From de09e85f6798ed5a301ad9e03510df4406ad6e6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9A=D0=BE=D1=80=D0=B5=D0=BD=D0=B1=D0=B5=D1=80=D0=B3=20?=
 =?UTF-8?q?=D0=9C=D0=B0=D1=80=D0=BA?= <mark@ideco.ru>
Date: Tue, 5 May 2015 12:41:16 +0500
Subject: [PATCH] Add missing `options` argument to createSecurePair

Also helps in implementation of #6204, where some options passed to
createSecurePair and ignored before this patch.

These options are very helpful if someone wants to pass
options.servername or options.SNICallback to securepair.
---
 doc/api/tls.markdown                          |   4 ++-
 lib/_tls_legacy.js                            |   6 ++--
 test/fixtures/google_ssl_hello.bin            | Bin 0 -> 517 bytes
 test/parallel/test-tls-securepair-fiftharg.js |  27 ++++++++++++++++++
 4 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 test/fixtures/google_ssl_hello.bin
 create mode 100644 test/parallel/test-tls-securepair-fiftharg.js

diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
index 9fb0e095c02e7b..d2415d9c733f48 100644
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@@ -506,7 +506,7 @@ publicly trusted list of CAs as given in
 <http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.
 
 
-## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized])
+## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
 
 Creates a new secure pair object with two streams, one of which reads/writes
 encrypted data, and one reads/writes cleartext data.
@@ -525,6 +525,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
    automatically reject clients with invalid certificates. Only applies to
    servers with `requestCert` enabled.
 
+ - `options`: An object with common SSL options. See [tls.TLSSocket][].
+
 `tls.createSecurePair()` returns a SecurePair object with `cleartext` and
 `encrypted` stream properties.
 
diff --git a/lib/_tls_legacy.js b/lib/_tls_legacy.js
index 1d700c9218f538..7f7707d149dfa2 100644
--- a/lib/_tls_legacy.js
+++ b/lib/_tls_legacy.js
@@ -761,11 +761,13 @@ function securePairNT(self, options) {
 exports.createSecurePair = function(context,
                                     isServer,
                                     requestCert,
-                                    rejectUnauthorized) {
+                                    rejectUnauthorized,
+                                    options) {
   var pair = new SecurePair(context,
                             isServer,
                             requestCert,
-                            rejectUnauthorized);
+                            rejectUnauthorized,
+                            options);
   return pair;
 };
 
diff --git a/test/fixtures/google_ssl_hello.bin b/test/fixtures/google_ssl_hello.bin
new file mode 100644
index 0000000000000000000000000000000000000000..5170533ab2170fb6ea89bb6c65944a5ae59f222e
GIT binary patch
literal 517
zcmWe*W@KVuWMKTm%v`Oa@Z!+d+6#M*zFShAsw%pd<^JuXn|(G1EZW}}e0Of3LUqQ<
zOY>zLo@#1%i-pZ&Qx4dBs(<F$YwS#t;(fDzJ6vE;IiP(&pJCnst^=G0gb#=uU_T(p
zV9a2|V979tL7%~tfs28afdyz;KLZ1UFoPfi17CT0xn6pHetJ%-UUGi!f1n%#P!$IQ
z8-qB51cM|4Hv<z;M491A;??&@J=e_>$X~fVu_;GjE5ly>G@EL(&ChdAs>{kIahY@c
z+!bfz$!0S%Rp?D=`_sS@Bi5A%E9Mo?3Y>j?0l&zzrE0g1osr9X(W5sbn<sYTI_YV@
zxO+C_>%H-uWA*r2!IWNCyEz|z-;vwdx2f1U-8S)~{#~u-$ysV4GtGn2XYKed-qX5m
z?F)zfT9?0`QJ5vhT{TUl_>tCA-&cacT<LxZC(J4yOp&bGe{u86`Io*-e#*FH=?bQE
ze_EK2UjEUrNhL|?phs&|p#9F9>31(x3a|BZaQl4IxC9su0t`|N5*)<^DV6%hdWNhS
zM!JS392q4g1^R}1hNS^O6|4-bz%T#;At2@jk^(G@tc*;IEX=ITOw24yOiT=-3^rgD
GWD)?}{iWpq

literal 0
HcmV?d00001

diff --git a/test/parallel/test-tls-securepair-fiftharg.js b/test/parallel/test-tls-securepair-fiftharg.js
new file mode 100644
index 00000000000000..b4610117889cc2
--- /dev/null
+++ b/test/parallel/test-tls-securepair-fiftharg.js
@@ -0,0 +1,27 @@
+'use strict';
+
+const common = require('../common');
+const assert = require('assert');
+const fs = require('fs');
+const tls = require('tls');
+
+const sslcontext = tls.createSecureContext({
+  cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
+  key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
+});
+
+var catchedServername;
+const pair = tls.createSecurePair(sslcontext, true, false, false, {
+  SNICallback: common.mustCall(function(servername, cb) {
+    catchedServername = servername;
+  })
+});
+
+// captured traffic from browser's request to https://www.google.com
+const sslHello = fs.readFileSync(common.fixturesDir + '/google_ssl_hello.bin');
+
+pair.encrypted.write(sslHello);
+
+process.on('exit', function() {
+  assert.strictEqual('www.google.com', catchedServername);
+});