Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: support net.Server options #27665

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -1436,6 +1436,10 @@ publicly trusted list of CAs as given in
<!-- YAML
added: v0.3.2
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/27665
description: The `options` parameter now supports `net.createServer()`
options.
- version: v9.3.0
pr-url: https://github.com/nodejs/node/pull/14903
description: The `options` parameter can now include `clientCertEngine`.
Expand Down Expand Up @@ -1486,6 +1490,7 @@ changes:
data. See [Session Resumption][] for more information.
* ...: Any [`tls.createSecureContext()`][] option can be provided. For
servers, the identity options (`pfx` or `key`/`cert`) are usually required.
* ...: Any [`net.createServer()`][] option can be provided.
* `secureConnectionListener` {Function}
* Returns: {tls.Server}

Expand Down Expand Up @@ -1706,6 +1711,7 @@ where `secureSocket` has the same API as `pair.cleartext`.
[`NODE_OPTIONS`]: cli.html#cli_node_options_options
[`crypto.getCurves()`]: crypto.html#crypto_crypto_getcurves
[`dns.lookup()`]: dns.html#dns_dns_lookup_hostname_options_callback
[`net.createServer()`]: net.html#net_net_createserver_options_connectionlistener
[`net.Server.address()`]: net.html#net_server_address
[`net.Server`]: net.html#net_class_net_server
[`net.Socket`]: net.html#net_class_net_socket
Expand Down
2 changes: 1 addition & 1 deletion lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -1010,7 +1010,7 @@ function Server(options, listener) {
}

// constructor call
net.Server.call(this, tlsConnectionListener);
net.Server.call(this, options, tlsConnectionListener);

if (listener) {
this.on('secureConnection', listener);
Expand Down
63 changes: 63 additions & 0 deletions test/parallel/test-tls-server-parent-constructor-options.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
'use strict';
const common = require('../common');

if (!common.hasCrypto)
common.skip('missing crypto');

// Test that `tls.Server` constructor options are passed to the parent
// constructor.

const assert = require('assert');
const fixtures = require('../common/fixtures');
const tls = require('tls');

const options = {
key: fixtures.readKey('agent1-key.pem'),
cert: fixtures.readKey('agent1-cert.pem'),
};

{
const server = tls.createServer(options, common.mustCall((socket) => {
assert.strictEqual(socket.allowHalfOpen, false);
}));

assert.strictEqual(server.allowHalfOpen, false);

server.listen(0, common.mustCall(() => {
const socket = tls.connect({
port: server.address().port,
rejectUnauthorized: false
}, common.mustCall(() => {
socket.end();
}));

socket.on('close', () => {
server.close();
});
}));
}

{
const server = tls.createServer({
allowHalfOpen: true,
...options
}, common.mustCall((socket) => {
assert.strictEqual(socket.allowHalfOpen, true);
socket.on('end', socket.end);
}));

assert.strictEqual(server.allowHalfOpen, true);

server.listen(0, common.mustCall(() => {
const socket = tls.connect({
port: server.address().port,
rejectUnauthorized: false
}, common.mustCall(() => {
socket.end();
}));

socket.on('close', () => {
server.close();
});
}));
}