* @param {object} tls * @param {boolean} forServer * @returns {object}
(tls, forServer)
| 4926 | * @returns {object} |
| 4927 | */ |
| 4928 | function processTlsOptions(tls, forServer) { |
| 4929 | const { |
| 4930 | servername, |
| 4931 | alpn, |
| 4932 | ciphers = DEFAULT_CIPHERS, |
| 4933 | groups = DEFAULT_GROUPS, |
| 4934 | keylog = false, |
| 4935 | verifyClient = false, |
| 4936 | rejectUnauthorized = true, |
| 4937 | enableEarlyData = true, |
| 4938 | tlsTrace = false, |
| 4939 | sni, |
| 4940 | // Client-only: identity options are specified directly (no sni map) |
| 4941 | keys, |
| 4942 | certs, |
| 4943 | ca, |
| 4944 | crl, |
| 4945 | verifyPrivateKey = false, |
| 4946 | } = tls; |
| 4947 | |
| 4948 | if (servername !== undefined) { |
| 4949 | validateString(servername, 'options.servername'); |
| 4950 | } |
| 4951 | if (ciphers !== undefined) { |
| 4952 | validateString(ciphers, 'options.ciphers'); |
| 4953 | } |
| 4954 | if (groups !== undefined) { |
| 4955 | validateString(groups, 'options.groups'); |
| 4956 | } |
| 4957 | validateBoolean(keylog, 'options.keylog'); |
| 4958 | validateBoolean(verifyClient, 'options.verifyClient'); |
| 4959 | validateBoolean(rejectUnauthorized, 'options.rejectUnauthorized'); |
| 4960 | validateBoolean(enableEarlyData, 'options.enableEarlyData'); |
| 4961 | validateBoolean(tlsTrace, 'options.tlsTrace'); |
| 4962 | |
| 4963 | // Encode the ALPN option to wire format (length-prefixed protocol names). |
| 4964 | // Server: array of protocol names. Client: single protocol name. |
| 4965 | // If not specified, the C++ default (h3) is used. |
| 4966 | let encodedAlpn; |
| 4967 | if (alpn !== undefined) { |
| 4968 | const protocols = forServer ? |
| 4969 | (ArrayIsArray(alpn) ? alpn : [alpn]) : |
| 4970 | [alpn]; |
| 4971 | if (!forServer) { |
| 4972 | validateString(alpn, 'options.alpn'); |
| 4973 | } |
| 4974 | let totalLen = 0; |
| 4975 | for (let i = 0; i < protocols.length; i++) { |
| 4976 | validateString(protocols[i], `options.alpn[${i}]`); |
| 4977 | if (protocols[i].length === 0 || protocols[i].length > 255) { |
| 4978 | throw new ERR_INVALID_ARG_VALUE(`options.alpn[${i}]`, protocols[i], |
| 4979 | 'must be between 1 and 255 characters'); |
| 4980 | } |
| 4981 | totalLen += 1 + protocols[i].length; |
| 4982 | } |
| 4983 | // Build wire format: [len1][name1][len2][name2]... |
| 4984 | const buf = Buffer.allocUnsafe(totalLen); |
| 4985 | let offset = 0; |
no test coverage detected
searching dependent graphs…