Permalink
Browse files

Make encrypted connections work with node v0.10.

Initiate TLS handshake by writing LOGIN7 packet to tls SecurePair cleartext stream.
Needed because streams2 are lazy.

Default ciphers to RC4-MD5, as I can't get the default DES-CBC3-SHA to work (yet).

fixes #86
  • Loading branch information...
1 parent 951f720 commit 71517e26e4212f5877954eaa799b37186def7f41 @pekim pekim committed Mar 26, 2013
Showing with 23 additions and 11 deletions.
  1. +7 −6 src/connection.coffee
  2. +16 −5 src/message-io.coffee
View
@@ -61,6 +61,7 @@ class Connection extends EventEmitter
@transitionTo(@STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN)
tls: ->
@initiateTlsSslHandshake()
+ @sendLogin7Packet()
@transitionTo(@STATE.SENT_TLSSSLNEGOTIATION)
SENT_TLSSSLNEGOTIATION:
@@ -74,11 +75,9 @@ class Connection extends EventEmitter
data: (data) ->
@securePair.encrypted.write(data)
tlsNegotiated: ->
- @encryptAllFutureTraffic()
@tlsNegotiationComplete = true
message: ->
if @tlsNegotiationComplete
- @sendLogin7Packet()
@transitionTo(@STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN)
else
@@ -399,25 +398,27 @@ class Connection extends EventEmitter
)
initiateTlsSslHandshake: ->
+ @config.options.cryptoCredentialsDetails.ciphers ||= 'RC4-MD5'
+
credentials = crypto.createCredentials(@config.options.cryptoCredentialsDetails)
@securePair = tls.createSecurePair(credentials)
@securePair.on('secure', =>
cipher = @securePair.cleartext.getCipher()
@debug.log("TLS negotiated (#{cipher.name}, #{cipher.version})")
- #console.log @securePair.cleartext.getPeerCertificate()
+ # console.log cipher
+ # console.log @securePair.cleartext.getPeerCertificate()
@emit('secure', @securePair.cleartext)
+ @messageIo.encryptAllFutureTraffic()
@dispatchEvent('tlsNegotiated')
)
@securePair.encrypted.on('data', (data) =>
@messageIo.sendMessage(TYPE.PRELOGIN, data)
)
- encryptAllFutureTraffic: ->
- @securePair.encrypted.removeAllListeners()
- @messageIo.encryptAllFutureTraffic(@securePair)
+ @messageIo.tlsNegotiationStarting(@securePair)
sendDataToTokenStreamParser: (data) ->
@tokenStreamParser.addBuffer(data)
View
@@ -4,6 +4,7 @@ isPacketComplete = require('./packet').isPacketComplete
packetLength = require('./packet').packetLength
packetHeaderLength = require('./packet').HEADER_LENGTH
Packet = require('./packet').Packet
+TYPE = require('./packet').TYPE
class MessageIO extends EventEmitter
constructor: (@socket, @_packetSize, @debug) ->
@@ -46,9 +47,11 @@ class MessageIO extends EventEmitter
@_packetSize
- encryptAllFutureTraffic: (securePair) ->
+ tlsNegotiationStarting: (securePair) ->
@securePair = securePair
+ @tlsNegotiationInProgress = true;
+ encryptAllFutureTraffic: () ->
@socket.removeAllListeners('data')
@securePair.encrypted.removeAllListeners('data')
@@ -57,6 +60,8 @@ class MessageIO extends EventEmitter
@securePair.cleartext.addListener('data', @eventData)
+ @tlsNegotiationInProgress = false;
+
# TODO listen for 'drain' event when socket.write returns false.
sendMessage: (packetType, data, resetConnection) ->
numberOfPackets = (Math.floor((data.length - 1) / @packetDataSize)) + 1
@@ -75,15 +80,21 @@ class MessageIO extends EventEmitter
packet.packetId(packetNumber + 1)
packet.addData(packetPayload)
- @sendPacket(packet)
+ @sendPacket(packet, packetType)
- sendPacket: (packet) =>
+ sendPacket: (packet, packetType) =>
@logPacket('Sent', packet);
- if (@securePair)
+ if @tlsNegotiationInProgress && packetType != TYPE.PRELOGIN
+ # LOGIN7 packet.
+ # Something written to cleartext stream will initiate TLS handshake.
+ # Will not emerge from the encrypted stream until after negotiation has completed.
@securePair.cleartext.write(packet.buffer)
else
- @socket.write(packet.buffer)
+ if (@securePair && !@tlsNegotiationInProgress)
+ @securePair.cleartext.write(packet.buffer)
+ else
+ @socket.write(packet.buffer)
logPacket: (direction, packet) ->
@debug.packet(direction, packet)

0 comments on commit 71517e2

Please sign in to comment.