Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

starttls

Package Overview
Dependencies
Maintainers
1
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

starttls

Upgrade a regular `net.Stream` connection to a secure `tls` connection.

  • 0.2.1
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
2.5K
decreased by-40.66%
Maintainers
1
Weekly downloads
 
Created
Source

Start TLS

Build Status

Upgrade a regular net.Stream connection to a secure tls connection.

Based on code by Andris Reinman, itself based on an older version by Nathan Rajlich.

Usage

This library has one method and accepts either an options hash or a prepared socket as the first argument. It returns a SecurePair.

starttls(options, [onSecure]), starttls(socket, [onSecure])

The following options are supported:

  • socket - if not provided, a socket will be created using net.createConnection
  • host - used to perform automatic certificate identity checking, to guard against MITM attacks
  • port - only used to create a socket (along with the host option) if socket is not provided
  • pair - if you want to provide your own SecurePair object

The onSecure callback is optional and receives null or an error object as the first argument (see below for error cases). Within the callback context, this refers to the same SecurePair object returned by starttls.

var net = require('net');
var starttls = require('starttls');
var options = {
	port: 21,
	host: example.com
};

net.createConnection(options, function() {
	options.socket = this;
	starttls(options, function(err) {
		if (err) {

			// Something bad happened!
			return;
		}

		this.cleartext.write('garbage');
	});
});

You should always check for an error before writing to the stream to avoid man-in-the-middle attacks. Errors are produced in the following cases:

  • the certificate authority authorization check failed or was negative
  • the server identity check was negative

If you only pass a socket object, server identity checking will not be performed automatically. In that case you should perform the check manually.

starttls(socket, function(err) {
	if (!tls.checkServerIdentity(host, this.cleartext.getPeerCertificate())) {

		// Hostname mismatch!
		// Report error and end connection...
	}
});

Example

See socks5-https-client for use-case.

Tests

Run make test or npm test to run tests.

License

Portions of this code copyright (c) 2012, Andris Reinman and copyright (c) 2011, Nathan Rajlich.

Modified and redistributed under an MIT license.

Keywords

FAQs

Package last updated on 27 Aug 2013

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

RubyGems.org Adds New Maintainer Role

Security News

RubyGems.org Adds New Maintainer Role

RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.

By Sarah Gooding  -  Nov 12, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc