Skip to content

Commit 9b56110

Browse files
jpage-godaddyindexzero
jpage-godaddy
authored and
indexzero
committed
Reuse secure contexts for SNI (#20)
* Reuse secure contexts instead of creating new ones for each SNI connection * Substitute certificates that cause `ee key too small` errors for newer versions of Node
1 parent 4713370 commit 9b56110

File tree

2 files changed

+25
-25
lines changed

2 files changed

+25
-25
lines changed

index.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -268,21 +268,21 @@ function getSNIHandler(sslOpts) {
268268
);
269269
});
270270

271-
// Prepare secure context params ahead-of-time
272-
var hostTlsOpts = sniHosts.map(function (host) {
271+
// Prepare secure contexts ahead-of-time
272+
var hostSecureContexts = sniHosts.map(function (host) {
273273
var hostOpts = sslOpts.sni[host];
274274

275275
var root = hostOpts.root || sslOpts.root;
276276

277-
return assign({}, sslOpts, hostOpts, {
277+
return tls.createSecureContext(assign({}, sslOpts, hostOpts, {
278278
key: normalizePEMContent(root, hostOpts.key),
279279
cert: normalizeCertContent(root, hostOpts.cert),
280280
ca: normalizeCA(root, hostOpts.ca || sslOpts.ca),
281281
ciphers: normalizeCiphers(hostOpts.ciphers || sslOpts.ciphers),
282282
honorCipherOrder: !!(hostOpts.honorCipherOrder || sslOpts.honorCipherOrder),
283283
secureProtocol: 'SSLv23_method',
284284
secureOptions: secureOptions
285-
});
285+
}));
286286
});
287287

288288
return function (hostname, cb) {
@@ -294,6 +294,6 @@ function getSNIHandler(sslOpts) {
294294
return void cb(new Error('Unrecognized hostname: ' + hostname));
295295
}
296296

297-
cb(null, tls.createSecureContext(hostTlsOpts[matchingHostIdx]));
297+
cb(null, hostSecureContexts[matchingHostIdx]);
298298
};
299299
}

test/create-servers-test.js

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -107,8 +107,8 @@ test('only https', function (t) {
107107
https: {
108108
port: 3456,
109109
root: path.join(__dirname, 'fixtures'),
110-
cert: 'agent2-cert.pem',
111-
key: 'agent2-key.pem'
110+
key: 'example-org-key.pem',
111+
cert: 'example-org-cert.pem'
112112
},
113113
handler: fend
114114
}, function (err, servers) {
@@ -128,8 +128,8 @@ test('only https', function (t) {
128128
timeout: time,
129129
port: 3456,
130130
root: path.join(__dirname, 'fixtures'),
131-
cert: 'agent2-cert.pem',
132-
key: 'agent2-key.pem'
131+
key: 'example-org-key.pem',
132+
cert: 'example-org-cert.pem'
133133
},
134134
handler: fend
135135
}, function (err, servers) {
@@ -148,8 +148,8 @@ test('absolute cert path resolution', function (t) {
148148
https: {
149149
port: 3456,
150150
root: '/',
151-
cert: path.resolve(__dirname, 'fixtures', 'agent2-cert.pem'),
152-
key: path.resolve(__dirname, 'fixtures', 'agent2-key.pem')
151+
cert: path.resolve(__dirname, 'fixtures', 'example-org-cert.pem'),
152+
key: path.resolve(__dirname, 'fixtures', 'example-org-key.pem')
153153
},
154154
handler: fend
155155
}, function (err, servers) {
@@ -168,8 +168,8 @@ test('http && https', function (t) {
168168
https: {
169169
port: 3456,
170170
root: path.join(__dirname, 'fixtures'),
171-
cert: 'agent2-cert.pem',
172-
key: 'agent2-key.pem'
171+
key: 'example-org-key.pem',
172+
cert: 'example-org-cert.pem'
173173
},
174174
handler: fend
175175
}, function (err, servers) {
@@ -189,8 +189,8 @@ test('provides useful debug information', function (t) {
189189
https: {
190190
port: 443,
191191
root: path.join(__dirname, 'fixtures'),
192-
cert: 'agent2-cert.pem',
193-
key: 'agent2-key.pem'
192+
key: 'example-org-key.pem',
193+
cert: 'example-org-cert.pem'
194194
},
195195
handler: fend
196196
}, function (err, servers) {
@@ -218,8 +218,8 @@ test('http && https with different handlers', function (t) {
218218
},
219219
port: 3456,
220220
root: path.join(__dirname, 'fixtures'),
221-
cert: 'agent2-cert.pem',
222-
key: 'agent2-key.pem'
221+
key: 'example-org-key.pem',
222+
cert: 'example-org-cert.pem'
223223
},
224224
}, function (err, servers) {
225225
t.error(err);
@@ -272,8 +272,8 @@ test('supports cert contents instead of cert paths', function (t) {
272272
https: {
273273
port: 3456,
274274
root: root,
275-
cert: fs.readFileSync(path.resolve(root, 'agent2-cert.pem')),
276-
key: fs.readFileSync(path.resolve(root, 'agent2-key.pem'))
275+
cert: fs.readFileSync(path.resolve(root, 'example-org-cert.pem')),
276+
key: fs.readFileSync(path.resolve(root, 'example-org-key.pem'))
277277
},
278278
handler: fend
279279
}, function (err, servers) {
@@ -292,8 +292,8 @@ test('supports cert array instead of strings', function (t) {
292292
https: {
293293
port: 3456,
294294
root: root,
295-
cert: [fs.readFileSync(path.resolve(root, 'agent2-cert.pem'))],
296-
key: fs.readFileSync(path.resolve(root, 'agent2-key.pem'))
295+
key: 'example-org-key.pem',
296+
cert: 'example-org-cert.pem'
297297
},
298298
handler: fend
299299
}, function (err, servers) {
@@ -337,10 +337,10 @@ test('supports requestCert https option', function (t) {
337337
createServers({
338338
log: console.log,
339339
https: {
340-
port: 3456,
341-
root: path.join(__dirname, 'fixtures'),
342-
cert: 'agent2-cert.pem',
343-
key: 'agent2-key.pem',
340+
port: 3456,
341+
root: path.join(__dirname, 'fixtures'),
342+
key: 'example-org-key.pem',
343+
cert: 'example-org-cert.pem',
344344
requestCert: true
345345
},
346346
handler: fend

0 commit comments

Comments
 (0)