socket - if not provided, a socket will be created using net.createConnection
host - used to perform automatic certificate identity checking, to guard against MITM attacks
port - only used to create a socket (along with the host option) if socket is not provided
pair - if you want to provide your own SecurePair object

The onSecure callback is optional and receives null or an error object as the first argument (see below for error cases). Within the callback context, this refers to the same SecurePair object returned by starttls.

var net = require('net');
var starttls = require('starttls');
var options = {
	port: 21,
	host: example.com
};

net.createConnection(options, function() {
	options.socket = this;
	starttls(options, function(err) {
		if (err) {

			// Something bad happened!
			return;
		}

		this.cleartext.write('garbage');
	});
});

You should always check for an error before writing to the stream to avoid man-in-the-middle attacks. Errors are produced in the following cases:

the certificate authority authorization check failed or was negative
the server identity check was negative

If you only pass a socket object, server identity checking will not be performed automatically. In that case you should perform the check manually.

starttls(socket, function(err) {
	if (!tls.checkServerIdentity(host, this.cleartext.getPeerCertificate())) {

		// Hostname mismatch!
		// Report error and end connection...
	}
});

Example

See socks5-https-client for use-case.

Tests

Run make test or npm test to run tests.

License

Modified and redistributed under an MIT license.

Keywords

FAQs

What is starttls?

Is starttls popular?

Is starttls well maintained?

Last updated on 21 Oct 2015

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install