Module basic module

module ssl

The ssl module is a built-in encryption module of fibjs, which can be used to establish the SSL hypertext transfer protocol of a network connection. This module provides cryptographic verification so that clients and servers can ensure the connection is secure

The ssl module contains multiple objects and constants that can be used for a complete SSL client/server communication process. Commonly used categories are:

  1. SslSocket: Based on the underlyingSocketThe encapsulated SSL socket object can be used to perform two-way authentication and other communication operations with the remote server.
  2. SslHandler: SSL protocol conversion processor, used to convert data streams into SSL stream protocols, suitable for building server-side services.
  3. SslServer: SSL server object, convenient for building standard multi-fiber SSL server.

The following isssl.ServerAs an example, we introduce the use of ssl module.

ssl.ServerIt is a basic SSL server that provides an SSL-based network service. usessl.ServerThe class can quickly create a server based on SSL/TLS and is compatible with basically all features of TCP/HTTP services. It has the following characteristics:

  • It comes with an X.509 certificate manager that supports multiple domain name certificates, wildcards, SAN certificates and other functions.
  • It has the same interface and usage as the TCP server, and the upper-layer code does not need to care about the difference between SSL connection and TCP connection.
  • All SSL/TLS security protocols are implemented using the built-in OpenSSL library.
  • Supports protocol extension functions such as SNI and ALPN.

Here's a simple example:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
const ssl = require('ssl'); const http = require('http'); const crypto = require('crypto'); // read cert and key let key = crypto.loadPKey('mycert.key'); let cert = crypto.loadCert('mycert.pem'); // create ssl server const svr = new ssl.Server(cert, key, 8080, s => { var data; while (data = s.read()) { console.log(`received data: ${data.toString()}`); s.write(data.toString().toUpperCase()); } }); // start server svr.start();

In the above code, we first read the SSL certificate and private key files, and then created an SSL server instance. In the server's callback function, after receiving the client data, convert the data to uppercase and return the data to the client through the write function.

object

Socket

CreateSslSocketobject, seeSslSocket

1
SslSocket ssl.Socket;

Handler

CreateSslHandlerobject, seeSslHandler

1
SslHandler ssl.Handler;

Server

CreateSslServerobject, seeSslServer

1
SslServer ssl.Server;

static function

connect

CreateSslSocketobject and establish connection

1 2
static Stream ssl.connect(String url, Integer timeout = 0) async;

Call parameters:

  • url: String, specifies the connection protocol, which can be: ssl://host:port
  • timeout: Integer, specifies the timeout, the unit is milliseconds, the default is 0

Return results:


CreateSslSocketobject and establish connection

1 2 3 4
static Stream ssl.connect(String url, X509Cert crt, PKey key, Integer timeout = 0) async;

Call parameters:

  • url: String, specifies the connection protocol, which can be: ssl://host:port
  • crt:X509Cert, certificate, used to send to the server to verify the client
  • key:PKey, private key, used to talk to the client
  • timeout: Integer, specifies the timeout, the unit is milliseconds, the default is 0

Return results:


CreateSslSocketobject and establish connection

1 2 3 4 5
static Stream ssl.connect(String url, Integer verification, X509Cert crt, PKey key, Integer timeout = 0) async;

Call parameters:

  • url: String, specifies the connection protocol, which can be: ssl://host:port
  • verification: Integer, certificate verification mode
  • crt:X509Cert, certificate, used to send to the server to verify the client
  • key:PKey, private key, used to talk to the client
  • timeout: Integer, specifies the timeout, the unit is milliseconds, the default is 0

Return results:


setClientCert

Set default client certificate

1 2
static ssl.setClientCert(X509Cert crt, PKey key);

Call parameters:

  • crt:X509Cert, certificate, used to send to the server to verify the client
  • key:PKey, private key, used to talk to the client

loadRootCerts

Load the default root certificate that comes with it, which is equivalent tossl.ca.loadRootCerts

1
static ssl.loadRootCerts();

The content of this certificate comes from: http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

static properties

ca

X509Cert, global certificate, used for ssl client mode verification server certificate

1
static readonly X509Cert ssl.ca;

verification

Integer, set the certificate verification mode, the default is VERIFY_REQUIRED

1
static Integer ssl.verification;

constant

VERIFY_NONE

Certificate verification mode, no verification

1
const ssl.VERIFY_NONE = 0;

VERIFY_OPTIONAL

Certificate verification mode, optional verification, allowing verification to fail

1
const ssl.VERIFY_OPTIONAL = 1;

VERIFY_REQUIRED

Certificate verification mode, which requires verification and will be interrupted if the verification fails.

1
const ssl.VERIFY_REQUIRED = 2;

BADCERT_EXPIRED

Certificate verification results, certificate timeout

1
const ssl.BADCERT_EXPIRED = 1;

BADCERT_REVOKED

Certificate verification result, certificate was revoked

1
const ssl.BADCERT_REVOKED = 2;

BADCERT_CN_MISMATCH

Certificate verification result, wrong certificate name

1
const ssl.BADCERT_CN_MISMATCH = 4;

BADCERT_NOT_TRUSTED

Certificate verification result, the certificate is not trustworthy

1
const ssl.BADCERT_NOT_TRUSTED = 8;