Skip to content

Instantly share code, notes, and snippets.

@bnoordhuis bnoordhuis/sni.js Secret
Created May 1, 2013

Embed
What would you like to do?
SNI + user-service.condenastdigital.com
var constants = require('constants');
var assert = require('assert');
var crypto = require('crypto');
var tls = require('tls');
var Connection = process.binding('crypto').Connection;
var TCP = process.binding('tcp_wrap').TCP;
//var address = '173.194.67.113';
//var host = 'encrypted.google.com';
var address = '165.193.220.80';
var host = 'user-service.condenastdigital.com';
if (process.versions.node.indexOf('0.8.') === 0) {
process.__defineGetter__('_errno', function() {
return typeof errno === 'undefined' ? 'undefined' : errno;
});
}
assert(process.features.tls_sni, 'SNI disabled');
var handle = new TCP;
var req = handle.connect(address, 443);
assert(req, 'connect ' + process._errno);
var ssl = null;
var incoming = [];
var outgoing = [];
var big = new Buffer(8192);
function cycle() {
var buf;
var rc;
console.error('cycle');
while (buf = incoming.shift()) {
rc = ssl.encIn(buf, 0, buf.length);
console.error('ssl.encIn=' + rc);
if (rc === -1) break; // SSL_ERROR_WANT_READ
}
if (buf) incoming.unshift(buf);
for (;;) {
rc = ssl.clearOut(big, 0, big.length);
console.error('ssl.clearOut=' + rc);
if (rc === -1) break; // SSL_ERROR_WANT_READ
process.stdout.write(big.slice(0, rc));
}
while (buf = outgoing.shift()) {
rc = ssl.clearIn(buf, 0, buf.length);
console.error('ssl.clearIn=' + rc);
if (rc === -1) break; // SSL_ERROR_WANT_READ
}
if (buf) outgoing.unshift(buf);
for (;;) {
rc = ssl.encOut(big, 0, big.length);
console.error('ssl.encOut=' + rc);
if (rc === -1) break; // SSL_ERROR_WANT_READ
req = handle.writeBuffer(big.slice(0, rc));
req.oncomplete = cycle;
console.error('send ' + rc);
}
}
req.oncomplete = function(status) {
assert(status === 0, 'oncomplete ' + process._errno);
var secureOptions = constants.SSL_OP_NO_TLSv1_2 || 0;
//secureOptions = constants.SSL_OP_NO_TLSv1; // works
var creds = crypto.createCredentials({ secureOptions: secureOptions });
ssl = new Connection(creds.context, false, host, false);
var rc = ssl.start();
//assert(rc === 0, 'ssl.start'); // FIXME Asserts on SSL_ERROR_WANT_READ
outgoing.push(new Buffer('GET / HTTP/1.0\r\n' +
'Host: ' + host + '\r\n' +
'\r\n'));
cycle();
handle.readStart();
};
handle.onread = function(buf, off, len) {
if (!buf && process._errno === 'EOF') process.exit(0);
assert(buf, 'onread ' + process._errno);
console.error('recv ' + len);
incoming.push(buf.slice(off, off + len));
cycle();
};
@bnoordhuis

This comment has been minimized.

Copy link
Owner Author

commented May 1, 2013

Works with openssl 1.0.0f, hangs with 1.0.1e - unless you disable SNI (i.e. don't pass host to Connection.)

/cc @indutny @isaacs @tjfontaine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.