From 2594cd26eb9645bc3eb2ffa9c18e129fe519a57d Mon Sep 17 00:00:00 2001 From: Ujjwal Sharma Date: Thu, 24 May 2018 02:30:09 +0530 Subject: [PATCH 1/4] crypto: add ticketKeys option in createSecureContext There's a method to initialize a TLS Server using tls.createSever by specifying a ticketKeys option, but none in the underlying constructor, tls.createSecureContext. This PR adds the ticketKeys option to tls.createSecureContext. Fixes: https://github.com/nodejs/node/issues/20908 --- lib/_tls_common.js | 5 +++++ lib/_tls_wrap.js | 7 ++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/_tls_common.js b/lib/_tls_common.js index d8f6afed0bd8fb..8b4430b0af837d 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -223,6 +223,11 @@ exports.createSecureContext = function createSecureContext(options, context) { options.clientCertEngine); } + // Set ticketKeys right inside createSecureContext + if (options.ticketKeys) { + c.context.setTicketKeys(options.ticketKeys); + } + return c; }; diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index d85d85752b631b..13bf9a51109b71 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -885,7 +885,8 @@ function Server(options, listener) { secureOptions: this.secureOptions, honorCipherOrder: this.honorCipherOrder, crl: this.crl, - sessionIdContext: this.sessionIdContext + sessionIdContext: this.sessionIdContext, + ticketKeys: this.ticketKeys }); this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000); @@ -900,10 +901,6 @@ function Server(options, listener) { this._sharedCreds.context.setSessionTimeout(this.sessionTimeout); } - if (this.ticketKeys) { - this._sharedCreds.context.setTicketKeys(this.ticketKeys); - } - // constructor call net.Server.call(this, tlsConnectionListener); From 6269853a9a444a3fbed351ddeb12a6e97114543d Mon Sep 17 00:00:00 2001 From: Ujjwal Sharma Date: Fri, 25 May 2018 01:48:49 +0530 Subject: [PATCH 2/4] fixup! crypto: add ticketKeys option in createSecureContext --- lib/_tls_common.js | 14 +++++++++++++- lib/_tls_wrap.js | 7 ++----- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 8b4430b0af837d..7550fc889f6c90 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -56,6 +56,15 @@ function SecureContext(secureProtocol, secureOptions, context) { if (secureOptions) this.context.setOptions(secureOptions); } +SecureContext.prototype.getTicketKeys = function getTicketKeys(keys) { + return this.context.getTicketKeys(keys); +}; + + +SecureContext.prototype.setTicketKeys = function setTicketKeys(keys) { + this.context.setTicketKeys(keys); +}; + function validateKeyCert(name, value) { if (typeof value !== 'string' && !isArrayBufferView(value)) { throw new ERR_INVALID_ARG_TYPE( @@ -223,11 +232,14 @@ exports.createSecureContext = function createSecureContext(options, context) { options.clientCertEngine); } - // Set ticketKeys right inside createSecureContext if (options.ticketKeys) { c.context.setTicketKeys(options.ticketKeys); } + if (options.sessionTimeout) { + c.context.setSessionTimeout(options.sessionTimeout); + } + return c; }; diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 13bf9a51109b71..f8594b374c7bec 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -886,7 +886,8 @@ function Server(options, listener) { honorCipherOrder: this.honorCipherOrder, crl: this.crl, sessionIdContext: this.sessionIdContext, - ticketKeys: this.ticketKeys + ticketKeys: this.ticketKeys, + sessionTimeout: this.sessionTimeout, }); this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000); @@ -897,10 +898,6 @@ function Server(options, listener) { 'options.handshakeTimeout', 'number', options.handshakeTimeout); } - if (this.sessionTimeout) { - this._sharedCreds.context.setSessionTimeout(this.sessionTimeout); - } - // constructor call net.Server.call(this, tlsConnectionListener); From 38e22dcf3c24f7e52caa3cfdf2260fb098f6aeba Mon Sep 17 00:00:00 2001 From: Ujjwal Sharma Date: Sat, 26 May 2018 11:26:35 +0530 Subject: [PATCH 3/4] fixup! crypto: add ticketKeys option in createSecureContext --- lib/_tls_common.js | 4 ++-- .../test-tls-securecontext-ticketkeys.js | 22 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 test/parallel/test-tls-securecontext-ticketkeys.js diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 7550fc889f6c90..6c124d35f48dd1 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -56,8 +56,8 @@ function SecureContext(secureProtocol, secureOptions, context) { if (secureOptions) this.context.setOptions(secureOptions); } -SecureContext.prototype.getTicketKeys = function getTicketKeys(keys) { - return this.context.getTicketKeys(keys); +SecureContext.prototype.getTicketKeys = function getTicketKeys() { + return this.context.getTicketKeys(); }; diff --git a/test/parallel/test-tls-securecontext-ticketkeys.js b/test/parallel/test-tls-securecontext-ticketkeys.js new file mode 100644 index 00000000000000..c20164e67c7404 --- /dev/null +++ b/test/parallel/test-tls-securecontext-ticketkeys.js @@ -0,0 +1,22 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); +const fixtures = require('../common/fixtures'); + +const assert = require('assert'); +const crypto = require('crypto'); +const tls = require('tls'); + +const keys = crypto.randomBytes(48); +const otherKeys = crypto.randomBytes(48); + +const context = tls.createSecureContext({ + key: fixtures.readKey('agent1-key.pem'), + cert: fixtures.readKey('agent1-cert.pem'), + ticketKeys: keys +}); + +assert.strictEqual(context.getTicketKeys(), keys); +context.setTicketKeys(otherKeys); +assert.strictEqual(context.getTicketKeys(), otherKeys); From 3964032488c96d36a9fc82bb91cd4329bd504638 Mon Sep 17 00:00:00 2001 From: Ujjwal Sharma Date: Sat, 26 May 2018 22:25:36 +0530 Subject: [PATCH 4/4] fixup! crypto: add ticketKeys option in createSecureContext --- test/parallel/test-tls-securecontext-ticketkeys.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/parallel/test-tls-securecontext-ticketkeys.js b/test/parallel/test-tls-securecontext-ticketkeys.js index c20164e67c7404..4a20a29be1f2bd 100644 --- a/test/parallel/test-tls-securecontext-ticketkeys.js +++ b/test/parallel/test-tls-securecontext-ticketkeys.js @@ -14,9 +14,11 @@ const otherKeys = crypto.randomBytes(48); const context = tls.createSecureContext({ key: fixtures.readKey('agent1-key.pem'), cert: fixtures.readKey('agent1-cert.pem'), - ticketKeys: keys + ticketKeys: keys, + sessionTimeout: 1, }); -assert.strictEqual(context.getTicketKeys(), keys); +assert.deepStrictEqual(context.getTicketKeys(), keys); context.setTicketKeys(otherKeys); -assert.strictEqual(context.getTicketKeys(), otherKeys); +assert.deepStrictEqual(context.getTicketKeys(), otherKeys); +setTimeout(() => assert.deepStrictEqual(context.getTicketKeys(), otherKeys), 5000);