From eb1eb64149f255b2c7ff6b2ec4451261b41e56f5 Mon Sep 17 00:00:00 2001 From: Jim Geurts Date: Tue, 22 Oct 2019 13:52:20 -0500 Subject: [PATCH 1/4] Support additional tls.connect() options --- lib/connection.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/connection.js b/lib/connection.js index 48d65d25f..c88664f53 100644 --- a/lib/connection.js +++ b/lib/connection.js @@ -102,7 +102,20 @@ Connection.prototype.connect = function (port, host) { key: self.ssl.key, passphrase: self.ssl.passphrase, cert: self.ssl.cert, + ciphers: self.ssl.ciphers, + sigalgs: self.ssl.sigalgs, + clientCertEngine: self.ssl.clientCertEngine, + crl: self.ssl.crl, + dhparam: self.ssl.dhparam, + ecdhCurve: self.ssl.ecdhCurve, + honorCipherOrder: self.ssl.honorCipherOrder, + privateKeyEngine: self.ssl.privateKeyEngine, + privateKeyIdentifier: self.ssl.privateKeyIdentifier, + maxVersion: self.ssl.maxVersion, + minVersion: self.ssl.minVersion, + minDHSize: self.ssl.minDHSize, secureOptions: self.ssl.secureOptions, + ALPNProtocols: self.ssl.ALPNProtocols, NPNProtocols: self.ssl.NPNProtocols }) self.attachListeners(self.stream) From 61392ba2e6d891eed74335c027a4465ccaec9fdb Mon Sep 17 00:00:00 2001 From: Jim Geurts Date: Mon, 11 Nov 2019 12:52:27 -0600 Subject: [PATCH 2/4] Pass-through all ssl options to tls.connect() --- lib/connection.js | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/lib/connection.js b/lib/connection.js index c88664f53..73729f86d 100644 --- a/lib/connection.js +++ b/lib/connection.js @@ -92,32 +92,11 @@ Connection.prototype.connect = function (port, host) { return self.emit('error', new Error('There was an error establishing an SSL connection')) } var tls = require('tls') - self.stream = tls.connect({ + self.stream = tls.connect(Object.assign({ socket: self.stream, servername: host, - checkServerIdentity: self.ssl.checkServerIdentity || tls.checkServerIdentity, - rejectUnauthorized: self.ssl.rejectUnauthorized, - ca: self.ssl.ca, - pfx: self.ssl.pfx, - key: self.ssl.key, - passphrase: self.ssl.passphrase, - cert: self.ssl.cert, - ciphers: self.ssl.ciphers, - sigalgs: self.ssl.sigalgs, - clientCertEngine: self.ssl.clientCertEngine, - crl: self.ssl.crl, - dhparam: self.ssl.dhparam, - ecdhCurve: self.ssl.ecdhCurve, - honorCipherOrder: self.ssl.honorCipherOrder, - privateKeyEngine: self.ssl.privateKeyEngine, - privateKeyIdentifier: self.ssl.privateKeyIdentifier, - maxVersion: self.ssl.maxVersion, - minVersion: self.ssl.minVersion, - minDHSize: self.ssl.minDHSize, - secureOptions: self.ssl.secureOptions, - ALPNProtocols: self.ssl.ALPNProtocols, - NPNProtocols: self.ssl.NPNProtocols - }) + checkServerIdentity: tls.checkServerIdentity, + }, self.ssl) self.attachListeners(self.stream) self.stream.on('error', reportStreamError) From 8bc1e832874fa4cc56f6fc26074dc423ebd9b8d5 Mon Sep 17 00:00:00 2001 From: Jim Geurts Date: Mon, 11 Nov 2019 13:12:06 -0600 Subject: [PATCH 3/4] Fix lint error --- lib/connection.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/connection.js b/lib/connection.js index ac906a0b8..a164fae4e 100644 --- a/lib/connection.js +++ b/lib/connection.js @@ -93,7 +93,7 @@ Connection.prototype.connect = function (port, host) { var tls = require('tls') const options = Object.assign({ socket: self.stream, - checkServerIdentity: tls.checkServerIdentity, + checkServerIdentity: tls.checkServerIdentity }, self.ssl) if (net.isIP(host) === 0) { options.servername = host From 319f7d8658df72aa1ac67bac356031cec3270521 Mon Sep 17 00:00:00 2001 From: Jim Geurts Date: Mon, 11 Nov 2019 16:06:20 -0600 Subject: [PATCH 4/4] Remove tls.checkServerIdentity explicit option --- lib/connection.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/connection.js b/lib/connection.js index a164fae4e..cdcb0cbb3 100644 --- a/lib/connection.js +++ b/lib/connection.js @@ -92,8 +92,7 @@ Connection.prototype.connect = function (port, host) { } var tls = require('tls') const options = Object.assign({ - socket: self.stream, - checkServerIdentity: tls.checkServerIdentity + socket: self.stream }, self.ssl) if (net.isIP(host) === 0) { options.servername = host