Fixed a bug, where wss implies tls client authentication (crossbario#393

) * Fixed a bug, where wss implies tls client authentication * improve logging when tlsConfiguration missing required params
dexter4life · Feb 20, 2019 · da993ed · da993ed
1 parent 79488d4
commit da993ed
Showing 1 changed file with 26 additions and 11 deletions.
diff --git a/lib/transport/websocket.js b/lib/transport/websocket.js
@@ -108,11 +108,11 @@ Factory.prototype.create = function () {
          var randomBytes = require('randombytes');
          var websocket;
 
-         var options = { 
+         var options = {
             agent : self._options.agent,
             headers : self._options.headers
          };
-         
+
          var protocols;
          if (self._options.protocols) {
             protocols = self._options.protocols;
@@ -122,16 +122,31 @@ Factory.prototype.create = function () {
             options.protocol = protocols;
          }
 
-         if (self._options.url.startsWith('wss://')) {
-            // Using TLS
-            // Only using the known working flags in the options.
-            // https://nodejs.org/api/https.html#https_https_request_options_callback
-            options.ca = self._options.tlsConfiguration.ca;
-            options.cert = self._options.tlsConfiguration.cert;
-            options.key = self._options.tlsConfiguration.key;
-            options.rejectUnauthorized = false;
+         if (self._options.url.startsWith('wss://') &&
+             self._options.tlsConfiguration) {
+
+            if (self._options.tlsConfiguration.ca &&
+                self._options.tlsConfiguration.cert &&
+                self._options.tlsConfiguration.key) {
+
+               // Using TLS
+               // Only using the known working flags in the options.
+               // https://nodejs.org/api/https.html#https_https_request_options_callback
+
+               log.debug('Using TLS Client Authentication.');
+
+               options.ca = self._options.tlsConfiguration.ca;
+               options.cert = self._options.tlsConfiguration.cert;
+               options.key = self._options.tlsConfiguration.key;
+               options.rejectUnauthorized = false;
+            } else {
+               log.debug("Not using TLS Client Authentication. tlsConfiguration should include " +
+                   "'ca' 'cert' and 'key' parameters.");
+            }
+         } else {
+             log.debug('Not using TLS Client Authentication.');
          }
-         
+
          websocket = new WebSocket(self._options.url, protocols, options);
 
          transport.send = function (msg) {