSSocket.prototype._handleTimeout = function() {
|
2018-03-04 21:16:24 +00:00
|
|
|
this._emitTLSError(new ERR_TLS_HANDSHAKE_TIMEOUT());
|
2015-05-15 19:21:06 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype._emitTLSError = function(err) {
|
|
|
|
var e = this._tlsError(err);
|
|
|
|
if (e)
|
|
|
|
this.emit('error', e);
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype._tlsError = function(err) {
|
|
|
|
this.emit('_tlsError', err);
|
|
|
|
if (this._controlReleased)
|
2015-05-15 19:21:06 +00:00
|
|
|
return err;
|
|
|
|
return null;
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
|
|
|
|
2013-08-07 12:50:36 +00:00
|
|
|
TLSSocket.prototype._releaseControl = function() {
|
|
|
|
if (this._controlReleased)
|
2013-08-23 13:53:16 +00:00
|
|
|
return false;
|
2013-08-07 12:50:36 +00:00
|
|
|
this._controlReleased = true;
|
2016-10-01 19:17:51 +00:00
|
|
|
this.removeListener('error', this._tlsError);
|
2013-08-23 13:53:16 +00:00
|
|
|
return true;
|
2013-08-07 12:50:36 +00:00
|
|
|
};
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
TLSSocket.prototype._finishInit = function() {
|
2015-04-23 06:25:15 +00:00
|
|
|
if (process.features.tls_alpn) {
|
2017-09-23 18:18:28 +00:00
|
|
|
this.alpnProtocol = this._handle.getALPNNegotiatedProtocol();
|
2015-04-23 06:25:15 +00:00
|
|
|
}
|
|
|
|
|
2018-01-01 19:13:05 +00:00
|
|
|
if (process.features.tls_sni) {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
this.servername = this._handle.getServername();
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
debug('secure established');
|
|
|
|
this._secureEstablished = true;
|
2013-08-23 13:53:16 +00:00
|
|
|
if (this._tlsOptions.handshakeTimeout > 0)
|
|
|
|
this.setTimeout(0, this._handleTimeout);
|
2013-06-13 13:36:00 +00:00
|
|
|
this.emit('secure');
|
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype._start = function() {
|
2016-04-26 20:27:08 +00:00
|
|
|
if (this.connecting) {
|
2017-09-23 18:18:28 +00:00
|
|
|
this.once('connect', this._start);
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-06-06 22:37:35 +00:00
|
|
|
// Socket was destroyed before the connection was established
|
|
|
|
if (!this._handle)
|
|
|
|
return;
|
|
|
|
|
2015-03-03 20:17:43 +00:00
|
|
|
debug('start');
|
2014-04-14 17:15:57 +00:00
|
|
|
if (this._tlsOptions.requestOCSP)
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
this._handle.requestOCSP();
|
|
|
|
this._handle.start();
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype.setServername = function(name) {
|
2018-01-10 17:42:08 +00:00
|
|
|
if (typeof name !== 'string') {
|
2018-03-19 12:33:46 +00:00
|
|
|
throw new ERR_INVALID_ARG_TYPE('name', 'string', name);
|
2018-01-10 17:42:08 +00:00
|
|
|
}
|
2018-01-10 19:33:49 +00:00
|
|
|
|
|
|
|
if (this._tlsOptions.isServer) {
|
2018-03-04 21:16:24 +00:00
|
|
|
throw new ERR_TLS_SNI_FROM_SERVER();
|
2018-01-10 19:33:49 +00:00
|
|
|
}
|
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
this._handle.setServername(name);
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype.setSession = function(session) {
|
2015-01-29 01:05:53 +00:00
|
|
|
if (typeof session === 'string')
|
2016-06-02 16:55:36 +00:00
|
|
|
session = Buffer.from(session, 'latin1');
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
this._handle.setSession(session);
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
|
|
|
|
2014-04-17 11:57:36 +00:00
|
|
|
TLSSocket.prototype.getPeerCertificate = function(detailed) {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (this._handle) {
|
2014-04-17 11:57:36 +00:00
|
|
|
return common.translatePeerCertificate(
|
2017-07-05 16:21:40 +00:00
|
|
|
this._handle.getPeerCertificate(detailed));
|
2014-04-17 11:57:36 +00:00
|
|
|
}
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
return null;
|
|
|
|
};
|
|
|
|
|
2018-03-02 19:46:34 +00:00
|
|
|
TLSSocket.prototype.getFinished = function() {
|
|
|
|
if (this._handle)
|
|
|
|
return this._handle.getFinished();
|
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype.getPeerFinished = function() {
|
|
|
|
if (this._handle)
|
|
|
|
return this._handle.getPeerFinished();
|
|
|
|
};
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
TLSSocket.prototype.getSession = function() {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (this._handle) {
|
|
|
|
return this._handle.getSession();
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype.isSessionReused = function() {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (this._handle) {
|
|
|
|
return this._handle.isSessionReused();
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
};
|
|
|
|
|
|
|
|
TLSSocket.prototype.getCipher = function(err) {
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (this._handle) {
|
|
|
|
return this._handle.getCurrentCipher();
|
2013-06-13 13:36:00 +00:00
|
|
|
} else {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2015-05-22 09:20:26 +00:00
|
|
|
TLSSocket.prototype.getEphemeralKeyInfo = function() {
|
|
|
|
if (this._handle)
|
|
|
|
return this._handle.getEphemeralKeyInfo();
|
|
|
|
|
|
|
|
return null;
|
|
|
|
};
|
|
|
|
|
2016-01-31 06:26:41 +00:00
|
|
|
TLSSocket.prototype.getProtocol = function() {
|
|
|
|
if (this._handle)
|
|
|
|
return this._handle.getProtocol();
|
|
|
|
|
|
|
|
return null;
|
|
|
|
};
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
// TODO: support anonymous (nocert) and PSK
|
|
|
|
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function onSocketSecure() {
|
|
|
|
if (this._requestCert) {
|
|
|
|
const verifyError = this._handle.verifyError();
|
|
|
|
if (verifyError) {
|
|
|
|
this.authorizationError = verifyError.code;
|
|
|
|
|
|
|
|
if (this._rejectUnauthorized)
|
|
|
|
this.destroy();
|
|
|
|
} else {
|
|
|
|
this.authorized = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!this.destroyed && this._releaseControl())
|
|
|
|
this._tlsOptions.server.emit('secureConnection', this);
|
|
|
|
}
|
|
|
|
|
|
|
|
function onSocketTLSError(err) {
|
|
|
|
if (!this._controlReleased && !this[kErrorEmitted]) {
|
|
|
|
this[kErrorEmitted] = true;
|
|
|
|
this._tlsOptions.server.emit('tlsClientError', err, this);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function onSocketClose(err) {
|
|
|
|
// Closed because of error - no need to emit it twice
|
|
|
|
if (err)
|
|
|
|
return;
|
|
|
|
|
|
|
|
// Emit ECONNRESET
|
|
|
|
if (!this._controlReleased && !this[kErrorEmitted]) {
|
|
|
|
this[kErrorEmitted] = true;
|
2018-03-15 13:22:43 +00:00
|
|
|
// eslint-disable-next-line no-restricted-syntax
|
2017-09-23 18:18:28 +00:00
|
|
|
const connReset = new Error('socket hang up');
|
|
|
|
connReset.code = 'ECONNRESET';
|
|
|
|
this._tlsOptions.server.emit('tlsClientError', connReset, this);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function tlsConnectionListener(rawSocket) {
|
|
|
|
const socket = new TLSSocket(rawSocket, {
|
|
|
|
secureContext: this._sharedCreds,
|
|
|
|
isServer: true,
|
|
|
|
server: this,
|
|
|
|
requestCert: this.requestCert,
|
|
|
|
rejectUnauthorized: this.rejectUnauthorized,
|
|
|
|
handshakeTimeout: this[kHandshakeTimeout],
|
|
|
|
ALPNProtocols: this.ALPNProtocols,
|
|
|
|
SNICallback: this[kSNICallback] || SNICallback
|
|
|
|
});
|
|
|
|
|
|
|
|
socket.on('secure', onSocketSecure);
|
|
|
|
|
|
|
|
socket[kErrorEmitted] = false;
|
|
|
|
socket.on('close', onSocketClose);
|
|
|
|
socket.on('_tlsError', onSocketTLSError);
|
|
|
|
}
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
// AUTHENTICATION MODES
|
|
|
|
//
|
|
|
|
// There are several levels of authentication that TLS/SSL supports.
|
|
|
|
// Read more about this in "man SSL_set_verify".
|
|
|
|
//
|
|
|
|
// 1. The server sends a certificate to the client but does not request a
|
|
|
|
// cert from the client. This is common for most HTTPS servers. The browser
|
|
|
|
// can verify the identity of the server, but the server does not know who
|
|
|
|
// the client is. Authenticating the client is usually done over HTTP using
|
|
|
|
// login boxes and cookies and stuff.
|
|
|
|
//
|
|
|
|
// 2. The server sends a cert to the client and requests that the client
|
|
|
|
// also send it a cert. The client knows who the server is and the server is
|
|
|
|
// requesting the client also identify themselves. There are several
|
|
|
|
// outcomes:
|
|
|
|
//
|
|
|
|
// A) verifyError returns null meaning the client's certificate is signed
|
2017-06-17 13:11:45 +00:00
|
|
|
// by one of the server's CAs. The server now knows the client's identity
|
2013-06-13 13:36:00 +00:00
|
|
|
// and the client is authorized.
|
|
|
|
//
|
|
|
|
// B) For some reason the client's certificate is not acceptable -
|
|
|
|
// verifyError returns a string indicating the problem. The server can
|
|
|
|
// either (i) reject the client or (ii) allow the client to connect as an
|
|
|
|
// unauthorized connection.
|
|
|
|
//
|
|
|
|
// The mode is controlled by two boolean variables.
|
|
|
|
//
|
|
|
|
// requestCert
|
|
|
|
// If true the server requests a certificate from client connections. For
|
|
|
|
// the common HTTPS case, users will want this to be false, which is what
|
|
|
|
// it defaults to.
|
|
|
|
//
|
|
|
|
// rejectUnauthorized
|
|
|
|
// If true clients whose certificates are invalid for any reason will not
|
|
|
|
// be allowed to make connections. If false, they will simply be marked as
|
|
|
|
// unauthorized but secure communication will continue. By default this is
|
|
|
|
// true.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// Options:
|
|
|
|
// - requestCert. Send verify request. Default to false.
|
|
|
|
// - rejectUnauthorized. Boolean, default to true.
|
|
|
|
// - key. string.
|
|
|
|
// - cert: string.
|
2016-04-15 14:49:36 +00:00
|
|
|
// - clientCertEngine: string.
|
2013-06-13 13:36:00 +00:00
|
|
|
// - ca: string or array of strings.
|
|
|
|
// - sessionTimeout: integer.
|
|
|
|
//
|
|
|
|
// emit 'secureConnection'
|
|
|
|
// function (tlsSocket) { }
|
|
|
|
//
|
|
|
|
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
|
|
|
|
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
|
|
|
|
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
|
|
|
|
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
|
|
|
|
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
|
|
|
|
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
|
|
|
|
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
|
|
|
|
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
|
|
|
|
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
|
|
|
|
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
|
|
|
|
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
|
|
|
|
// "CERT_REJECTED"
|
|
|
|
//
|
2016-11-21 21:50:02 +00:00
|
|
|
function Server(options, listener) {
|
|
|
|
if (!(this instanceof Server))
|
|
|
|
return new Server(options, listener);
|
2015-01-29 01:05:53 +00:00
|
|
|
|
2016-11-21 21:50:02 +00:00
|
|
|
if (typeof options === 'function') {
|
|
|
|
listener = options;
|
2013-06-13 13:36:00 +00:00
|
|
|
options = {};
|
2016-11-21 21:50:02 +00:00
|
|
|
} else if (options == null || typeof options === 'object') {
|
|
|
|
options = options || {};
|
|
|
|
} else {
|
2018-03-19 12:33:46 +00:00
|
|
|
throw new ERR_INVALID_ARG_TYPE('options', 'Object', options);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
this._contexts = [];
|
|
|
|
|
|
|
|
// Handle option defaults:
|
|
|
|
this.setOptions(options);
|
|
|
|
|
2014-03-06 23:27:01 +00:00
|
|
|
var sharedCreds = tls.createSecureContext({
|
2017-09-23 18:18:28 +00:00
|
|
|
pfx: this.pfx,
|
|
|
|
key: this.key,
|
|
|
|
passphrase: this.passphrase,
|
|
|
|
cert: this.cert,
|
2016-04-15 14:49:36 +00:00
|
|
|
clientCertEngine: this.clientCertEngine,
|
2017-09-23 18:18:28 +00:00
|
|
|
ca: this.ca,
|
|
|
|
ciphers: this.ciphers,
|
|
|
|
ecdhCurve: this.ecdhCurve,
|
|
|
|
dhparam: this.dhparam,
|
|
|
|
secureProtocol: this.secureProtocol,
|
|
|
|
secureOptions: this.secureOptions,
|
|
|
|
honorCipherOrder: this.honorCipherOrder,
|
|
|
|
crl: this.crl,
|
|
|
|
sessionIdContext: this.sessionIdContext
|
2013-06-13 13:36:00 +00:00
|
|
|
});
|
2013-07-21 03:11:02 +00:00
|
|
|
this._sharedCreds = sharedCreds;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000);
|
|
|
|
this[kSNICallback] = options.SNICallback;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (typeof this[kHandshakeTimeout] !== 'number') {
|
2018-03-19 13:18:50 +00:00
|
|
|
throw new ERR_INVALID_ARG_TYPE(
|
|
|
|
'options.handshakeTimeout', 'number', options.handshakeTimeout);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (this.sessionTimeout) {
|
|
|
|
sharedCreds.context.setSessionTimeout(this.sessionTimeout);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
if (this.ticketKeys) {
|
|
|
|
sharedCreds.context.setTicketKeys(this.ticketKeys);
|
2013-07-21 03:11:02 +00:00
|
|
|
}
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
// constructor call
|
2017-09-23 18:18:28 +00:00
|
|
|
net.Server.call(this, tlsConnectionListener);
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
if (listener) {
|
|
|
|
this.on('secureConnection', listener);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
util.inherits(Server, net.Server);
|
|
|
|
exports.Server = Server;
|
|
|
|
exports.createServer = function(options, listener) {
|
|
|
|
return new Server(options, listener);
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2013-07-21 03:11:02 +00:00
|
|
|
Server.prototype._getServerData = function() {
|
|
|
|
return {
|
2015-07-22 20:52:23 +00:00
|
|
|
ticketKeys: this.getTicketKeys().toString('hex')
|
2013-07-21 03:11:02 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
Server.prototype._setServerData = function(data) {
|
2016-01-25 23:00:06 +00:00
|
|
|
this.setTicketKeys(Buffer.from(data.ticketKeys, 'hex'));
|
2015-07-22 20:52:23 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
Server.prototype.getTicketKeys = function getTicketKeys(keys) {
|
|
|
|
return this._sharedCreds.context.getTicketKeys(keys);
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
Server.prototype.setTicketKeys = function setTicketKeys(keys) {
|
|
|
|
this._sharedCreds.context.setTicketKeys(keys);
|
2013-07-21 03:11:02 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
Server.prototype.setOptions = function(options) {
|
2016-03-27 13:09:08 +00:00
|
|
|
this.requestCert = options.requestCert === true;
|
|
|
|
this.rejectUnauthorized = options.rejectUnauthorized !== false;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
if (options.pfx) this.pfx = options.pfx;
|
|
|
|
if (options.key) this.key = options.key;
|
|
|
|
if (options.passphrase) this.passphrase = options.passphrase;
|
|
|
|
if (options.cert) this.cert = options.cert;
|
2016-04-15 14:49:36 +00:00
|
|
|
if (options.clientCertEngine)
|
|
|
|
this.clientCertEngine = options.clientCertEngine;
|
2013-06-13 13:36:00 +00:00
|
|
|
if (options.ca) this.ca = options.ca;
|
|
|
|
if (options.secureProtocol) this.secureProtocol = options.secureProtocol;
|
|
|
|
if (options.crl) this.crl = options.crl;
|
|
|
|
if (options.ciphers) this.ciphers = options.ciphers;
|
2015-01-29 01:05:53 +00:00
|
|
|
if (options.ecdhCurve !== undefined)
|
2013-10-14 14:53:59 +00:00
|
|
|
this.ecdhCurve = options.ecdhCurve;
|
2014-08-27 09:00:13 +00:00
|
|
|
if (options.dhparam) this.dhparam = options.dhparam;
|
2013-06-13 13:36:00 +00:00
|
|
|
if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
|
2014-02-03 21:32:13 +00:00
|
|
|
if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
|
2013-06-13 13:36:00 +00:00
|
|
|
var secureOptions = options.secureOptions || 0;
|
2015-02-15 17:43:36 +00:00
|
|
|
if (options.honorCipherOrder !== undefined)
|
|
|
|
this.honorCipherOrder = !!options.honorCipherOrder;
|
2014-06-25 10:47:59 +00:00
|
|
|
else
|
2015-02-15 17:43:36 +00:00
|
|
|
this.honorCipherOrder = true;
|
2013-06-13 13:36:00 +00:00
|
|
|
if (secureOptions) this.secureOptions = secureOptions;
|
2015-04-23 06:25:15 +00:00
|
|
|
if (options.ALPNProtocols)
|
|
|
|
tls.convertALPNProtocols(options.ALPNProtocols, this);
|
2013-06-13 13:36:00 +00:00
|
|
|
if (options.sessionIdContext) {
|
|
|
|
this.sessionIdContext = options.sessionIdContext;
|
2013-08-23 13:53:16 +00:00
|
|
|
} else {
|
2015-11-09 23:19:11 +00:00
|
|
|
this.sessionIdContext = crypto.createHash('sha1')
|
|
|
|
.update(process.argv.join(' '))
|
|
|
|
.digest('hex')
|
|
|
|
.slice(0, 32);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
// SNI Contexts High-Level API
|
2014-03-06 23:27:01 +00:00
|
|
|
Server.prototype.addContext = function(servername, context) {
|
2013-06-13 13:36:00 +00:00
|
|
|
if (!servername) {
|
2018-03-04 21:16:24 +00:00
|
|
|
throw new ERR_TLS_REQUIRED_SERVER_NAME();
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var re = new RegExp('^' +
|
2016-11-03 18:32:06 +00:00
|
|
|
servername.replace(/([.^$+?\-\\[\]{}])/g, '\\$1')
|
2016-09-18 05:43:49 +00:00
|
|
|
.replace(/\*/g, '[^.]*') +
|
2013-06-13 13:36:00 +00:00
|
|
|
'$');
|
2014-03-06 23:27:01 +00:00
|
|
|
this._contexts.push([re, tls.createSecureContext(context).context]);
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
|
|
|
|
2013-08-03 17:29:54 +00:00
|
|
|
function SNICallback(servername, callback) {
|
2017-09-23 18:18:28 +00:00
|
|
|
const contexts = this.server._contexts;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
for (var i = 0; i < contexts.length; i++) {
|
|
|
|
const elem = contexts[i];
|
2017-06-07 23:00:33 +00:00
|
|
|
if (elem[0].test(servername)) {
|
2017-09-23 18:18:28 +00:00
|
|
|
callback(null, elem[1]);
|
|
|
|
return;
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
2017-09-23 18:18:28 +00:00
|
|
|
}
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
callback(null, undefined);
|
2013-08-02 16:11:17 +00:00
|
|
|
}
|
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
|
|
|
|
// Target API:
|
|
|
|
//
|
|
|
|
// var s = tls.connect({port: 8000, host: "google.com"}, function() {
|
|
|
|
// if (!s.authorized) {
|
|
|
|
// s.destroy();
|
|
|
|
// return;
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// // s.socket;
|
|
|
|
//
|
|
|
|
// s.end("hello world\n");
|
|
|
|
// });
|
|
|
|
//
|
|
|
|
//
|
|
|
|
function normalizeConnectArgs(listArgs) {
|
2016-08-12 16:22:22 +00:00
|
|
|
var args = net._normalizeArgs(listArgs);
|
2013-06-13 13:36:00 +00:00
|
|
|
var options = args[0];
|
|
|
|
var cb = args[1];
|
|
|
|
|
2016-11-18 19:37:32 +00:00
|
|
|
// If args[0] was options, then normalize dealt with it.
|
2017-06-17 13:11:45 +00:00
|
|
|
// If args[0] is port, or args[0], args[1] is host, port, we need to
|
2016-11-18 19:37:32 +00:00
|
|
|
// find the options and merge them in, normalize's options has only
|
|
|
|
// the host/port/path args that it knows about, not the tls options.
|
|
|
|
// This means that options.host overrides a host arg.
|
2015-01-29 01:05:53 +00:00
|
|
|
if (listArgs[1] !== null && typeof listArgs[1] === 'object') {
|
2017-02-14 01:58:56 +00:00
|
|
|
util._extend(options, listArgs[1]);
|
2015-01-29 01:05:53 +00:00
|
|
|
} else if (listArgs[2] !== null && typeof listArgs[2] === 'object') {
|
2017-02-14 01:58:56 +00:00
|
|
|
util._extend(options, listArgs[2]);
|
2013-06-13 13:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return (cb) ? [options, cb] : [options];
|
|
|
|
}
|
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
function onConnectSecure() {
|
|
|
|
const options = this[kConnectOptions];
|
|
|
|
|
|
|
|
// Check the size of DHE parameter above minimum requirement
|
|
|
|
// specified in options.
|
|
|
|
const ekeyinfo = this.getEphemeralKeyInfo();
|
|
|
|
if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) {
|
2018-03-04 21:16:24 +00:00
|
|
|
const err = new ERR_TLS_DH_PARAM_SIZE(ekeyinfo.size);
|
2017-09-23 18:18:28 +00:00
|
|
|
this.emit('error', err);
|
|
|
|
this.destroy();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
let verifyError = this._handle.verifyError();
|
|
|
|
|
|
|
|
// Verify that server's identity matches it's certificate's names
|
|
|
|
// Unless server has resumed our existing session
|
|
|
|
if (!verifyError && !this.isSessionReused()) {
|
|
|
|
const hostname = options.servername ||
|
|
|
|
options.host ||
|
|
|
|
(options.socket && options.socket._host) ||
|
|
|
|
'localhost';
|
2017-12-14 23:45:44 +00:00
|
|
|
const cert = this.getPeerCertificate(true);
|
2017-09-23 18:18:28 +00:00
|
|
|
verifyError = options.checkServerIdentity(hostname, cert);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (verifyError) {
|
|
|
|
this.authorized = false;
|
|
|
|
this.authorizationError = verifyError.code || verifyError.message;
|
|
|
|
|
|
|
|
if (options.rejectUnauthorized) {
|
|
|
|
this.destroy(verifyError);
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
this.emit('secureConnect');
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
this.authorized = true;
|
|
|
|
this.emit('secureConnect');
|
|
|
|
}
|
|
|
|
|
|
|
|
this.removeListener('end', onConnectEnd);
|
|
|
|
}
|
|
|
|
|
|
|
|
function onConnectEnd() {
|
|
|
|
// NOTE: This logic is shared with _http_client.js
|
|
|
|
if (!this._hadError) {
|
|
|
|
const options = this[kConnectOptions];
|
|
|
|
this._hadError = true;
|
2018-03-15 13:22:43 +00:00
|
|
|
// eslint-disable-next-line no-restricted-syntax
|
2018-02-25 20:43:23 +00:00
|
|
|
const error = new Error('Client network socket disconnected before ' +
|
|
|
|
'secure TLS connection was established');
|
2017-09-23 18:18:28 +00:00
|
|
|
error.code = 'ECONNRESET';
|
|
|
|
error.path = options.path;
|
|
|
|
error.host = options.host;
|
|
|
|
error.port = options.port;
|
|
|
|
error.localAddress = options.localAddress;
|
|
|
|
this.destroy(error);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-02-13 21:26:42 +00:00
|
|
|
exports.connect = function(...args /* [port,] [host,] [options,] [cb] */) {
|
2015-12-20 07:01:34 +00:00
|
|
|
args = normalizeConnectArgs(args);
|
2013-06-13 13:36:00 +00:00
|
|
|
var options = args[0];
|
|
|
|
var cb = args[1];
|
|
|
|
|
|
|
|
var defaults = {
|
2014-01-24 01:28:08 +00:00
|
|
|
rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED,
|
2014-09-05 14:56:55 +00:00
|
|
|
ciphers: tls.DEFAULT_CIPHERS,
|
2015-05-22 09:21:54 +00:00
|
|
|
checkServerIdentity: tls.checkServerIdentity,
|
|
|
|
minDHSize: 1024
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|
2014-09-05 14:56:55 +00:00
|
|
|
|
2013-06-13 13:36:00 +00:00
|
|
|
options = util._extend(defaults, options || {});
|
2015-04-26 12:19:38 +00:00
|
|
|
if (!options.keepAlive)
|
|
|
|
options.singleUse = true;
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2014-09-05 14:56:55 +00:00
|
|
|
assert(typeof options.checkServerIdentity === 'function');
|
2015-05-22 09:21:54 +00:00
|
|
|
assert(typeof options.minDHSize === 'number',
|
|
|
|
'options.minDHSize is not a number: ' + options.minDHSize);
|
|
|
|
assert(options.minDHSize > 0,
|
2015-11-02 12:14:14 +00:00
|
|
|
'options.minDHSize is not a positive number: ' +
|
2015-05-22 09:21:54 +00:00
|
|
|
options.minDHSize);
|
2014-09-05 14:56:55 +00:00
|
|
|
|
2016-01-12 21:04:50 +00:00
|
|
|
const context = options.secureContext || tls.createSecureContext(options);
|
2013-06-13 13:36:00 +00:00
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
var socket = new TLSSocket(options.socket, {
|
2017-08-01 06:58:39 +00:00
|
|
|
pipe: !!options.path,
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
secureContext: context,
|
|
|
|
isServer: false,
|
|
|
|
requestCert: true,
|
2016-03-27 13:09:08 +00:00
|
|
|
rejectUnauthorized: options.rejectUnauthorized !== false,
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
session: options.session,
|
2017-10-31 20:03:28 +00:00
|
|
|
ALPNProtocols: options.ALPNProtocols,
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
requestOCSP: options.requestOCSP
|
|
|
|
});
|
2013-09-24 12:53:49 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
socket[kConnectOptions] = options;
|
|
|
|
|
2013-09-24 12:53:49 +00:00
|
|
|
if (cb)
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
socket.once('secureConnect', cb);
|
2013-09-24 12:53:49 +00:00
|
|
|
|
|
|
|
if (!options.socket) {
|
2017-08-01 06:58:39 +00:00
|
|
|
const connectOpt = {
|
|
|
|
path: options.path,
|
|
|
|
port: options.port,
|
|
|
|
host: options.host,
|
|
|
|
family: options.family,
|
|
|
|
localAddress: options.localAddress,
|
|
|
|
lookup: options.lookup
|
|
|
|
};
|
2017-09-23 18:18:28 +00:00
|
|
|
socket.connect(connectOpt, socket._start);
|
2013-09-24 12:53:49 +00:00
|
|
|
}
|
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
socket._releaseControl();
|
2013-06-13 13:36:00 +00:00
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (options.session)
|
|
|
|
socket.setSession(options.session);
|
2013-06-13 13:36:00 +00:00
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (options.servername)
|
|
|
|
socket.setServername(options.servername);
|
2013-06-13 13:36:00 +00:00
|
|
|
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
if (options.socket)
|
|
|
|
socket._start();
|
2013-06-13 13:36:00 +00:00
|
|
|
|
2017-09-23 18:18:28 +00:00
|
|
|
socket.on('secure', onConnectSecure);
|
|
|
|
socket.once('end', onConnectEnd);
|
stream_base: introduce StreamBase
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
2015-02-22 18:59:07 +00:00
|
|
|
|
|
|
|
return socket;
|
2013-06-13 13:36:00 +00:00
|
|
|
};
|