Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

docs: improvement tls example

  • Loading branch information
koichik committed Oct 16, 2011
1 parent 5ca3dcd commit cdec7e3ae50636b58210ec1fe43498390374655d
Showing with 27 additions and 14 deletions.
  1. +27 −14 doc/api/tls.markdown
@@ -74,15 +74,20 @@ Here is a simple example echo server:
var options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem'),

// This is necessary only if using the client certificate authentication.
requestCert: true,

// This is necessary only if the client uses the self-signed certificate.
ca: [ fs.readFileSync('client-cert.pem') ]
};

var server = tls.createServer(options, function (s) {
var server = tls.createServer(options, function(cleartextStream) {
console.log('server connected',
s.authorized ? 'authorized' : 'not authorized');
s.write("welcome!\n");
s.pipe(s);
cleartextStream.authorized ? 'authorized' : 'unauthorized');
cleartextStream.write("welcome!\n");
cleartextStream.setEncoding('utf8');
cleartextStream.pipe(cleartextStream);
});
server.listen(8000, function() {
console.log('server bound');
@@ -100,20 +105,20 @@ You can test this server by connecting to it with `openssl s_client`:
Creates a new client connection to the given `port` and `host`. (If `host`
defaults to `localhost`.) `options` should be an object which specifies

- `key`: A string or `Buffer` containing the private key of the server in
- `key`: A string or `Buffer` containing the private key of the client in
PEM format. (Required)

- `cert`: A string or `Buffer` containing the certificate key of the server in
- `cert`: A string or `Buffer` containing the certificate key of the client in
PEM format.

- `ca`: An array of strings or `Buffer`s of trusted certificates. If this is
omitted several well known "root" CAs will be used, like VeriSign.
These are used to authorize connections.

- `NPNProtocols`: An array of string or `Buffer` containing supported NPN
protocols. `Buffer` should have following format: `0x05hello0x05world`, where
first byte is next protocol name's length. (Passing array should usually be
much simplier: `['hello', 'world']`.)
protocols. `Buffer` should have following format: `0x05hello0x05world`,
where first byte is next protocol name's length. (Passing array should
usually be much simplier: `['hello', 'world']`.)

- `servername`: Servername for SNI (Server Name Indication) TLS extension.

@@ -128,18 +133,26 @@ Here is an example of a client of echo server as described previously:
var fs = require('fs');

var options = {
// These are necessary only if using the client certificate authentication
key: fs.readFileSync('client-key.pem'),
cert: fs.readFileSync('client-cert.pem'),

// This is necessary only if the server uses the self-signed certificate
ca: [ fs.readFileSync('server-cert.pem') ]
};

var client = tls.connect(8000, options, function() {
var cleartextStream = tls.connect(8000, options, function() {
console.log('client connected',
client.authorized ? 'authorized' : 'not authorized');
client.write("Hello, World!\n");
cleartextStream.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(cleartextStream);
process.stdin.resume();
});
cleartextStream.setEncoding('utf8');
cleartextStream.on('data', function(data) {
console.log(data);
});
client.on('data', function(data) {
console.log(data.toString());
cleartextStream.on('end', function() {
server.close();
});


0 comments on commit cdec7e3

Please sign in to comment.
You can’t perform that action at this time.