Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v8.x backport] tls: accept array of protocols in TLSSocket #21721

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 12 additions & 11 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -262,11 +262,15 @@ function initRead(tls, wrapped) {
* Provides a wrap of socket stream to do encrypted communication.
*/

function TLSSocket(socket, options) {
if (options === undefined)
this._tlsOptions = {};
else
this._tlsOptions = options;
function TLSSocket(socket, opts) {

This comment was marked as resolved.

const tlsOptions = Object.assign({}, opts);

This comment was marked as resolved.


if (tlsOptions.NPNProtocols)
tls.convertNPNProtocols(tlsOptions.NPNProtocols, tlsOptions);
if (tlsOptions.ALPNProtocols)
tls.convertALPNProtocols(tlsOptions.ALPNProtocols, tlsOptions);

this._tlsOptions = tlsOptions;
this._secureEstablished = false;
this._securePending = false;
this._newSessionPending = false;
Expand Down Expand Up @@ -1044,11 +1048,8 @@ exports.connect = function(...args /* [port,] [host,] [options,] [cb] */) {
options.host ||
(options.socket && options.socket._host) ||
'localhost';
const NPN = {};
const ALPN = {};

const context = options.secureContext || tls.createSecureContext(options);
tls.convertNPNProtocols(options.NPNProtocols, NPN);
tls.convertALPNProtocols(options.ALPNProtocols, ALPN);

var socket = new TLSSocket(options.socket, {
pipe: !!options.path,
Expand All @@ -1057,8 +1058,8 @@ exports.connect = function(...args /* [port,] [host,] [options,] [cb] */) {
requestCert: true,
rejectUnauthorized: options.rejectUnauthorized !== false,
session: options.session,
NPNProtocols: NPN.NPNProtocols,
ALPNProtocols: ALPN.ALPNProtocols,
NPNProtocols: options.NPNProtocols,
ALPNProtocols: options.ALPNProtocols,
requestOCSP: options.requestOCSP
});

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
'use strict';

// Test that TLSSocket can take arrays of strings for ALPNProtocols and
// NPNProtocols.

const common = require('../common');

if (!common.hasCrypto)
common.skip('missing crypto');

const tls = require('tls');

new tls.TLSSocket(null, {
ALPNProtocols: ['http/1.1'],
NPNProtocols: ['http/1.1']
});

if (!process.features.tls_npn)
common.skip('node compiled without NPN feature of OpenSSL');

if (!process.features.tls_alpn)
common.skip('node compiled without ALPN feature of OpenSSL');

const assert = require('assert');
const net = require('net');
const fixtures = require('../common/fixtures');

const key = fixtures.readKey('agent1-key.pem');
const cert = fixtures.readKey('agent1-cert.pem');

const protocols = [];

const server = net.createServer(common.mustCall((s) => {
const tlsSocket = new tls.TLSSocket(s, {
isServer: true,
server,
key,
cert,
ALPNProtocols: ['http/1.1'],
NPNProtocols: ['http/1.1']
});

tlsSocket.on('secure', common.mustCall(() => {
protocols.push({
alpnProtocol: tlsSocket.alpnProtocol,
npnProtocol: tlsSocket.npnProtocol
});
tlsSocket.end();
}));
}, 2));

server.listen(0, common.mustCall(() => {
const alpnOpts = {
port: server.address().port,
rejectUnauthorized: false,
ALPNProtocols: ['h2', 'http/1.1']
};
const npnOpts = {
port: server.address().port,
rejectUnauthorized: false,
NPNProtocols: ['h2', 'http/1.1']
};

tls.connect(alpnOpts, function() {
this.end();

tls.connect(npnOpts, function() {
this.end();

server.close();

assert.deepStrictEqual(protocols, [
{ alpnProtocol: 'http/1.1', npnProtocol: false },
{ alpnProtocol: false, npnProtocol: 'http/1.1' }
]);
});
});
}));