tls: support OCSP on client and server

1 files changed, 13 insertions, 9 deletions

diff --git a/lib/_tls_legacy.js b/lib/_tls_legacy.js
index 1d62ed6239..09fdd57738 100644
--- a/lib/_tls_legacy.js
+++ b/lib/_tls_legacy.js
@@ -25,6 +25,7 @@ var events = require('events');
 var stream = require('stream');
 var tls = require('tls');
 var util = require('util');
+var common = require('_tls_common');
 
 var Timer = process.binding('timer_wrap').Timer;
 var Connection = null;
@@ -378,15 +379,8 @@ CryptoStream.prototype.__defineGetter__('bytesWritten', function() {
 });
 
 CryptoStream.prototype.getPeerCertificate = function() {
-  if (this.pair.ssl) {
-    var c = this.pair.ssl.getPeerCertificate();
-
-    if (c) {
-      if (c.issuer) c.issuer = tls.parseCertString(c.issuer);
-      if (c.subject) c.subject = tls.parseCertString(c.subject);
-      return c;
-    }
-  }
+  if (this.pair.ssl)
+    return common.translatePeerCertificate(this.pair.ssl.getPeerCertificate());
 
   return null;
 };
@@ -677,6 +671,11 @@ function onnewsessiondone() {
 }
 
 
+function onocspresponse(resp) {
+  this.emit('OCSPResponse', resp);
+}
+
+
 /**
  * Provides a pair of streams to do encrypted communication.
  */
@@ -733,6 +732,8 @@ function SecurePair(context, isServer, requestCert, rejectUnauthorized,
     this.ssl.onnewsession = onnewsession.bind(this);
     this.ssl.lastHandshakeTime = 0;
     this.ssl.handshakes = 0;
+  } else {
+    this.ssl.onocspresponse = onocspresponse.bind(this);
   }
 
   if (process.features.tls_sni) {
@@ -764,6 +765,9 @@ function SecurePair(context, isServer, requestCert, rejectUnauthorized,
     if (self.ssl) {
       self.ssl.start();
 
+      if (options.requestOCSP)
+        self.ssl.requestOCSP();
+
       /* In case of cipher suite failures - SSL_accept/SSL_connect may fail */
       if (self.ssl && self.ssl.error)
         self.error();