-
-
Save bnoordhuis/deb34f193e349615a0c1 to your computer and use it in GitHub Desktop.
SNI + user-service.condenastdigital.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var constants = require('constants'); | |
var assert = require('assert'); | |
var crypto = require('crypto'); | |
var tls = require('tls'); | |
var Connection = process.binding('crypto').Connection; | |
var TCP = process.binding('tcp_wrap').TCP; | |
//var address = '173.194.67.113'; | |
//var host = 'encrypted.google.com'; | |
var address = '165.193.220.80'; | |
var host = 'user-service.condenastdigital.com'; | |
if (process.versions.node.indexOf('0.8.') === 0) { | |
process.__defineGetter__('_errno', function() { | |
return typeof errno === 'undefined' ? 'undefined' : errno; | |
}); | |
} | |
assert(process.features.tls_sni, 'SNI disabled'); | |
var handle = new TCP; | |
var req = handle.connect(address, 443); | |
assert(req, 'connect ' + process._errno); | |
var ssl = null; | |
var incoming = []; | |
var outgoing = []; | |
var big = new Buffer(8192); | |
function cycle() { | |
var buf; | |
var rc; | |
console.error('cycle'); | |
while (buf = incoming.shift()) { | |
rc = ssl.encIn(buf, 0, buf.length); | |
console.error('ssl.encIn=' + rc); | |
if (rc === -1) break; // SSL_ERROR_WANT_READ | |
} | |
if (buf) incoming.unshift(buf); | |
for (;;) { | |
rc = ssl.clearOut(big, 0, big.length); | |
console.error('ssl.clearOut=' + rc); | |
if (rc === -1) break; // SSL_ERROR_WANT_READ | |
process.stdout.write(big.slice(0, rc)); | |
} | |
while (buf = outgoing.shift()) { | |
rc = ssl.clearIn(buf, 0, buf.length); | |
console.error('ssl.clearIn=' + rc); | |
if (rc === -1) break; // SSL_ERROR_WANT_READ | |
} | |
if (buf) outgoing.unshift(buf); | |
for (;;) { | |
rc = ssl.encOut(big, 0, big.length); | |
console.error('ssl.encOut=' + rc); | |
if (rc === -1) break; // SSL_ERROR_WANT_READ | |
req = handle.writeBuffer(big.slice(0, rc)); | |
req.oncomplete = cycle; | |
console.error('send ' + rc); | |
} | |
} | |
req.oncomplete = function(status) { | |
assert(status === 0, 'oncomplete ' + process._errno); | |
var secureOptions = constants.SSL_OP_NO_TLSv1_2 || 0; | |
//secureOptions = constants.SSL_OP_NO_TLSv1; // works | |
var creds = crypto.createCredentials({ secureOptions: secureOptions }); | |
ssl = new Connection(creds.context, false, host, false); | |
var rc = ssl.start(); | |
//assert(rc === 0, 'ssl.start'); // FIXME Asserts on SSL_ERROR_WANT_READ | |
outgoing.push(new Buffer('GET / HTTP/1.0\r\n' + | |
'Host: ' + host + '\r\n' + | |
'\r\n')); | |
cycle(); | |
handle.readStart(); | |
}; | |
handle.onread = function(buf, off, len) { | |
if (!buf && process._errno === 'EOF') process.exit(0); | |
assert(buf, 'onread ' + process._errno); | |
console.error('recv ' + len); | |
incoming.push(buf.slice(off, off + len)); | |
cycle(); | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Works with openssl 1.0.0f, hangs with 1.0.1e - unless you disable SNI (i.e. don't pass host to Connection.)
/cc @indutny @isaacs @tjfontaine