2010-12-08 22:22:12 +01:00
|
|
|
## TLS (SSL)
|
|
|
|
|
|
|
|
Use `require('tls')` to access this module.
|
|
|
|
|
|
|
|
The `tls` module uses OpenSSL to provide Transport Layer Security and/or
|
|
|
|
Secure Socket Layer: encrypted stream communication.
|
|
|
|
|
|
|
|
TLS/SSL is a public/private key infrastructure. Each client and each
|
|
|
|
server must have a private key. A private key is created like this
|
|
|
|
|
|
|
|
openssl genrsa -out ryans-key.pem 1024
|
|
|
|
|
|
|
|
All severs and some clients need to have a certificate. Certificates are public
|
|
|
|
keys signed by a Certificate Authority or self-signed. The first step to
|
|
|
|
getting a certificate is to create a "Certificate Signing Request" (CSR)
|
|
|
|
file. This is done with:
|
|
|
|
|
|
|
|
openssl req -new -key ryans-key.pem -out ryans-csr.pem
|
|
|
|
|
|
|
|
To create a self-signed certificate with the CSR, do this:
|
|
|
|
|
|
|
|
openssl x509 -req -in ryans-csr.pem -signkey ryans-key.pem -out ryans-cert.pem
|
|
|
|
|
|
|
|
Alternatively you can send the CSR to a Certificate Authority for signing.
|
|
|
|
|
|
|
|
(TODO: docs on creating a CA, for now interested users should just look at
|
|
|
|
`test/fixtures/keys/Makefile` in the Node source code)
|
|
|
|
|
|
|
|
|
2011-10-22 16:40:15 +02:00
|
|
|
#### tls.createServer(options, [secureConnectionListener])
|
2011-10-15 18:26:38 +02:00
|
|
|
|
|
|
|
Creates a new [tls.Server](#tls.Server).
|
|
|
|
The `connectionListener` argument is automatically set as a listener for the
|
|
|
|
[secureConnection](#event_secureConnection_) event.
|
|
|
|
The `options` object has these possibilities:
|
|
|
|
|
|
|
|
- `key`: A string or `Buffer` containing the private key of the server in
|
|
|
|
PEM format. (Required)
|
|
|
|
|
|
|
|
- `cert`: A string or `Buffer` containing the certificate key of the server in
|
|
|
|
PEM format. (Required)
|
|
|
|
|
|
|
|
- `ca`: An array of strings or `Buffer`s of trusted certificates. If this is
|
|
|
|
omitted several well known "root" CAs will be used, like VeriSign.
|
|
|
|
These are used to authorize connections.
|
|
|
|
|
|
|
|
- `requestCert`: If `true` the server will request a certificate from
|
|
|
|
clients that connect and attempt to verify that certificate. Default:
|
|
|
|
`false`.
|
|
|
|
|
|
|
|
- `rejectUnauthorized`: If `true` the server will reject any connection
|
|
|
|
which is not authorized with the list of supplied CAs. This option only
|
|
|
|
has an effect if `requestCert` is `true`. Default: `false`.
|
|
|
|
|
|
|
|
- `NPNProtocols`: An array or `Buffer` of possible NPN protocols. (Protocols
|
|
|
|
should be ordered by their priority).
|
|
|
|
|
|
|
|
- `SNICallback`: A function that will be called if client supports SNI TLS
|
|
|
|
extension. Only one argument will be passed to it: `servername`. And
|
|
|
|
`SNICallback` should return SecureContext instance.
|
|
|
|
(You can use `crypto.createCredentials(...).context` to get proper
|
|
|
|
SecureContext). If `SNICallback` wasn't provided - default callback with
|
|
|
|
high-level API will be used (see below).
|
|
|
|
|
|
|
|
- `sessionIdContext`: A string containing a opaque identifier for session
|
|
|
|
resumption. If `requestCert` is `true`, the default is MD5 hash value
|
|
|
|
generated from command-line. Otherwise, the default is not provided.
|
|
|
|
|
|
|
|
Here is a simple example echo server:
|
|
|
|
|
|
|
|
var tls = require('tls');
|
|
|
|
var fs = require('fs');
|
|
|
|
|
|
|
|
var options = {
|
|
|
|
key: fs.readFileSync('server-key.pem'),
|
|
|
|
cert: fs.readFileSync('server-cert.pem'),
|
2011-10-16 09:31:41 +02:00
|
|
|
|
|
|
|
// This is necessary only if using the client certificate authentication.
|
2011-10-15 18:26:38 +02:00
|
|
|
requestCert: true,
|
2011-10-16 09:31:41 +02:00
|
|
|
|
|
|
|
// This is necessary only if the client uses the self-signed certificate.
|
2011-10-15 18:26:38 +02:00
|
|
|
ca: [ fs.readFileSync('client-cert.pem') ]
|
|
|
|
};
|
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
var server = tls.createServer(options, function(cleartextStream) {
|
2011-10-15 18:26:38 +02:00
|
|
|
console.log('server connected',
|
2011-10-16 09:31:41 +02:00
|
|
|
cleartextStream.authorized ? 'authorized' : 'unauthorized');
|
|
|
|
cleartextStream.write("welcome!\n");
|
|
|
|
cleartextStream.setEncoding('utf8');
|
|
|
|
cleartextStream.pipe(cleartextStream);
|
2011-10-15 18:26:38 +02:00
|
|
|
});
|
|
|
|
server.listen(8000, function() {
|
|
|
|
console.log('server bound');
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
You can test this server by connecting to it with `openssl s_client`:
|
|
|
|
|
|
|
|
|
|
|
|
openssl s_client -connect 127.0.0.1:8000
|
|
|
|
|
|
|
|
|
2011-10-22 16:40:15 +02:00
|
|
|
#### tls.connect(port, [host], [options], [secureConnectListener])
|
2010-12-11 11:26:48 +01:00
|
|
|
|
|
|
|
Creates a new client connection to the given `port` and `host`. (If `host`
|
|
|
|
defaults to `localhost`.) `options` should be an object which specifies
|
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
- `key`: A string or `Buffer` containing the private key of the client in
|
2010-12-11 11:26:48 +01:00
|
|
|
PEM format. (Required)
|
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
- `cert`: A string or `Buffer` containing the certificate key of the client in
|
2010-12-11 11:26:48 +01:00
|
|
|
PEM format.
|
|
|
|
|
|
|
|
- `ca`: An array of strings or `Buffer`s of trusted certificates. If this is
|
|
|
|
omitted several well known "root" CAs will be used, like VeriSign.
|
|
|
|
These are used to authorize connections.
|
|
|
|
|
2011-07-30 16:03:05 +02:00
|
|
|
- `NPNProtocols`: An array of string or `Buffer` containing supported NPN
|
2011-10-16 09:31:41 +02:00
|
|
|
protocols. `Buffer` should have following format: `0x05hello0x05world`,
|
|
|
|
where first byte is next protocol name's length. (Passing array should
|
|
|
|
usually be much simplier: `['hello', 'world']`.)
|
2011-07-30 16:03:05 +02:00
|
|
|
|
|
|
|
- `servername`: Servername for SNI (Server Name Indication) TLS extension.
|
|
|
|
|
2011-10-15 12:27:21 +02:00
|
|
|
The `secureConnectListener` parameter will be added as a listener for the
|
|
|
|
['secureConnect'](#event_secureConnect_) event.
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2011-10-15 12:27:21 +02:00
|
|
|
`tls.connect()` returns a [CleartextStream](#tls.CleartextStream) object.
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2011-10-15 18:26:38 +02:00
|
|
|
Here is an example of a client of echo server as described previously:
|
|
|
|
|
|
|
|
var tls = require('tls');
|
|
|
|
var fs = require('fs');
|
|
|
|
|
|
|
|
var options = {
|
2011-10-16 09:31:41 +02:00
|
|
|
// These are necessary only if using the client certificate authentication
|
2011-10-15 18:26:38 +02:00
|
|
|
key: fs.readFileSync('client-key.pem'),
|
|
|
|
cert: fs.readFileSync('client-cert.pem'),
|
2011-10-16 09:31:41 +02:00
|
|
|
|
|
|
|
// This is necessary only if the server uses the self-signed certificate
|
2011-10-15 18:26:38 +02:00
|
|
|
ca: [ fs.readFileSync('server-cert.pem') ]
|
|
|
|
};
|
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
var cleartextStream = tls.connect(8000, options, function() {
|
2011-10-15 18:26:38 +02:00
|
|
|
console.log('client connected',
|
2011-10-16 09:31:41 +02:00
|
|
|
cleartextStream.authorized ? 'authorized' : 'unauthorized');
|
|
|
|
process.stdin.pipe(cleartextStream);
|
|
|
|
process.stdin.resume();
|
|
|
|
});
|
|
|
|
cleartextStream.setEncoding('utf8');
|
|
|
|
cleartextStream.on('data', function(data) {
|
|
|
|
console.log(data);
|
2011-10-15 18:26:38 +02:00
|
|
|
});
|
2011-10-16 09:31:41 +02:00
|
|
|
cleartextStream.on('end', function() {
|
|
|
|
server.close();
|
2011-10-15 18:26:38 +02:00
|
|
|
});
|
|
|
|
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2011-03-29 18:58:50 +02:00
|
|
|
### STARTTLS
|
|
|
|
|
|
|
|
In the v0.4 branch no function exists for starting a TLS session on an
|
|
|
|
already existing TCP connection. This is possible it just requires a bit of
|
|
|
|
work. The technique is to use `tls.createSecurePair()` which returns two
|
2011-08-11 10:13:13 +02:00
|
|
|
streams: an encrypted stream and a cleartext stream. The encrypted stream is
|
|
|
|
then piped to the socket, the cleartext stream is what the user interacts with
|
|
|
|
thereafter.
|
2011-03-29 18:58:50 +02:00
|
|
|
|
|
|
|
[Here is some code that does it.](http://gist.github.com/848444)
|
|
|
|
|
2011-07-30 16:03:05 +02:00
|
|
|
### NPN and SNI
|
|
|
|
|
|
|
|
NPN (Next Protocol Negotitation) and SNI (Server Name Indication) are TLS
|
|
|
|
handshake extensions allowing you:
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2011-07-30 16:03:05 +02:00
|
|
|
* NPN - to use one TLS server for multiple protocols (HTTP, SPDY)
|
|
|
|
* SNI - to use one TLS server for multiple hostnames with different SSL
|
|
|
|
certificates.
|
2011-09-04 17:38:34 +02:00
|
|
|
|
2011-08-03 04:17:16 +02:00
|
|
|
### pair = tls.createSecurePair([credentials], [isServer], [requestCert], [rejectUnauthorized])
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
Creates a new secure pair object with two streams, one of which reads/writes
|
|
|
|
encrypted data, and one reads/writes cleartext data.
|
|
|
|
Generally the encrypted one is piped to/from an incoming encrypted data stream,
|
|
|
|
and the cleartext one is used as a replacement for the initial encrypted stream.
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2011-08-03 04:17:16 +02:00
|
|
|
- `credentials`: A credentials object from crypto.createCredentials( ... )
|
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
- `isServer`: A boolean indicating whether this tls connection should be
|
|
|
|
opened as a server or a client.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
- `requestCert`: A boolean indicating whether a server should request a
|
|
|
|
certificate from a connecting client. Only applies to server connections.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
- `rejectUnauthorized`: A boolean indicating whether a server should
|
|
|
|
automatically reject clients with invalid certificates. Only applies to
|
|
|
|
servers with `requestCert` enabled.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
`tls.createSecurePair()` returns a SecurePair object with
|
|
|
|
[cleartext](#tls.CleartextStream) and `encrypted` stream properties.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
|
|
|
#### Event: 'secure'
|
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
The event is emitted from the SecurePair once the pair has successfully
|
|
|
|
established a secure connection.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
Similarly to the checking for the server 'secureConnection' event,
|
|
|
|
pair.cleartext.authorized should be checked to confirm whether the certificate
|
|
|
|
used properly authorized.
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2010-12-08 22:22:12 +01:00
|
|
|
### tls.Server
|
|
|
|
|
|
|
|
This class is a subclass of `net.Server` and has the same methods on it.
|
|
|
|
Instead of accepting just raw TCP connections, this accepts encrypted
|
|
|
|
connections using TLS or SSL.
|
|
|
|
|
|
|
|
#### Event: 'secureConnection'
|
|
|
|
|
|
|
|
`function (cleartextStream) {}`
|
|
|
|
|
|
|
|
This event is emitted after a new connection has been successfully
|
2011-08-11 10:13:13 +02:00
|
|
|
handshaked. The argument is a instance of
|
|
|
|
[CleartextStream](#tls.CleartextStream). It has all the common stream methods
|
|
|
|
and events.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
`cleartextStream.authorized` is a boolean value which indicates if the
|
2011-02-25 01:36:43 +01:00
|
|
|
client has verified by one of the supplied certificate authorities for the
|
2010-12-08 22:22:12 +01:00
|
|
|
server. If `cleartextStream.authorized` is false, then
|
|
|
|
`cleartextStream.authorizationError` is set to describe how authorization
|
|
|
|
failed. Implied but worth mentioning: depending on the settings of the TLS
|
2011-07-30 16:03:05 +02:00
|
|
|
server, you unauthorized connections may be accepted.
|
|
|
|
`cleartextStream.npnProtocol` is a string containing selected NPN protocol.
|
|
|
|
`cleartextStream.servername` is a string containing servername requested with
|
|
|
|
SNI.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
|
|
|
|
#### server.listen(port, [host], [callback])
|
|
|
|
|
|
|
|
Begin accepting connections on the specified `port` and `host`. If the
|
|
|
|
`host` is omitted, the server will accept connections directed to any
|
|
|
|
IPv4 address (`INADDR_ANY`).
|
|
|
|
|
|
|
|
This function is asynchronous. The last parameter `callback` will be called
|
|
|
|
when the server has been bound.
|
|
|
|
|
|
|
|
See `net.Server` for more information.
|
|
|
|
|
|
|
|
|
|
|
|
#### server.close()
|
|
|
|
|
|
|
|
Stops the server from accepting new connections. This function is
|
|
|
|
asynchronous, the server is finally closed when the server emits a `'close'`
|
|
|
|
event.
|
|
|
|
|
2011-07-30 16:03:05 +02:00
|
|
|
#### server.addContext(hostname, credentials)
|
|
|
|
|
|
|
|
Add secure context that will be used if client request's SNI hostname is
|
|
|
|
matching passed `hostname` (wildcards can be used). `credentials` can contain
|
|
|
|
`key`, `cert` and `ca`.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
#### server.maxConnections
|
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
Set this property to reject connections when the server's connection count
|
|
|
|
gets high.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
#### server.connections
|
|
|
|
|
|
|
|
The number of concurrent connections on the server.
|
2011-08-11 10:13:13 +02:00
|
|
|
|
|
|
|
|
|
|
|
### tls.CleartextStream
|
|
|
|
|
|
|
|
This is a stream on top of the *Encrypted* stream that makes it possible to
|
|
|
|
read/write an encrypted data as a cleartext data.
|
|
|
|
|
|
|
|
This instance implements a duplex [Stream](streams.html#streams) interfaces.
|
|
|
|
It has all the common stream methods and events.
|
|
|
|
|
2011-10-15 12:27:21 +02:00
|
|
|
#### Event: 'secureConnect'
|
|
|
|
|
|
|
|
`function () {}`
|
|
|
|
|
|
|
|
This event is emitted after a new connection has been successfully handshaked.
|
|
|
|
The listener will be called no matter if the server's certificate was
|
|
|
|
authorized or not. It is up to the user to test `cleartextStream.authorized`
|
|
|
|
to see if the server certificate was signed by one of the specified CAs.
|
|
|
|
If `cleartextStream.authorized === false` then the error can be found in
|
|
|
|
`cleartextStream.authorizationError`. Also if NPN was used - you can check
|
|
|
|
`cleartextStream.npnProtocol` for negotiated protocol.
|
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
#### cleartextStream.authorized
|
|
|
|
|
|
|
|
A boolean that is `true` if the peer certificate was signed by one of the
|
|
|
|
specified CAs, otherwise `false`
|
|
|
|
|
|
|
|
#### cleartextStream.authorizationError
|
|
|
|
|
|
|
|
The reason why the peer's certificate has not been verified. This property
|
|
|
|
becomes available only when `cleartextStream.authorized === false`.
|
|
|
|
|
|
|
|
#### cleartextStream.getPeerCertificate()
|
|
|
|
|
|
|
|
Returns an object representing the peer's certicicate. The returned object has
|
|
|
|
some properties corresponding to the field of the certificate.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
{ subject:
|
|
|
|
{ C: 'UK',
|
|
|
|
ST: 'Acknack Ltd',
|
|
|
|
L: 'Rhys Jones',
|
|
|
|
O: 'node.js',
|
|
|
|
OU: 'Test TLS Certificate',
|
|
|
|
CN: 'localhost' },
|
|
|
|
issuer:
|
|
|
|
{ C: 'UK',
|
|
|
|
ST: 'Acknack Ltd',
|
|
|
|
L: 'Rhys Jones',
|
|
|
|
O: 'node.js',
|
|
|
|
OU: 'Test TLS Certificate',
|
|
|
|
CN: 'localhost' },
|
|
|
|
valid_from: 'Nov 11 09:52:22 2009 GMT',
|
|
|
|
valid_to: 'Nov 6 09:52:22 2029 GMT',
|
|
|
|
fingerprint: '2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF' }
|
|
|
|
|
|
|
|
If the peer does not provide a certificate, it returns `null` or an empty
|
|
|
|
object.
|