tls: async session storage

[indutny]

WIP

Example:

var cluster = require('cluster'),
    https = require('https'),
    fs = require('fs'),
    Buffer = require('buffer').Buffer;

var redis = require('redis').createClient();

function start() {
  var options = {
    key: fs.readFileSync('./test/fixtures/test_key.pem'),
    cert: fs.readFileSync('./test/fixtures/test_cert.pem')
  };

  var server = https.createServer(options, function (req, res) {
    if (req.url === '/abc') process.exit();
    res.end('hello');
  });

  server.listen(44300, function() {
    console.log('listening!');
  });

  server.on('resumeTlsSession', function(key, callback) {
    redis.get('tls_sessions:' + key.toString('base64'), function(err, sess) {
      if (err || !sess) return callback(err, sess);
      callback(null, new Buffer(sess, 'base64'));
    });
  });

  server.on('newTlsSession', function(key, session) {
    var rkey = 'tls_sessions:' + key.toString('base64');
    redis.set(rkey, session.toString('base64'));
    redis.expire(rkey, 300);
  });
}

if (cluster.isMaster) {
  for (var i = 0; i < 4; i++) {
    cluster.fork();
  }

  cluster.on('exit', function(worker, code, signal) {
    cluster.fork();
  });
} else {
  start();
}

[bnoordhuis]

Fedor, is this still relevant? If so, can you rebase it?

[indutny]

Rebased.

[indutny]

Btw, are we going to try it out? /cc @isaacs @bnoordhuis

[bnoordhuis]

Premature optimization, probably even a deoptimization when .listeners() returns a copy (which is likely going to happen).

EDIT: Hah, sorry - missed the else. :)

[isaacs]

No, it is only a deoptimization. It should be something like this:

if (hello.sessionId.length <= 0 ||
    !this.server.emit('resumeTlsSession', hello.sessionId, callback)) {
  callback(null, null);
}

emit returns true if any listeners were called, or false if there are no listeners.

[indutny]

Force pushed with @isaacs variant

[indutny]

Fixed everything mentioned.

[indutny]

Rebased patch on master.

[bnoordhuis]

Bug.

[indutny]

Why?

[indutny]

Ah, 0

[bnoordhuis]

Style: needs to align. Maybe use a temp var.

[bnoordhuis]

Generally LGTM. Fix the latest round of comments and add a few tests and it's ready to go in.

[bnoordhuis]

Your patch seems to break simple/test-tls-securepair-server:

$ out/Release/node test/simple/test-tls-securepair-server.js
***server*** connection fd=undefined
***server*** i set it secure

tls.js:732
  this.socket.pause();
              ^
TypeError: Cannot call method 'pause' of null
    at SecurePair.onclienthello (tls.js:732:15)
    at process.startup.processMakeCallback.process._makeCallback (node.js:248:20)
    at EncryptedStream._puller (tls.js:689:24)
    at EncryptedStream.CryptoStream._pull (tls.js:582:19)
    at SecurePair.cycle (tls.js:898:20)
    at EncryptedStream.CryptoStream.write (tls.js:266:13)
    at Socket.ondata (stream.js:38:26)
    at Socket.EventEmitter.emit (events.js:88:17)
    at TCP.onread (net.js:395:14)
    at process.startup.processMakeCallback.process._makeCallback (node.js:248:20)

[indutny]

Fixed nits, tests are passing.

[pquerna]

I believe session_size should always be >=16 and <= 32. I think its safer to encode these limitations here, and fallback to openssl -- I want to be paranoid about parsing this kind of thing.

[indutny]

fFixed.

[bnoordhuis]

One final nit, otherwise LGTM.

[indutny]

Thank you very much for reviewing this for a lot of times! Landed 8e0c830