OpenSSL context transfer

[Alex Hultman]

Hi,

I'm working on this (native) WebSocket server project: https://github.com/alexhultman/uWebSockets. It supports transferring connections from the built-in Node.js http.Server to the addon, letting it handle the WebSocket connections.

Now, I'm looking at transferring the OpenSSL context from Node.js to the addon, to also allow seamless transfers from https.Server to the addon. I've looked a bit at the tls_wrap.cc but nothing seems to stand out. How would I begin this task? If this is not supported, maybe you could consider helping me out with this?

[Alex Hultman]

I have found that TLSWrap exposes a function, ssl() which gives me the SSL pointer. But how would I then get this TLSWrap from the passed JS socket? Will it be stored directly in the hidden pointer 0, or will there be a uv_stream_t stored at that position, having its data member set to the TLSWrap object?

[Fedor Indutny]

Hello!

Have you tried accessing `._external` property of `SecureContext` instance? It is basically a wrapped pointer to `SSL_CTX`.

Hope this helps,

Fedor.

--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
To post to this group, send email to nod...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/eb535162-bfe9-4393-9c56-73c840c0be6c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Fedor Indutny]

Alex,

This is exactly what I was talking about, you may want to use `socket.ssl._secureContext._external` to get pointer to the `SSL_CTX` structure in a safe way.

While possible, accessing and using TLSSocket directly is not officially supported, and may make your application broken even with a path version update of node.js .

Cheers,

Fedor.

On Sun, Apr 17, 2016 at 9:08 AM, Alex Hultman <alexh...@gmail.com> wrote:

Hi Fedor,

I did watch the code and I think I know how to get the OpenSSL stuff I need. But I'm not all sure about how to get from the JS object (tls.TLSSocket) to the native underlying structure? Do you know how I should do this? I'm sure I could figure it out by looking some more in the code but I thought someone might already know this and could guide me a little?

[Alex Hultman]

I did a console.log of the socket and now I can see the resemblance with the tls_wrap.cpp. socket._handle is the same as socket.ssl which is a TLSWrap object. So I'm pretty sure that I should be able to get the native TLSWrap object by getting the pointer 0 from the object socket.ssl. From there I should be able to get the context (SSL_CTX) but also the "session" (SSL). This is pretty neat since the code will break and refuse to compile if anything changes in Node.js with new versions. But the layout of having the TLSWrap stored in _handle seems pretty much set in stone. Thanks for the info, the fact that you didn't say this was completely impossible helped a lot.

[Alex Hultman]

Okay I see, you are not even exposing TLSWrap or TCPWrap header files, these are all internal so there is no way for the addon to interpret the pointer without including internals of Node.js. Okay but then how do I get the SSL pointer like the way you shown I could do to get the SSL_CTX? I need both, or at least I need the SSL pointer more than the SSL_CTX. Sorry for the retard moments.

[Fedor Indutny]

You may also get pointer to `SSL` structure from `socket.ssl._external`.