Skip to content

Commit

Permalink
tls: forward new SecureContext options
Browse files Browse the repository at this point in the history
We have a few places where we individually forward each
parameter to tls.createSecureContext(). In #28973 and others,
we added new SecureContext options but forgot to keep these
places up to date.

As per https.Agent#getName, I understand that at least
`privateKeyIdentifier` and `privateKeyEngine` should be
added too, since they're a substitute for `key`. I've
also added sigalgs.

Fixes: #36322
Refs: #28973

PR-URL: #36416
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
mildsunrise authored and targos committed May 1, 2021
1 parent 3701e5d commit 08ed233
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 4 deletions.
12 changes: 11 additions & 1 deletion lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -1320,6 +1320,9 @@ Server.prototype.setSecureContext = function(options) {
if (options.ticketKeys)
this.ticketKeys = options.ticketKeys;

this.privateKeyIdentifier = options.privateKeyIdentifier;
this.privateKeyEngine = options.privateKeyEngine;

this._sharedCreds = tls.createSecureContext({
pfx: this.pfx,
key: this.key,
Expand All @@ -1339,7 +1342,9 @@ Server.prototype.setSecureContext = function(options) {
crl: this.crl,
sessionIdContext: this.sessionIdContext,
ticketKeys: this.ticketKeys,
sessionTimeout: this.sessionTimeout
sessionTimeout: this.sessionTimeout,
privateKeyIdentifier: this.privateKeyIdentifier,
privateKeyEngine: this.privateKeyEngine,
});
};

Expand Down Expand Up @@ -1405,6 +1410,11 @@ Server.prototype.setOptions = deprecate(function(options) {
}
if (options.pskCallback) this[kPskCallback] = options.pskCallback;
if (options.pskIdentityHint) this[kPskIdentityHint] = options.pskIdentityHint;
if (options.sigalgs) this.sigalgs = options.sigalgs;
if (options.privateKeyIdentifier !== undefined)
this.privateKeyIdentifier = options.privateKeyIdentifier;
if (options.privateKeyEngine !== undefined)
this.privateKeyEngine = options.privateKeyEngine;
}, 'Server.prototype.setOptions() is deprecated', 'DEP0122');

// SNI Contexts High-Level API
Expand Down
13 changes: 13 additions & 0 deletions lib/https.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
const {
ObjectAssign,
ObjectSetPrototypeOf,
JSONStringify,
} = primordials;

require('internal/util').assertCrypto();
Expand Down Expand Up @@ -236,6 +237,18 @@ Agent.prototype.getName = function getName(options) {
if (options.sessionIdContext)
name += options.sessionIdContext;

name += ':';
if (options.sigalgs)
name += JSONStringify(options.sigalgs);

name += ':';
if (options.privateKeyIdentifier)
name += options.privateKeyIdentifier;

name += ':';
if (options.privateKeyEngine)
name += options.privateKeyEngine;

return name;
};

Expand Down
10 changes: 7 additions & 3 deletions test/parallel/test-https-agent-getname.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ const agent = new https.Agent();
// empty options
assert.strictEqual(
agent.getName({}),
'localhost:::::::::::::::::::'
'localhost::::::::::::::::::::::'
);

// Pass all options arguments
Expand All @@ -34,11 +34,15 @@ const options = {
secureOptions: 0,
secureProtocol: 'secureProtocol',
servername: 'localhost',
sessionIdContext: 'sessionIdContext'
sessionIdContext: 'sessionIdContext',
sigalgs: 'sigalgs',
privateKeyIdentifier: 'privateKeyIdentifier',
privateKeyEngine: 'privateKeyEngine',
};

assert.strictEqual(
agent.getName(options),
'0.0.0.0:443:192.168.1.1:ca:cert:dynamic:ciphers:key:pfx:false:localhost:' +
'::secureProtocol:c,r,l:false:ecdhCurve:dhparam:0:sessionIdContext'
'::secureProtocol:c,r,l:false:ecdhCurve:dhparam:0:sessionIdContext:' +
'"sigalgs":privateKeyIdentifier:privateKeyEngine'
);

0 comments on commit 08ed233

Please sign in to comment.