server/lib/starttls.js

   1 // Target API:
   2 //
   3 //  var s = require('net').createStream(25, 'smtp.example.com');
   4 //  s.on('connect', function() {
   5 //   require('starttls')(s, options, function() {
   6 //      if (!s.authorized) {
   7 //        s.destroy();
   8 //        return;
   9 //      }
  10 //
  11 //      s.end("hello world\n");
  12 //    });
  13 //  });
  14 //
  15 //
  16 module.exports = function starttls(socket, options, cb) {
  17
  18   var sslcontext = require('crypto').createCredentials(options);
  19
  20   var pair = require('tls').createSecurePair(sslcontext, false);
  21
  22   var cleartext = pipe(pair, socket);
  23
  24   pair.on('secure', function() {
  25     var verifyError = pair.ssl.verifyError();
  26
  27     if (verifyError) {
  28       cleartext.authorized = false;
  29       cleartext.authorizationError = verifyError;
  30     } else {
  31       cleartext.authorized = true;
  32     }
  33
  34     if (cb) cb();
  35   });
  36
  37   cleartext._controlReleased = true;
  38   return cleartext;
  39 };
  40
  41
  42 function pipe(pair, socket) {
  43   pair.encrypted.pipe(socket);
  44   socket.pipe(pair.encrypted);
  45
  46   pair.fd = socket.fd;
  47   var cleartext = pair.cleartext;
  48   cleartext.socket = socket;
  49   cleartext.encrypted = pair.encrypted;
  50   cleartext.authorized = false;
  51
  52   function onerror(e) {
  53     if (cleartext._controlReleased) {
  54       cleartext.emit('error', e);
  55     }
  56   }
  57
  58   function onclose() {
  59     socket.removeListener('error', onerror);
  60     socket.removeListener('close', onclose);
  61   }
  62
  63   socket.on('error', onerror);
  64   socket.on('close', onclose);
  65
  66   return cleartext;
  67 }
  68