Permalink
Browse files

tls: assemble tls_opts in register, add 10s timer

  • Loading branch information...
1 parent 4b5a5ae commit 46d8ffbf1e933ada8f4be5b73a630c359f4e7672 @msimerson msimerson committed May 30, 2014
Showing with 43 additions and 34 deletions.
  1. +43 −34 plugins/tls.js
View
77 plugins/tls.js
@@ -10,26 +10,43 @@ var utils = require('./utils');
exports.register = function () {
var plugin = this;
- plugin.tls_key = this.config.get('tls_key.pem', 'binary');
- if (!plugin.tls_key) {
- plugin.logcrit("TLS enabled but config/tls_key.pem not found. See 'haraka -h tls'");
- return;
- }
-
- plugin.tls_cert = plugin.config.get('tls_cert.pem', 'binary');
- if (!plugin.tls_key) {
- plugin.logcrit("TLS enabled but config/tls_cert.pem not found. See 'haraka -h tls'");
- return;
- }
+ plugin.tls_opts = {
+ key: false,
+ cert: false,
+ requestCert: true,
+ };
- plugin.register_hook('capabilities', 'capabilities');
- plugin.register_hook('unrecognized_command', 'unrecognized_command');
+ var load_key = function () {
+ plugin.loginfo("loading tls_key.pem");
+ plugin.tls_opts.key = plugin.config.get('tls_key.pem', 'binary', load_key);
+ if (!plugin.tls_opts.key) {
+ plugin.logcrit("config/tls_key.pem not loaded. See 'haraka -h tls'");
+ }
+ };
+ load_key();
+
+ var load_cert = function () {
+ plugin.loginfo("loading tls_cert.pem");
+ plugin.tls_opts.cert = plugin.config.get('tls_cert.pem', 'binary', load_cert);
+ if (!plugin.tls_opts.cert) {
+ plugin.logcrit("config/tls_cert.pem not loaded. See 'haraka -h tls'");
+ }
+ };
+ load_cert();
};
-exports.capabilities = function (next, connection) {
-
+exports.hook_capabilities = function (next, connection) {
/* Caution: We cannot advertise STARTTLS if the upgrade has already been done. */
- if (connection.using_tls) {
+ if (connection.using_tls) { return next(); }
+
+ var plugin = this;
+ if (!plugin.tls_opts.key) {
+ connection.logcrit("No TLS key found. See 'harka -h tls'");
+ return next();
+ }
+
+ if (!plugin.tls_opts.cert) {
+ connection.logcrit("No TLS cert found. See 'harka -h tls'");
return next();
}
@@ -40,46 +57,38 @@ exports.capabilities = function (next, connection) {
next();
};
-exports.unrecognized_command = function (next, connection, params) {
- var plugin = this;
+exports.hook_unrecognized_command = function (next, connection, params) {
/* Watch for STARTTLS directive from client. */
- if (params[0] !== 'STARTTLS') { return next; }
-
if (!connection.notes.tls_enabled) { return next(); }
-
- var options = {
- key: plugin.tls_key,
- cert: plugin.tls_cert,
- requestCert: true,
- };
+ if (params[0] !== 'STARTTLS') { return next(); }
/* Respond to STARTTLS command. */
connection.respond(220, "Go ahead.");
- /*
+ var plugin = this;
var timer = setTimeout(function () {
- connection.logerror(plugin, 'tls timeout');
+ if (!connection) { return; }
+ connection.logerror(plugin, 'timeout');
return next();
}, 10 * 1000);
- */
/* Upgrade the connection to TLS. */
- connection.client.upgrade(options, function (authorized, verifyError, cert, cipher) {
- // clearTimeout(timer);
+ connection.client.upgrade(plugin.tls_opts, function (authorized, verifyError, cert, cipher) {
+ clearTimeout(timer);
connection.reset_transaction(function () {
connection.hello_host = undefined;
connection.using_tls = true;
- connection.notes.tls = {
+ connection.notes.tls = {
authorized: authorized,
authorizationError: verifyError,
peerCertificate: cert,
cipher: cipher
};
connection.loginfo(plugin, 'secured:' +
- ((cipher) ? ' cipher=' + cipher.name + ' version=' + cipher.version : '') +
+ ((cipher) ? ' cipher=' + cipher.name + ' version=' + cipher.version : '') +
' verified=' + authorized +
((verifyError) ? ' error="' + verifyError + '"' : '' ) +
- ((cert && cert.subject) ? ' cn="' + cert.subject.CN + '"' +
+ ((cert && cert.subject) ? ' cn="' + cert.subject.CN + '"' +
' organization="' + cert.subject.O + '"' : '') +
((cert && cert.issuer) ? ' issuer="' + cert.issuer.O + '"' : '') +
((cert && cert.valid_to) ? ' expires="' + cert.valid_to + '"' : '') +

0 comments on commit 46d8ffb

Please sign in to comment.