diff options
author | Anton Salikhmetov <anton.salikhmetov@gmail.com> | 2018-03-02 21:46:34 +0200 |
---|---|---|
committer | Anna Henningsen <anna@addaleax.net> | 2018-03-11 18:29:18 +0100 |
commit | 98a14e026bab0bda4013f75d1d0968a12fe5117f (patch) | |
tree | 2c8b58aba092f3a6609dc352642bf219ac9ae138 /doc/api/tls.md | |
parent | d3f174faab55662226ced53bef6bb2040352a825 (diff) | |
download | android-node-v8-98a14e026bab0bda4013f75d1d0968a12fe5117f.tar.gz android-node-v8-98a14e026bab0bda4013f75d1d0968a12fe5117f.tar.bz2 android-node-v8-98a14e026bab0bda4013f75d1d0968a12fe5117f.zip |
tls: expose Finished messages in TLSSocket
Exposes SSL_get_finished and SSL_get_peer_finished routines in OpenSSL
as tlsSocket.getFinished and tlsSocket.getPeerFinished, respectively.
PR-URL: https://github.com/nodejs/node/pull/19102
Fixes: https://github.com/nodejs/node/issues/19055
Refs: https://github.com/ripple/rippled/issues/2413
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r-- | doc/api/tls.md | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 0cfab387f2..d3f3fdadff 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -583,6 +583,23 @@ if called on a server socket. The supported types are `'DH'` and `'ECDH'`. The For Example: `{ type: 'ECDH', name: 'prime256v1', size: 256 }` +### tlsSocket.getFinished() +<!-- YAML +added: REPLACEME +--> + +* Returns: {Buffer|undefined} The latest `Finished` message that has been +sent to the socket as part of a SSL/TLS handshake, or `undefined` if +no `Finished` message has been sent yet. + +As the `Finished` messages are message digests of the complete handshake +(with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can +be used for external authentication procedures when the authentication +provided by SSL/TLS is not desired or is not enough. + +Corresponds to the `SSL_get_finished` routine in OpenSSL and may be used +to implement the `tls-unique` channel binding from [RFC 5929][]. + ### tlsSocket.getPeerCertificate([detailed]) <!-- YAML added: v0.11.4 @@ -628,6 +645,23 @@ For example: If the peer does not provide a certificate, an empty object will be returned. +### tlsSocket.getPeerFinished() +<!-- YAML +added: REPLACEME +--> + +* Returns: {Buffer|undefined} The latest `Finished` message that is expected +or has actually been received from the socket as part of a SSL/TLS handshake, +or `undefined` if there is no `Finished` message so far. + +As the `Finished` messages are message digests of the complete handshake +(with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can +be used for external authentication procedures when the authentication +provided by SSL/TLS is not desired or is not enough. + +Corresponds to the `SSL_get_peer_finished` routine in OpenSSL and may be used +to implement the `tls-unique` channel binding from [RFC 5929][]. + ### tlsSocket.getProtocol() <!-- YAML added: v5.7.0 @@ -1368,3 +1402,4 @@ where `secure_socket` has the same API as `pair.cleartext`. [specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html [tls.Server]: #tls_class_tls_server [`dns.lookup()`]: dns.html#dns_dns_lookup_hostname_options_callback +[RFC 5929]: https://tools.ietf.org/html/rfc5929 |