Skip to content

Commit 4b59612

Browse files
sidoraressidorares
committed
startTLS implementation
1 parent c42c7c7 commit 4b59612

File tree

1 file changed

+54
-4
lines changed

1 file changed

+54
-4
lines changed

lib/Connection.js

+54-4
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,17 @@ Connection.prototype.connect = function(cb) {
6565
: Net.createConnection(this.config);
6666

6767
// Node v0.10+ Switch socket into "old mode" (Streams2)
68-
this._socket.on("data",function() {});
69-
70-
this._socket.pipe(this._protocol);
71-
this._protocol.pipe(this._socket);
68+
//this._socket.on("data",function() {});
69+
70+
//this._socket.pipe(this._protocol);
71+
//this._protocol.pipe(this._socket);
72+
var connection = this;
73+
this._protocol.on('data', function(data) {
74+
connection._socket.write(data);
75+
});
76+
this._socket.on('data', function(data) {
77+
connection._protocol.write(data);
78+
});
7279

7380
this._socket.on('error', this._handleNetworkError.bind(this));
7481
this._socket.on('connect', this._handleProtocolConnect.bind(this));
@@ -200,6 +207,49 @@ Connection.prototype.format = function(sql, values) {
200207
return SqlString.format(sql, values, this.config.stringifyObjects, this.config.timezone);
201208
};
202209

210+
211+
Connection.prototype._startTLS = function(onSecure) {
212+
213+
var crypto = require('crypto');
214+
var tls = require('tls');
215+
var sslProfiles, sslProfileName;
216+
if (typeof this.config.ssl == 'string') {
217+
sslProfileName = this.config.ssl;
218+
sslProfiles = require('../fixtures/ssl-profiles.json');
219+
this.config.ssl = sslProfiles[this.config.ssl];
220+
if (!this.config.ssl)
221+
throw new Error('Unknown SSL profile for ' + sslProfileName);
222+
}
223+
224+
// before TLS:
225+
// _socket <-> _protocol
226+
// after:
227+
// _socket <-> securePair.encrypted <-> securePair.cleartext <-> _protocol
228+
229+
var credentials = crypto.createCredentials({
230+
key: this.config.ssl.key,
231+
cert: this.config.ssl.cert,
232+
passphrase: this.config.ssl.passphrase,
233+
ca: this.config.ssl.ca
234+
});
235+
236+
var securePair = tls.createSecurePair(credentials, false);
237+
238+
securePair.encrypted.pipe(this._socket);
239+
securePair.cleartext.pipe(this._protocol);
240+
241+
// TODO: change to unpipe/pipe (does not work for some reason. Streams1/2 conflict?)
242+
this._socket.removeAllListeners('data');
243+
this._protocol.removeAllListeners('data');
244+
this._socket.on('data', function(data) {
245+
securePair.encrypted.write(data);
246+
});
247+
this._protocol.on('data', function(data) {
248+
securePair.cleartext.write(data);
249+
});
250+
securePair.on('secure', onSecure);
251+
};
252+
203253
Connection.prototype._handleConnectTimeout = function() {
204254
if (this._socket) {
205255
this._socket.setTimeout(0);

0 commit comments

Comments
 (0)