New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for other tls options such as client cert #28
Comments
Passing the whole options object through would break an abstraction boundary, exposing faye-websocket clients to changes in the underlying TLS library, plus that options object contains loads of properties not related to TLS. I think we should either explicitly forward certain options on to TLS, or else introduce a What do you think? What options do you particularly need to use? Is making this change a substantial win over binding websocket-driver to the TLS module yourself? |
All tls options should be exposed, regardless of which I use. Exposing tlsOptions would be fine.
|
I'm asking which options you use because I want to understand the use cases before adding more surface to an API that couples client code directly to an implementation detail. In some cases these options need converting, e.g. between strings and buffers or cases where Faye takes a pathname, reads it and hands a buffer off to tls. So, what problem are you trying to solve at the moment; which things precisely is the current API making difficult? There might be a better solution than simply leaking the implementation details. |
It's in the subject "client cert". This includes the key & cert properties. |
Okay, but I was wondering if you could give me a bit more context around what you're doing because that helps me make API decisions. I need to know why people are doing certain things in order to get API right, in a way that won't need to break in future. |
Client certs are used for authentication or identity. |
Sorry I dropped off this conversation back in May, I was busy with other things and I needed to fully explain my concerns on this issue which I didn't do very well before. I'll try to spell out more clearly what questions I have. First, I completely agree that people need to be able to specify TLS options when using The current API for the client is (where I am listing all the available options): var client = new faye.WebSocket.Client('wss://www.example.com/', ['subprotocol'], {
maxLength: 1024,
ca: fs.readFileSync('path/to/cert'),
ping: 5,
headers: {Authorization: 'Bearer $some_token'}
}); I cannot forward this whole options object as-is off to So, I could enumerate all the options accepted by A second option would be to introduce only one new top-level option on Finally, there's the question of how certain things are specified. Faye used to implement HTTPS bindings itself, and when this was the case it took the key and cert as pathnames that it would then read, rather than accepting them as buffers as the underlying So I was asking how and where you want this behaviour so I can address those questions. I'd appreciate any thoughts you have on the questions I've raised. |
If you don't have any feedback on the questions I presented above I'm going to have to close this issue; I can't move forward without some design input. |
I've now implemented this in 723f4ce. |
faye-websocket-node/lib/faye/websocket/client.js
Line 24 in 067df9a
This is unnecessarily restrictive. Please pass on the full options object.
The text was updated successfully, but these errors were encountered: