Skip to content
Browse files

tls: remove secureProtocol opt and pass TLS options

(requestCert,rejectUnauthorized) to tls.createSecurePair when in "server" context
  • Loading branch information...
1 parent aa6f0fd commit 1693191ca94932d064822b6bec908fbb91be60c1 @msimerson msimerson committed Jun 5, 2014
Showing with 17 additions and 17 deletions.
  1. +1 −9 docs/plugins/tls.md
  2. +2 −2 plugins/tls.js
  3. +14 −6 tls_socket.js
View
10 docs/plugins/tls.md
@@ -62,15 +62,7 @@ applies to server connections.
Emits an 'error' event when certificate verification fails.
- `rejectUnauthorized=[true|false]` (default: true)
-
-### secureProtocol
-
-Restrict SSL to specified protocol(s).
-
-this setting would require SSLv3:
-
- `secureProtocol=SSLv3_method`
+ `rejectUnauthorized=[true|false]` (default: false)
### ciphers
View
4 plugins/tls.js
@@ -15,14 +15,14 @@ exports.register = function () {
cert: false,
};
- var config_options = ['ciphers','requestCert','rejectUnauthorized','secureProtocol'];
+ var config_options = ['ciphers','requestCert','rejectUnauthorized'];
var load_config = function () {
plugin.loginfo("loading tls.ini");
plugin.cfg = plugin.config.get('tls.ini', {
booleans: [
'+main.requestCert',
- '+main.rejectUnauthorized',
+ '-main.rejectUnauthorized',
]
}, load_config);
View
20 tls_socket.js
@@ -170,7 +170,7 @@ function createServer(cb) {
socket.upgrade = function (options, cb) {
log.logdebug("Upgrading to TLS");
-
+
socket.clean();
cryptoSocket.removeAllListeners('data');
@@ -179,10 +179,17 @@ function createServer(cb) {
if (!options) options = {};
// TODO: bug in Node means we can't do this until it's fixed
// options.secureOptions = SSL_OP_ALL;
-
+
+ var requestCert = true;
+ var rejectUnauthorized = false;
+ if (options) {
+ if (options.requestCert !== undefined) { requestCert = options.requestCert; }
+ if (options.rejectUnauthorized !== undefined) { rejectUnauthorized = options.rejectUnauthorized; }
+ }
var sslcontext = crypto.createCredentials(options);
- var pair = tls.createSecurePair(sslcontext, true, true, false);
+ // tls.createSecurePair(credentials, isServer, requestCert, rejectUnauthorized)
+ var pair = tls.createSecurePair(sslcontext, true, requestCert, rejectUnauthorized);
var cleartext = pipe(pair, cryptoSocket);
@@ -211,7 +218,7 @@ function createServer(cb) {
cleartext._controlReleased = true;
socket.cleartext = cleartext;
-
+
if (socket._timeout) {
cleartext.setTimeout(socket._timeout);
}
@@ -265,12 +272,13 @@ function connect(port, host, cb) {
var sslcontext = crypto.createCredentials(options);
+ // tls.createSecurePair([credentials], [isServer]);
var pair = tls.createSecurePair(sslcontext, false);
socket.pair = pair;
var cleartext = pipe(pair, cryptoSocket);
-
+
pair.on('error', function(exception) {
socket.emit('error', exception);
});
@@ -293,7 +301,7 @@ function connect(port, host, cb) {
cleartext._controlReleased = true;
socket.cleartext = cleartext;
-
+
if (socket._timeout) {
cleartext.setTimeout(socket._timeout);
}

0 comments on commit 1693191

Please sign in to comment.
Something went wrong with that request. Please try again.