fixed TLSSocket documentation error from Issue #3963.

[VerteDinde]

#Checklist

• documentation is changed or added
• commit message follows commit guidelines

Affected core subsystem(s)

This PR affects the documentation for TLSSocket and new.Socket, and references Issue #3963. See line 879 - 902 in doc/api/tls.md. Let me know if I should make any changes! #3963

[tniessen]

Thank you for your contribution! To start off, head over to our style guide. For example, you should

Generally avoid personal pronouns in reference documentation ("I", "you", "we").

[tniessen]

Regardless of the technical contents, here are some basic suggestions for improval 😃

[tniessen]

Avoid using you (see my comment above).

[tniessen]

There is a grammar mistake in the second sentence: "You can use net.Socket to upgrade an existing socket ??? you don't wrap the..."

[tniessen]

Use const instead of var where applicable.

[tniessen]

Style nits: Use 'foo' instead of "foo" and put spaces around the properties like { foo: 'bar' }.

[tniessen]

Avoid using informal omissions: "you're" → "you are".

[tniessen]

Put tls.connect() into backticks to mark it as code.

[tniessen]

We like to keep our examples as close to runnable code as possible. This will cause a parser error.

[VerteDinde]

I believe this parse error is fixed now, but (I apologize) I am not terribly familiar with tls.connect and was using the recommended fix referenced in the issue. If there is a better example, happy to use it instead.

[tniessen]

Avoid using function() { ... } where arrow functions can be used: () => { ... }

[VerteDinde]

Thank you for your time and all of the thoughtful comments, @tniessen! Sorry for all my errors - I'm going through your comments and fixing everything now, will have an updated push shortly. 😄

[VerteDinde]

PR updated to address all comments. 😃 Will be happy to make any additional changes.

[vsemozhetbyt]

Thank you!
Our doc style guide recommends to word-wrap lines at 80 characters)

[VerteDinde]

Will do! Making changes now, thank you @vsemozhetbyt

[vsemozhetbyt]

Most of our examples use destructuring, so this can be:

const { Socket } = require('net');

[VerteDinde]

Thanks! Changed to the destructured format.

[vsemozhetbyt]

Sorry, this is still 88 chars) But it is a small nit and can be fixed later on landing)

[VerteDinde]

Ah dang, I can't count! Sorry, now fixed - cuts off before 80.

[vsemozhetbyt]

`net.Socket`)

[tniessen]

I think this works, but our docs say

Usually, a socket is already connected when passed to tls.connect()

It might be a bit counter-intuitive to call tls.connect() before socket.connect(). I don't use the TLS module much, is there any reason for this order?

[VerteDinde]

Good question - I thought that seemed off as well, but worked when I tested it. Let me test it by calling sock.connect first and see; it does seem redundant to call sock.connect after tls.connect.

[VerteDinde]

I replaced { socket: s } with the port and host information, and removed sock.connect entirely. It appears to be passing, and now the sample code is more in line with the docs' recommendations.

[tniessen]

When using an instance of net.Socket, use net.Socket to upgrade an existing socket.

I think this sentence is misleading. Users still need to use tls.connect(). Perhaps something like

To upgrade an existing instance of net.Socket to a tls.TLSSocket, pass it to tls.connect() as the socket option:

(code here)

What do you think?

[VerteDinde]

I think that's much more clear - the original issue had a user trying to do this:

const tlsSocket = new TlsSocket(new NetSocket());

And I think your wording will keep them from doing that much more clearly. Will update now!

[vsemozhetbyt]

Linter CI: https://ci.nodejs.org/job/node-test-linter/10249/

[vsemozhetbyt]

Formal part LGTM

[tniessen]

Are we legally allowed and/or encouraged to use a third party domain here? @addaleax

[addaleax]

In the documentation? I wouldn’t worry about that, although example.org:443 might be a somewhat more natural choice?

[tniessen]

example.org exists for that sole purpose, but users won't be able to connect to it.

[addaleax]

https://example.org:443/ seems to work fine for me?

[tniessen]

Oh okay, I thought example.com rejects all IP traffic, seems like HTTP and HTTPS work.

[VerteDinde]

Fixed! Added 'https://example.org:443/' instead of the freenode url.

[tniessen]

Please try to avoid trailing whitespace characters. Git can help you with that, see this.

(This is not critical, our team will usually fix this while landing the PR, but it is still good practice to take care of that! 😃 )

[VerteDinde]

Ah sorry, and thank you for pointing it out! 😄 Thanks so much for all of your help, this was my first open source PR and you were wonderful to work with.

[addaleax]

Where is this variable used?

[tniessen]

Uhm something went wrong here... The original code (see first commit) looked like tls.connect({ socket: sock }). @VerteDinde You probably don't want to use tls.connect({ port: 6697, host: 'irc.freenode.net' }) in both cases, right? This won't upgrade an existing socket, it establishes a new connection.

[VerteDinde]

Yes, you're right! Just updated to reflect that variable and changed the irc.freenode.net to https://example.org:443/.

[tniessen]

I am sorry if we were too vague about this, but this is not how TLS sockets work. You need to specify example.org as the host and 443 as the port instead of 6697. https://example.org:443/ is a URL, @addaleax just used it to point out that browsers can connect to port 443. Sockets are below HTTP level, HTTP(s) is built on top of (TLS) sockets.

[VerteDinde]

Ha, sorry - this is now fixed. Thanks so much for your patience, @tniessen 😝

[TimothyGu]

Nice work! I'd actually move the bits you added, so that is comes before the "echo server" example. Usually for API documentation we want to first explain what the API does, before providing a full working example like the "echo server".

[TimothyGu]

I'd prefer 'The TLS socket has been connected.'

[VerteDinde]

Sounds good. 😄 Altered!

[TimothyGu]

I think "upgrade" is a bit of a misnomer as there is no initial socket to be upgraded. I'd go with just:

If no socket is provided, this function will create a new TLS socket.

as opposed to

If a net.Socket is provided, this function will upgrade that TCP socket to a TLS one.

[VerteDinde]

Ahhhh this is actually really clarifying - I was wondering what the distinction was with net.Socket. Have clarified by removing my old sentence, and adding yours. Thanks!

[cjihrig]

Left a comment. You can treat it as optional.

[cjihrig]

If you rename sock to socket, you can drop the : sock.

[VerteDinde]

Thanks man! Destructured.

[tniessen]

Is this line necessary? I am not entirely sure I understand what it is supposed to say, apart from the same thing the next sentence says.

[VerteDinde]

Good point. In the original issue, the user was attempting to do this because he didn't understand that if you pass in a net.Socket, you start the net.Socket.:

const tlsSocket = new TlsSocket(new NetSocket());

I just wanted to make sure that that was clearly stated; but if it's clear in the subsequent lines, I'll just take it out 😄

[tniessen]

LGTM, this will land after the usual 48 hours 🕐

[sam-github]

This PR seems to be based on the #3963, but it was already addressed by documenting the behaviour of the socket option. There are lots of options, will we eventually have an example for every one of the dozen options? If yes, that seems excessive to me. If no, why is this particular option singled out?

[sam-github]

this is documented above, does it really need an example? was the existing description of the socket: option somehow deficient?

[sam-github]

at this point, neither the underlying Socket or tls.TLSSocket are connected, so the log message is misleading (see description of the socket option)

[tniessen]

This must have slipped through, earlier commits had the actual connect code in them, so the message was justified at that point.

[sam-github]

Also, this PR doesn't address #3963, which is that the connect() doesn't actually connect the underlying TCP socket, causing the example code to exit immediately, and the example code here does indeed have the behaviour described in #3963, it exits immediately:

/tmp % node --version
v8.0.0
/tmp % node _.js
/tmp % cat _.js
const { Socket } = require('net');
const tls = require('tls');
const socket = new Socket();
const secureSock = tls.connect({ socket }, () => {
  console.log('The TLS socket has been connected.');
});

[VerteDinde]

Hey @sam-github : Just want to make sure I understand your position - are you advocating for:

1. Closing Issue (new TLSSocket(new net.Socket())).connect() fails silently. #3963 and this PR, because the issue is already adequately explained in the documentation, and getting more specific would require explaining dozens of other cases?
   or
2. Altering this PR so that it more accurately addresses the issue raised in (new TLSSocket(new net.Socket())).connect() fails silently. #3963?

Just want to make sure I'm clear before I start making any changes. Happy to go either way, or take a third option if neither of the two above are adequately stating your thoughts. Thanks for your comments!

[sam-github]

@VerteDinde IMO, 1. makes sense, if you arrived at this by looking at old issues for something to help out with. I am sorry that you wasted your time :-(.

If you got here because you found the current doc text unclear, that would be different, then it would be useful to clarify the behaviour that confused you.

[VerteDinde]

@sam-github Oh no worries at all! I did arrive here by poking through old issues - I'm just a big fan of Node and wanted to give back and start contributing. 😄

I'm completely fine closing this PR and the issue and finding something else to help with. Learned a lot about TLS and sockets in the process, so it was a good use of time for me (though sorry/thanks to @tniessen for all his time and patience!). If there's something else I can help on, let me know, otherwise I'll poke through and find a simpler doc problem.

[sam-github]

#881 (comment) <--- why not a binding for process.getuid()/geteuid()? Or if you aren't comfortable with C++, isTTY documented only in prose, not as a property (see the TTY docs), easy to fix.

[sam-github]

random stuff I've seen and not had time to fix. warning some of these may not longer be true.

• isTTY documented only in prose, not as a property:
  file:///home/sam/w/core/node/out/doc/api/tty.html
• https://nodejs.org/api/dgram.html#dgram_socket_send_msg_offset_length_port_address_callback documents that <Array> is supported... but neglects to say anything about wh
• IncomingMessage.connection is not documented, .socket is not documented
  either as to whether it is a Socket or a TLSSocket
• make it clear that ssl servers must have their full cert chain:
  • https://www.npmjs.com/package/ssl-root-cas
• UV_THREADPOOL_SIZE not documented as a node env var
• what APIs use the thread pool not documented
• NODE_TLS_REJECT_UNAUTHORIZED not documented
• closed PR to doc the process.platform: doc: Update docs for os.platform() #2446
• signal docs problems: Shouldn't the default SIGINT handler trigger process.on('exit')? #2853
• signal docs, do they make clear that waiting on signals doesn't ref the loop?
• fs: positional reads/writes don't document that they don't change fd position
• http docs, and additional apis: http.ClientRequest poor documentation #2461 (comment)
• fix/doc path.format(): Path should format when 'base' missing and 'name' and 'ext' exist #2305
• child.signalCode and exitCode and killed are not documented
• return value and exceptions of child.kill() are not documented
• https://iojs.org/api/child_process.html#child_process_options_stdio,
  'inherit' is now valid in the array, but undocumented
• cluster.setupMaster and child_process.fork both support execArgv, but it is not documented for either, is this intentional?
• cluster, worker.disconnect(), return value not documented (should be this)
  • worker.disconnect().once('disconnect', doThis);
• process.on(disconnect or process.on(message causes process to be refed!
• udp: Event: 'listening'#
  Emitted when a socket starts listening for datagrams. This happens as
  soon as UDP sockets are created. before bind()? I think not
• _write is linked in stream docs, _read isn't, fix
• tls newSession should have backwards compat note about callback
• fs.access should have backwards compat note about availability

[vsemozhetbyt]

Cross-refs) #14085 (comment) ...

[tniessen]

@sam-github Please close this if you feel like it should not be landed for your presented reasons.