From 96a986d675fbc3ccc98832232b73b84ba5a4818d Mon Sep 17 00:00:00 2001 From: cjihrig Date: Sat, 13 Oct 2018 14:18:31 -0400 Subject: [PATCH] tls: support changing credentials dynamically This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: https://github.com/nodejs/node/issues/4464 Refs: https://github.com/nodejs/node/issues/10349 Refs: https://github.com/nodejs/help/issues/603 Refs: https://github.com/nodejs/node/issues/15115 PR-URL: https://github.com/nodejs/node/pull/23644 Reviewed-By: Ben Noordhuis --- doc/api/tls.md | 12 ++ lib/_tls_wrap.js | 138 +++++++++++++++---- test/parallel/test-tls-set-secure-context.js | 88 ++++++++++++ 3 files changed, 214 insertions(+), 24 deletions(-) create mode 100644 test/parallel/test-tls-set-secure-context.js diff --git a/doc/api/tls.md b/doc/api/tls.md index 4f3430854e1e41..f9a313f9148490 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -411,6 +411,18 @@ encryption/decryption of the [TLS Session Tickets][]. Starts the server listening for encrypted connections. This method is identical to [`server.listen()`][] from [`net.Server`][]. +### server.setSecureContext(options) + + +* `options` {Object} An object containing any of the possible properties from + the [`tls.createSecureContext()`][] `options` arguments (e.g. `key`, `cert`, + `ca`, etc). + +The `server.setSecureContext()` method replaces the secure context of an +existing server. Existing connections to the server are not interrupted. + ### server.setTicketKeys(keys)