tls default SNICallback should Check the servername and select the appropriate secure context in Reverse order (!34444) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/masx200/patch-2 into master Jul 20, 2020

Checklist

[x ] make -j4 test (UNIX), or vcbuild test (Windows) passes
[ x] tests and/or benchmarks are included
[ x] documentation is changed or added
[ x] commit message follows commit guidelines

tls default SNICallback should Check the servername and select the appropriate secure context in Reverse order

This is useful on HTTPS servers that need to replace ssl/tls certificates frequently, such as using "let's encrypt". When the certificate needs to be replaced, you don't want to restart the HTTPS server, you just need to replace the certificate and key.

If multiple secure contexts are added to the same domain name, the last one added should take effect

 const server = https.createServer();
const hostname = 'foo.bar.com';
const keypath = 'key.pem';
const certpath = 'cert.pem';
function debounce(callback, timeout) {
    let timer;
    return function (...args) {
        timer && clearTimeout(timer);
        timer = setTimeout(callback, timeout, ...args);
    };
}
const reloadcertkey = debounce(function () {
    let key = fs.readFileSync(keypath);
    let cert = fs.readFileSync(certpath);
    let context = tls.createSecureContext({
        key,
        cert
    });
    server.addContext(hostname, context);
}, 1000);
reloadcertkey();
fs.watch(keypath, reloadcertkey);
fs.watch(certpath, reloadcertkey);

Admin message

Admin message

tls default SNICallback should Check the servername and select the appropriate secure context in Reverse order

Checklist

Merge request reports