Permalink
Browse files

Initial TLS support

  • Loading branch information...
1 parent 1cacb50 commit b6dda612495d7edb73250649ae53bdf3e7fc223e @waveto waveto committed with ry Nov 22, 2009
View
@@ -741,6 +741,16 @@ options argument for +tcp.Server+ does.
The +request_listener+ is a function which is automatically
added to the +"request"+ event.
++server.setSecure(format_type, ca_certs, crl_list, private_key, certificate)+ ::
+Enable TLS for all incoming connections, with the specified credentials.
++
+format_type currently has to be "X509_PEM", and each of the ca, crl, key and
+cert parameters are in the format of PEM strings.
++
+The ca_certs is a string that holds a number of CA certificates for use in accepting
+client connections that authenticate themselves with a client certificate.
+The private_key is a PEM string of the unencrypted key for the server.
+
+server.listen(port, hostname)+ ::
Begin accepting connections on the specified port and hostname.
If the hostname is omitted, the server will accept connections
@@ -927,6 +937,17 @@ the response. (This sounds convoluted but it provides a chance
for the user to stream a body to the server with
+request.sendBody()+.)
++client.setSecure(format_type, ca_certs, crl_list, private_key, certificate)+ ::
+Enable TLS for the client connection, with the specified credentials.
++
+format_type currently has to be "X509_PEM", and each of the ca, crl, key and
+cert parameters are in the format of PEM strings, and optional.
++
+The ca_certs is a string that holds a number of CA certificates for use in deciding the
+authenticity of the remote server. The private_key is a PEM string of the unencrypted
+key for the client, which together with the certificate allows the client to authenticate
+itself to the server.
+
==== +http.ClientRequest+
@@ -1160,6 +1181,15 @@ Creates a new TCP server.
The +connection_listener+ argument is automatically set as a listener for
the +"connection"+ event.
++server.setSecure(format_type, ca_certs, crl_list, private_key, certificate)+ ::
+Enable TLS for all incoming connections, with the specified credentials.
++
+format_type currently has to be "X509_PEM", and each of the ca, crl, key and
+cert parameters are in the format of PEM strings.
++
+The ca_certs is a string that holds a number of CA certificates for use in accepting
+client connections that authenticate themselves with a client certificate.
+The private_key is a PEM string of the unencrypted key for the server.
+server.listen(port, host=null, backlog=128)+ ::
Tells the server to listen for TCP connections to +port+ and +host+.
@@ -1173,7 +1203,6 @@ connections for the server may grow.
+
This function is synchronous.
-
+server.close()+::
Stops the server from accepting new connections. This function is
asynchronous, the server is finally closed when the server emits a +"close"+
@@ -1279,6 +1308,25 @@ Disables the Nagle algorithm. By default TCP connections use the Nagle
algorithm, they buffer data before sending it off. Setting +noDelay+ will
immediately fire off data each time +connection.send()+ is called.
++connection.verifyPeer()+::
+Returns an integer indicating the trusted status of the peer in a TLS
+connection.
++
+Returns 1 if the peer's certificate is issued by one of the trusted CAs,
+the certificate has not been revoked, is in the issued date range,
+and if the peer is the server, matches the hostname.
++
+Returns 0 if no certificate was presented by the peer, or negative result
+if the verification fails (with a given reason code). This function is synchronous.
+
++connection.getPeerCertificate(format)+::
+For a TLS connection, returns the peer's certificate information, as defined
+by the given format.
++
+A format of "DNstring" gives a single string with the combined Distinguished
+Name (DN) from the certificate, as comma delimited name=value pairs as defined
+in RFC2253. This function is synchronous.
+
=== DNS module
Use +require("dns")+ to access this module
View
@@ -1,3 +1,15 @@
+var TLS_STATUS_CODES = {
+ 1 : 'JS_GNUTLS_CERT_VALIDATED',
+ 0 : 'JS_GNUTLS_CERT_UNDEFINED',
+}
+TLS_STATUS_CODES[-100] = 'JS_GNUTLS_CERT_SIGNER_NOT_FOUND';
+TLS_STATUS_CODES[-101] = 'JS_GNUTLS_CERT_SIGNER_NOT_CA';
+TLS_STATUS_CODES[-102] = 'JS_GNUTLS_CERT_INVALID';
+TLS_STATUS_CODES[-103] = 'JS_GNUTLS_CERT_NOT_ACTIVATED';
+TLS_STATUS_CODES[-104] = 'JS_GNUTLS_CERT_EXPIRED';
+TLS_STATUS_CODES[-105] = 'JS_GNUTLS_CERT_REVOKED';
+TLS_STATUS_CODES[-106] = 'JS_GNUTLS_CERT_DOES_NOT_MATCH_HOSTNAME';
+
exports.createServer = function (on_connection, options) {
var server = new process.tcp.Server();
server.addListener("connection", on_connection);
Oops, something went wrong.

0 comments on commit b6dda61

Please sign in to comment.