Merge pull request #12 from DullReferenceException/forward-compatible-https

Forward-compatible HTTPS options

Author: indexzero

index.js

@@ -12,7 +12,8 @@ var fs = require('fs'),
     https = require('https'),
     path = require('path'),
     connected = require('connected'),
-    errs = require('errs');
+    errs = require('errs'),
+    assign = require('object-assign');
 
 var CIPHERS = [
   'ECDHE-RSA-AES256-SHA384',
@@ -122,54 +123,51 @@ module.exports = function createServers(options, listening) {
       return onListen('https');
     }
 
-    var port = +options.https.port || 443,
-        ssl  = options.https,
+    var ssl  = options.https,
+        port = +ssl.port || 443,
+        ciphers = ssl.ciphers || CIPHERS,
+        ca = ssl.ca,
         server,
-        args,
-        ip;
-
-    ssl.ciphers = ssl.ciphers || CIPHERS;
+        args;
 
     //
     // Remark: If an array is passed in lets join it like we do the defaults
     //
-    if (Array.isArray(ssl.ciphers)) {
-      ssl.ciphers = ssl.ciphers.join(':');
+    if (Array.isArray(ciphers)) {
+      ciphers = ciphers.join(':');
     }
 
-    if (ssl.ca && !Array.isArray(ssl.ca)) {
-      ssl.ca = [ssl.ca];
+    if (ca && !Array.isArray(ca)) {
+      ca = [ca];
     }
 
-    log('https | listening on %d', port);
-    server = https.createServer({
+    var finalHttpsOptions = assign({}, ssl, {
       //
       // Load default SSL key, cert and ca(s).
       //
-      key:  fs.readFileSync(path.resolve(ssl.root, ssl.key)),
+      key: fs.readFileSync(path.resolve(ssl.root, ssl.key)),
       cert: fs.readFileSync(path.resolve(ssl.root, ssl.cert)),
-      ca:   ssl.ca && ssl.ca.map(
-        function (file) {
-          return fs.readFileSync(path.resolve(ssl.root, file));
-        }
+      ca: ca && ca.map(
+          function (file) {
+            return fs.readFileSync(path.resolve(ssl.root, file));
+          }
       ),
       //
       // Properly expose ciphers for an A+ SSL rating:
       // https://certsimple.com/blog/a-plus-node-js-ssl
       //
-      ciphers: ssl.ciphers,
+      ciphers: ciphers,
       honorCipherOrder: !!ssl.honorCipherOrder,
       //
-      // Optionally support SNI-based SSL.
-      //
-      SNICallback: ssl.SNICallback,
-      //
       // Protect against the POODLE attack by disabling SSLv3
       // @see http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html
       //
       secureProtocol: 'SSLv23_method',
       secureOptions: require('constants').SSL_OP_NO_SSLv3
-    }, ssl.handler || handler);
+    });
+
+    log('https | listening on %d', port);
+    server = https.createServer(finalHttpsOptions, ssl.handler || handler);
 
     args = [server, port];
     if (options.https.host) {

package.json

@@ -23,9 +23,11 @@
   "homepage": "https://github.com/indexzero/create-servers",
   "dependencies": {
     "connected": "~0.0.2",
-    "errs": "~0.3.0"
+    "errs": "~0.3.0",
+    "object-assign": "^4.1.0"
   },
   "devDependencies": {
+    "sinon": "^1.17.4",
     "tape": "~2.14.0"
   }
 }

test/create-servers-test.js

@@ -7,7 +7,9 @@
 
 var path = require('path'),
     http = require('http'),
+    https = require('https'),
     test = require('tape'),
+    sinon = require('sinon'),
     createServers = require('../');
 
 //
@@ -173,3 +175,24 @@ test('http && https with different handlers', function (t) {
     });
   });
 });
+
+test('supports requestCert https option', function (t) {
+  t.plan(2);
+  var spy = sinon.spy(https, 'createServer');
+  createServers({
+    log: console.log,
+    https: {
+      port:        3456,
+      root:        path.join(__dirname, 'fixtures'),
+      cert:        'agent2-cert.pem',
+      key:         'agent2-key.pem',
+      requestCert: true
+    },
+    handler: fend
+  }, function (err, servers) {
+    t.error(err);
+    t.equals(spy.lastCall.args[0].requestCert, true, 'should preserve the requestCert option');
+    servers.https.close();
+    spy.restore();
+  });
+});