-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNICallback doesn't appear to work with tls.createSecurePair()
#4878
Comments
Yea, confirmed...looks like https://github.com/nodejs/node/blob/master/src/node_crypto.cc#L2691 could be where the issue lies? /cc @indutny |
Reproducing the test case here for posterity: #!/usr/bin/env node
var fs = require('fs');
var net = require('net');
var tls = require('tls');
var secureContext = tls.createSecureContext({
cert: fs.readFileSync('test_cert.pem'),
key: fs.readFileSync('test_key.pem')
})
var server = net.Server(function(raw) {
var pair = tls.createSecurePair(null, true, false, false, {
SNICallback: function(servername, cb) {
console.log('servername', servername);
cb(null, secureContext);
}
});
raw.pipe(pair.encrypted).pipe(raw);
});
server.listen(4443, function() {
var addr = server.address();
console.log('Server listening on %s %s:%d', addr.family, addr.address, addr.port);
}); Here, I think it should be possible to move the legacy implementation over to |
@bnoordhuis by saying
Do you mean moving the whole |
I'm on it. |
I'm having a related problem, discribed here: https://stackoverflow.com/questions/35586957/nodejs-starttls-use-sni and there seems to be no answer, I'd like to confirm if this bug might be the cause, as it's a little bit different use case. |
@webertlima Looks to be the same issue, yes. |
@jhamhader how goes? |
@jhamhader let me know if you need any help on this. I would be more than happy to supply any amount of hints, or pick it over from you (if you are busy with other things). |
I would like that and will contact you over IRC/mail. |
Any progress on this? |
|
@jhamhader Alright. Tried using TLSSocket, had to change a lot of code but it'll do just fine. Thanks very much for hitting back. |
Looks like the issue is resolved in some sense. |
Test case: https://gist.github.com/adammw/cf4327506d4293e69014
Testing hitting the server with cURL:
Docs say that there should be two arguments passed to SNICallback, the servername and the callback to call with the secure context. The second argument doesn't appear to be passed through when the TLS connection is created as a stream with tls.createSecurePair().
I get the error:
I note that when removing the callback argument I get an OpenSSL error in my terminal:
Potentially related PR: #2441 /cc @socketpair
The text was updated successfully, but these errors were encountered: