tls: make 'createSecureContext' honor more options

mkrawczuk · addaleax · commit 9b279335496f · 2020-09-22T23:47:58.000+02:00
Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. PR-URL: #33974 Fixes: #20908 Reviewed-By: Alba Mendez <me@alba.sh> Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org>
diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -1685,6 +1685,11 @@ changes:
     **Default:** none, see `minVersion`.
   * `sessionIdContext` {string} Opaque identifier used by servers to ensure
     session state is not shared between applications. Unused by clients.
+  * `ticketKeys`: {Buffer} 48-bytes of cryptographically strong pseudo-random
+    data. See [Session Resumption][] for more information.
+  * `sessionTimeout` {number} The number of seconds after which a TLS session
+    created by the server will no longer be resumable. See
+    [Session Resumption][] for more information. **Default:** `300`.
 
 [`tls.createServer()`][] sets the default value of the `honorCipherOrder` option
 to `true`, other APIs that create secure contexts leave it unset.
diff --git a/lib/_tls_common.js b/lib/_tls_common.js
@@ -294,6 +294,14 @@ exports.createSecureContext = function createSecureContext(options) {
                                    options.clientCertEngine);
   }
 
+  if (options.ticketKeys) {
+    c.context.setTicketKeys(options.ticketKeys);
+  }
+
+  if (options.sessionTimeout) {
+    c.context.setSessionTimeout(options.sessionTimeout);
+  }
+
   return c;
 };
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -1317,6 +1317,12 @@ Server.prototype.setSecureContext = function(options) {
                                   .slice(0, 32);
   }
 
+  if (options.sessionTimeout)
+    this.sessionTimeout = options.sessionTimeout;
+
+  if (options.ticketKeys)
+    this.ticketKeys = options.ticketKeys;
+
   this._sharedCreds = tls.createSecureContext({
     pfx: this.pfx,
     key: this.key,
@@ -1334,16 +1340,10 @@ Server.prototype.setSecureContext = function(options) {
     secureOptions: this.secureOptions,
     honorCipherOrder: this.honorCipherOrder,
     crl: this.crl,
-    sessionIdContext: this.sessionIdContext
+    sessionIdContext: this.sessionIdContext,
+    ticketKeys: this.ticketKeys,
+    sessionTimeout: this.sessionTimeout
   });
-
-  if (this.sessionTimeout)
-    this._sharedCreds.context.setSessionTimeout(this.sessionTimeout);
-
-  if (options.ticketKeys) {
-    this.ticketKeys = options.ticketKeys;
-    this.setTicketKeys(this.ticketKeys);
-  }
 };
 
 
