Permalink
Browse files

Add HTTP client TLS support

  • Loading branch information...
1 parent a9ea21f commit 5b1a535cd89624a021b4bd183cfaaccef5b63dd9 @waveto waveto committed with ry Nov 30, 2009
Showing with 145 additions and 13 deletions.
  1. +25 −0 lib/http.js
  2. +0 −13 src/node_net.cc
  3. +13 −0 src/node_net.h
  4. +107 −0 test/mjsunit/test-http-tls.js
View
25 lib/http.js
@@ -505,6 +505,7 @@ function connectionListener (connection) {
exports.createClient = function (port, host) {
var client = new process.http.Client();
+ var secure_credentials={ secure : false };
var requests = [];
@@ -513,6 +514,13 @@ exports.createClient = function (port, host) {
if (client.readyState == "closed") {
//sys.debug("HTTP CLIENT request flush. reconnect. readyState = " + client.readyState);
client.connect(port, host); // reconnect
+ if (secure_credentials.secure) {
+ client.tcpSetSecure(secure_credentials.format_type,
+ secure_credentials.ca_certs,
+ secure_credentials.crl_list,
+ secure_credentials.private_key,
+ secure_credentials.certificate);
+ }
return;
}
//sys.debug("client flush readyState = " + client.readyState);
@@ -521,6 +529,16 @@ exports.createClient = function (port, host) {
requests.push(req);
};
+ client.tcpSetSecure = client.setSecure;
+ client.setSecure = function(format_type, ca_certs, crl_list, private_key, certificate) {
+ secure_credentials.secure = true;
+ secure_credentials.format_type = format_type;
+ secure_credentials.ca_certs = ca_certs;
+ secure_credentials.crl_list = crl_list;
+ secure_credentials.private_key = private_key;
+ secure_credentials.certificate = certificate;
+ }
+
client.addListener("connect", function () {
client.resetParser();
requests[0].flush();
@@ -543,6 +561,13 @@ exports.createClient = function (port, host) {
if (requests.length > 0 && client.readyState != "opening") {
//sys.debug("HTTP CLIENT: reconnecting readyState = " + client.readyState);
client.connect(port, host); // reconnect
+ if (secure_credentials.secure) {
+ client.tcpSetSecure(secure_credentials.format_type,
+ secure_credentials.ca_certs,
+ secure_credentials.crl_list,
+ secure_credentials.private_key,
+ secure_credentials.certificate);
+ }
}
});
View
13 src/node_net.cc
@@ -599,19 +599,6 @@ void Connection::OnClose() {
};
Emit("close", 2, argv);
-
- #if EVCOM_HAVE_GNUTLS
- if (secure_) {
- if (stream_.session) {
- gnutls_deinit(stream_.session);
- stream_.session = NULL;
- }
- if (!stream_.server && credentials) {
- gnutls_certificate_free_credentials(credentials);
- credentials = NULL;
- }
- }
- #endif
}
void Connection::OnConnect() {
View
13 src/node_net.h
@@ -134,6 +134,19 @@ class Connection : public EventEmitter {
assert(connection->stream_.recvfd < 0);
assert(connection->stream_.sendfd < 0);
+ #if EVCOM_HAVE_GNUTLS
+ if (connection->secure_) {
+ if (connection->stream_.session) {
+ gnutls_deinit(connection->stream_.session);
+ connection->stream_.session = NULL;
+ }
+ if (!connection->stream_.server && connection->credentials) {
+ gnutls_certificate_free_credentials(connection->credentials);
+ connection->credentials = NULL;
+ }
+ }
+ #endif
+
connection->OnClose();
assert(connection->attached_);
View
107 test/mjsunit/test-http-tls.js
@@ -0,0 +1,107 @@
+process.mixin(require("./common"));
+http = require("http");
+PORT = 8888;
+
+HOST = "localhost";
+
+var have_tls;
+try {
+ var dummy_server = http.createServer();
+ dummy_server.setSecure();
+ have_tls=true;
+} catch (e) {
+ have_tls=false;
+ puts("Not compiled with TLS support.");
+ process.exit();
+}
+
+
+var responses_sent = 0;
+var responses_recvd = 0;
+var body0 = "";
+var body1 = "";
+var caPem = posix.cat(fixturesDir+"/test_ca.pem").wait();
+var certPem = posix.cat(fixturesDir+"/test_cert.pem").wait();
+var keyPem = posix.cat(fixturesDir+"/test_key.pem").wait();
+
+
+var http_server=http.createServer(function (req, res) {
+ var verified = req.connection.verifyPeer();
+ var peerDN = req.connection.getPeerCertificate("DNstring");
+ assertEquals(verified, 1);
+ assertEquals(peerDN, "C=UK,ST=Acknack Ltd,L=Rhys Jones,O=node.js,"
+ + "OU=Test TLS Certificate,CN=localhost");
+
+ if (responses_sent == 0) {
+ assertEquals("GET", req.method);
+ assertEquals("/hello", req.uri.path);
+
+ p(req.headers);
+ assertTrue("accept" in req.headers);
+ assertEquals("*/*", req.headers["accept"]);
+
+ assertTrue("foo" in req.headers);
+ assertEquals("bar", req.headers["foo"]);
+ }
+
+ if (responses_sent == 1) {
+ assertEquals("POST", req.method);
+ assertEquals("/world", req.uri.path);
+ this.close();
+ }
+
+ req.addListener("complete", function () {
+ res.sendHeader(200, {"Content-Type": "text/plain"});
+ res.sendBody("The path was " + req.uri.path);
+ res.finish();
+ responses_sent += 1;
+ });
+
+ //assertEquals("127.0.0.1", res.connection.remoteAddress);
+});
+http_server.setSecure("X509_PEM", caPem, 0, keyPem, certPem);
+http_server.listen(PORT);
+
+var client = http.createClient(PORT, HOST);
+client.setSecure("x509_PEM", caPem, 0, keyPem, certPem);
+var req = client.get("/hello", {"Accept": "*/*", "Foo": "bar"});
+req.finish(function (res) {
+ var verified = res.connection.verifyPeer();
+ var peerDN = res.connection.getPeerCertificate("DNstring");
+ assertEquals(verified, 1);
+ assertEquals(peerDN, "C=UK,ST=Acknack Ltd,L=Rhys Jones,O=node.js,"
+ + "OU=Test TLS Certificate,CN=localhost");
+ assertEquals(200, res.statusCode);
+ responses_recvd += 1;
+ res.setBodyEncoding("ascii");
+ res.addListener("body", function (chunk) { body0 += chunk; });
+ debug("Got /hello response");
+});
+
+setTimeout(function () {
+ req = client.post("/world");
+ req.finish(function (res) {
+ var verified = res.connection.verifyPeer();
+ var peerDN = res.connection.getPeerCertificate("DNstring");
+ assertEquals(verified, 1);
+ assertEquals(peerDN, "C=UK,ST=Acknack Ltd,L=Rhys Jones,O=node.js,"
+ + "OU=Test TLS Certificate,CN=localhost");
+ assertEquals(200, res.statusCode);
+ responses_recvd += 1;
+ res.setBodyEncoding("utf8");
+ res.addListener("body", function (chunk) { body1 += chunk; });
+ debug("Got /world response");
+ });
+}, 1);
+
+process.addListener("exit", function () {
+ debug("responses_recvd: " + responses_recvd);
+ assertEquals(2, responses_recvd);
+
+ debug("responses_sent: " + responses_sent);
+ assertEquals(2, responses_sent);
+
+ assertEquals("The path was /hello", body0);
+ assertEquals("The path was /world", body1);
+});
+

0 comments on commit 5b1a535

Please sign in to comment.