Make encrypted connections work with node v0.10.

Initiate TLS handshake by writing LOGIN7 packet to tls SecurePair cleartext stream. Needed because streams2 are lazy. Default ciphers to RC4-MD5, as I can't get the default DES-CBC3-SHA to work (yet). fixes #86
tediousjs · Mar 26, 2013 · 71517e2 · 71517e2
1 parent 951f720
commit 71517e2
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 11 deletions.
diff --git a/src/connection.coffee b/src/connection.coffee
@@ -61,6 +61,7 @@ class Connection extends EventEmitter
           @transitionTo(@STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN)
         tls: ->
           @initiateTlsSslHandshake()
+          @sendLogin7Packet()
           @transitionTo(@STATE.SENT_TLSSSLNEGOTIATION)
 
     SENT_TLSSSLNEGOTIATION:
@@ -74,11 +75,9 @@ class Connection extends EventEmitter
         data: (data) ->
           @securePair.encrypted.write(data)
         tlsNegotiated: ->
-          @encryptAllFutureTraffic()
           @tlsNegotiationComplete = true
         message: ->
           if  @tlsNegotiationComplete
-            @sendLogin7Packet()
             @transitionTo(@STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN)
           else
 
@@ -399,25 +398,27 @@ class Connection extends EventEmitter
     )
 
   initiateTlsSslHandshake: ->
+    @config.options.cryptoCredentialsDetails.ciphers ||= 'RC4-MD5'
+
     credentials = crypto.createCredentials(@config.options.cryptoCredentialsDetails)
     @securePair = tls.createSecurePair(credentials)
 
     @securePair.on('secure', =>
       cipher = @securePair.cleartext.getCipher()
       @debug.log("TLS negotiated (#{cipher.name}, #{cipher.version})")
-      #console.log @securePair.cleartext.getPeerCertificate()
+      # console.log cipher
+      # console.log @securePair.cleartext.getPeerCertificate()
 
       @emit('secure', @securePair.cleartext)
+      @messageIo.encryptAllFutureTraffic()
       @dispatchEvent('tlsNegotiated')
     )
 
     @securePair.encrypted.on('data', (data) =>
       @messageIo.sendMessage(TYPE.PRELOGIN, data)
     )
 
-  encryptAllFutureTraffic: ->
-    @securePair.encrypted.removeAllListeners()
-    @messageIo.encryptAllFutureTraffic(@securePair)
+    @messageIo.tlsNegotiationStarting(@securePair)
 
   sendDataToTokenStreamParser: (data) ->
     @tokenStreamParser.addBuffer(data)

diff --git a/src/message-io.coffee b/src/message-io.coffee
@@ -4,6 +4,7 @@ isPacketComplete = require('./packet').isPacketComplete
 packetLength = require('./packet').packetLength
 packetHeaderLength = require('./packet').HEADER_LENGTH
 Packet = require('./packet').Packet
+TYPE = require('./packet').TYPE
 
 class MessageIO extends EventEmitter
   constructor: (@socket, @_packetSize, @debug) ->
@@ -46,9 +47,11 @@ class MessageIO extends EventEmitter
 
     @_packetSize
 
-  encryptAllFutureTraffic: (securePair) ->
+  tlsNegotiationStarting: (securePair) ->
     @securePair = securePair
+    @tlsNegotiationInProgress = true;
 
+  encryptAllFutureTraffic: () ->
     @socket.removeAllListeners('data')
     @securePair.encrypted.removeAllListeners('data')
 
@@ -57,6 +60,8 @@ class MessageIO extends EventEmitter
 
     @securePair.cleartext.addListener('data', @eventData)
 
+    @tlsNegotiationInProgress = false;
+
   # TODO listen for 'drain' event when socket.write returns false.
   sendMessage: (packetType, data, resetConnection) ->
     numberOfPackets = (Math.floor((data.length - 1) / @packetDataSize)) + 1
@@ -75,15 +80,21 @@ class MessageIO extends EventEmitter
       packet.packetId(packetNumber + 1)
       packet.addData(packetPayload)
 
-      @sendPacket(packet)
+      @sendPacket(packet, packetType)
 
-  sendPacket: (packet) =>
+  sendPacket: (packet, packetType) =>
     @logPacket('Sent', packet);
 
-    if (@securePair)
+    if @tlsNegotiationInProgress && packetType != TYPE.PRELOGIN
+      # LOGIN7 packet.
+      #   Something written to cleartext stream will initiate TLS handshake.
+      #   Will not emerge from the encrypted stream until after negotiation has completed.
       @securePair.cleartext.write(packet.buffer)
     else
-      @socket.write(packet.buffer)
+      if (@securePair && !@tlsNegotiationInProgress)
+        @securePair.cleartext.write(packet.buffer)
+      else
+        @socket.write(packet.buffer)
 
   logPacket: (direction, packet) ->
     @debug.packet(direction, packet)