-
Notifications
You must be signed in to change notification settings - Fork 30.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tls: implement clientCertEngine option
Add an option 'clientCertEngine' to `tls.createSecureContext()` which gets wired up to OpenSSL function `SSL_CTX_set_client_cert_engine`. The option is passed through from `https.request()` as well. This allows using a custom OpenSSL engine to provide the client certificate.
- Loading branch information
1 parent
3b1db7f
commit 33c1e8b
Showing
11 changed files
with
305 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{ | ||
'targets': [ | ||
{ | ||
'target_name': 'testengine', | ||
'type': 'none', | ||
'conditions': [ | ||
['OS=="mac" and ' | ||
'node_use_openssl=="true" and ' | ||
'node_shared=="false" and ' | ||
'node_shared_openssl=="false"', { | ||
'type': 'shared_library', | ||
'sources': [ 'testengine.cc' ], | ||
'product_extension': 'engine', | ||
'include_dirs': ['../../../deps/openssl/openssl/include'], | ||
'link_settings': { | ||
'libraries': [ | ||
'../../../../out/<(PRODUCT_DIR)/<(OPENSSL_PRODUCT)' | ||
] | ||
}, | ||
}] | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
'use strict'; | ||
const common = require('../../common'); | ||
const fixture = require('../../common/fixtures'); | ||
|
||
if (!common.hasCrypto) | ||
common.skip('missing crypto'); | ||
|
||
const fs = require('fs'); | ||
const path = require('path'); | ||
|
||
const engine = path.join(__dirname, | ||
`/build/${common.buildType}/testengine.engine`); | ||
|
||
if (!fs.existsSync(engine)) | ||
common.skip('no client cert engine'); | ||
|
||
const assert = require('assert'); | ||
const https = require('https'); | ||
|
||
const agentKey = fs.readFileSync(fixture.path('/keys/agent1-key.pem')); | ||
const agentCert = fs.readFileSync(fixture.path('/keys/agent1-cert.pem')); | ||
const agentCa = fs.readFileSync(fixture.path('/keys/ca1-cert.pem')); | ||
|
||
const port = common.PORT; | ||
|
||
const serverOptions = { | ||
key: agentKey, | ||
cert: agentCert, | ||
ca: agentCa, | ||
requestCert: true, | ||
rejectUnauthorized: true | ||
}; | ||
|
||
const server = https.createServer(serverOptions, (req, res) => { | ||
res.writeHead(200); | ||
res.end('hello world'); | ||
}).listen(port, common.localhostIPv4, () => { | ||
const clientOptions = { | ||
method: 'GET', | ||
host: common.localhostIPv4, | ||
port: port, | ||
path: '/test', | ||
clientCertEngine: engine, // engine will provide key+cert | ||
rejectUnauthorized: false, // prevent failing on self-signed certificates | ||
headers: {} | ||
}; | ||
|
||
const req = https.request(clientOptions, common.mustCall(function(response) { | ||
let body = ''; | ||
response.setEncoding('utf8'); | ||
response.on('data', function(chunk) { | ||
body += chunk; | ||
}); | ||
|
||
response.on('end', common.mustCall(function() { | ||
assert.strictEqual(body, 'hello world'); | ||
server.close(); | ||
})); | ||
})); | ||
|
||
req.end(); | ||
}); |
Oops, something went wrong.
33c1e8b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SEMVER-MINOR
PR-URL: #14903
Reviewed-By: Daniel Bevenius daniel.bevenius@gmail.com
Reviewed-By: Fedor Indutny fedor.indutny@gmail.com
Reviewed-By: Anna Henningsen anna@addaleax.net
Reviewed-By: Ben Noordhuis info@bnoordhuis.nl