tls: new tls.TLSSocket() supports sec ctx options

sam-github · andrew749 · commit 359de5c6d861 · 2017-07-19T13:54:36.000-07:00
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: nodejs/node#10538 PR-URL: nodejs/node#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -483,7 +483,12 @@ added: v0.11.4
     will be emitted on the socket before establishing a secure communication
   * `secureContext`: Optional TLS context object created with
     [`tls.createSecureContext()`][]. If a `secureContext` is _not_ provided, one
-    will be created by calling [`tls.createSecureContext()`][] with no options.
+    will be created by passing the entire `options` object to
+    `tls.createSecureContext()`. *Note*: In effect, all
+    [`tls.createSecureContext()`][] options can be provided, but they will be
+    _completely ignored_ unless the `secureContext` option is missing.
+  * ...: Optional [`tls.createSecureContext()`][] options can be provided, see
+    the `secureContext` option for more information.
 
 Construct a new `tls.TLSSocket` object from an existing TCP socket.
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -355,7 +355,7 @@ TLSSocket.prototype._wrapHandle = function(wrap) {
   // Wrap socket's handle
   var context = options.secureContext ||
                 options.credentials ||
-                tls.createSecureContext();
+                tls.createSecureContext(options);
   res = tls_wrap.wrap(handle._externalStream,
                       context.context,
                       !!options.isServer);
diff --git a/test/parallel/test-tls-socket-default-options.js b/test/parallel/test-tls-socket-default-options.js
@@ -1,7 +1,7 @@
 'use strict';
 const common = require('../common');
 
-// Test a directly created TLS socket supports no options, and empty options.
+// Test directly created TLS sockets and options.
 
 const assert = require('assert');
 const join = require('path').join;
@@ -26,6 +26,16 @@ test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => {
   assert.ifError(err);
 });
 
+test({ca: keys.agent1.ca}, (err) => {
+  assert.ifError(err);
+});
+
+// Secure context options, like ca, are ignored if a sec ctx is explicitly
+// provided.
+test({secureContext: tls.createSecureContext(), ca: keys.agent1.ca}, (err) => {
+  assert.strictEqual(err.message, 'unable to verify the first certificate');
+});
+
 function test(client, callback) {
   callback = common.mustCall(callback);
   connect({
