Use newer TLS functions when available

This removes the deprecation warnings on node.js 0.11.13+ when using
SSL.

fixes #809

Author: dougwilson

lib/Connection.js

@@ -1,4 +1,6 @@
+var Crypto           = require('crypto');
 var Net              = require('net');
+var tls              = require('tls');
 var ConnectionConfig = require('./ConnectionConfig');
 var Protocol         = require('./protocol/Protocol');
 var SqlString        = require('./protocol/SqlString');
@@ -209,40 +211,73 @@ Connection.prototype.format = function(sql, values) {
   return SqlString.format(sql, values, this.config.stringifyObjects, this.config.timezone);
 };
 
+if (tls.TLSSocket) {
+  // 0.11+ environment
+  Connection.prototype._startTLS = function _startTLS(onSecure) {
+    var secureContext = tls.createSecureContext({
+      key        : this.config.ssl.key,
+      cert       : this.config.ssl.cert,
+      passphrase : this.config.ssl.passphrase,
+      ca         : this.config.ssl.ca
+    });
 
-Connection.prototype._startTLS = function(onSecure) {
-
-  var crypto = require('crypto');
-  var tls = require('tls');
- 
-  // before TLS:
-  //  _socket <-> _protocol
-  // after:
-  //  _socket <-> securePair.encrypted <-> securePair.cleartext <-> _protocol
-
-  var credentials = crypto.createCredentials({
-    key: this.config.ssl.key,
-    cert: this.config.ssl.cert,
-    passphrase: this.config.ssl.passphrase,
-    ca: this.config.ssl.ca
-  });
- 
-  var securePair = tls.createSecurePair(credentials, false);
-  
-  securePair.encrypted.pipe(this._socket);
-  securePair.cleartext.pipe(this._protocol);
-
-  // TODO: change to unpipe/pipe (does not work for some reason. Streams1/2 conflict?)
-  this._socket.removeAllListeners('data');
-  this._protocol.removeAllListeners('data');
-  this._socket.on('data', function(data) {
-    securePair.encrypted.write(data);
-  });
-  this._protocol.on('data', function(data) {
-    securePair.cleartext.write(data);
-  });
-  securePair.on('secure', onSecure);
-};
+    // "unpipe"
+    this._socket.removeAllListeners('data');
+    this._protocol.removeAllListeners('data');
+
+    // socket <-> encrypted
+    var secureSocket = new tls.TLSSocket(this._socket, {
+      secureContext : secureContext,
+      isServer      : false
+    });
+
+    // cleartext <-> protocol
+    secureSocket.pipe(this._protocol);
+    this._protocol.on('data', function(data) {
+      secureSocket.write(data);
+    });
+
+    secureSocket.on('secure', onSecure);
+
+    // start TLS communications
+    secureSocket._start();
+  };
+} else {
+  // pre-0.11 environment
+  Connection.prototype._startTLS = function _startTLS(onSecure) {
+    // before TLS:
+    //  _socket <-> _protocol
+    // after:
+    //  _socket <-> securePair.encrypted <-> securePair.cleartext <-> _protocol
+
+    var credentials = Crypto.createCredentials({
+      key        : this.config.ssl.key,
+      cert       : this.config.ssl.cert,
+      passphrase : this.config.ssl.passphrase,
+      ca         : this.config.ssl.ca
+    });
+
+    var securePair = tls.createSecurePair(credentials, false);
+
+    // "unpipe"
+    this._socket.removeAllListeners('data');
+    this._protocol.removeAllListeners('data');
+
+    // socket <-> encrypted
+    securePair.encrypted.pipe(this._socket);
+    this._socket.on('data', function(data) {
+      securePair.encrypted.write(data);
+    });
+
+    // cleartext <-> protocol
+    securePair.cleartext.pipe(this._protocol);
+    this._protocol.on('data', function(data) {
+      securePair.cleartext.write(data);
+    });
+
+    securePair.on('secure', onSecure);
+  };
+}
 
 Connection.prototype._handleConnectTimeout = function() {
   if (this._socket) {

test/FakeServer.js

@@ -3,7 +3,9 @@
 
 var common       = require('./common');
 var _            = require('underscore');
+var Crypto       = require('crypto');
 var Net          = require('net');
+var tls          = require('tls');
 var Packets      = require('../lib/protocol/packets');
 var PacketWriter = require('../lib/protocol/PacketWriter');
 var Parser       = require('../lib/protocol/Parser');
@@ -102,11 +104,10 @@ FakeConnection.prototype._handleData = function(buffer) {
 };
 
 FakeConnection.prototype._parsePacket = function(header) {
-  var Packet   = this._determinePacket(header);
-  var packet   = new Packet({protocol41: true});
-  var parser   = this._parser;
+  var Packet = this._determinePacket(header);
+  var packet = new Packet({protocol41: true});
 
-  packet.parse(parser);
+  packet.parse(this._parser);
 
   switch (Packet) {
     case Packets.ClientAuthenticationPacket:
@@ -120,29 +121,11 @@ FakeConnection.prototype._parsePacket = function(header) {
         throw new Error('not implemented');
       } else {
         this._sendPacket(new Packets.OkPacket());
-        parser.resetPacketNumber();
+        this._parser.resetPacketNumber();
       }
       break;
     case Packets.SSLRequestPacket:
-      // halt parser
-      parser.pause();
-      this._socket.removeAllListeners('data');
-
-      // inject secure pair
-      var securePair = common.createSecurePair();
-      this._socket.pipe(securePair.encrypted);
-      this._stream = securePair.cleartext;
-      securePair.cleartext.on('data', this._handleData.bind(this));
-      securePair.encrypted.pipe(this._socket);
-
-      // resume
-      process.nextTick(function() {
-        var buffer = parser._buffer.slice(parser._offset);
-        parser._offset = parser._buffer.length;
-        parser.resume();
-        securePair.encrypted.write(buffer);
-      });
-
+      this._startTLS();
       break;
     case Packets.OldPasswordPacket:
       this._oldPasswordPacket = packet;
@@ -156,7 +139,7 @@ FakeConnection.prototype._parsePacket = function(header) {
       break;
     case Packets.ComPingPacket:
       this._sendPacket(new Packets.OkPacket());
-      parser.resetPacketNumber();
+      this._parser.resetPacketNumber();
       break;
     case Packets.ComChangeUserPacket:
       this._clientAuthenticationPacket = new Packets.ClientAuthenticationPacket({
@@ -170,7 +153,7 @@ FakeConnection.prototype._parsePacket = function(header) {
         user         : packet.user
       });
       this._sendPacket(new Packets.OkPacket());
-      parser.resetPacketNumber();
+      this._parser.resetPacketNumber();
       break;
     case Packets.ComQuitPacket:
       this.emit('quit', packet);
@@ -211,3 +194,56 @@ FakeConnection.prototype._determinePacket = function(header) {
 FakeConnection.prototype.destroy = function() {
   this._socket.destroy();
 };
+
+if (tls.TLSSocket) {
+  // 0.11+ environment
+  FakeConnection.prototype._startTLS = function _startTLS() {
+    // halt parser
+    this._parser.pause();
+    this._socket.removeAllListeners('data');
+
+    // socket <-> encrypted
+    var secureContext = tls.createSecureContext(common.getSSLConfig());
+    var secureSocket  = new tls.TLSSocket(this._socket, {
+      secureContext : secureContext,
+      isServer      : true
+    });
+
+    // cleartext <-> protocol
+    secureSocket.on('data', this._handleData.bind(this));
+    this._stream = secureSocket;
+
+    // resume
+    var parser = this._parser;
+    process.nextTick(function() {
+      var buffer = parser._buffer.slice(parser._offset);
+      parser._offset = parser._buffer.length;
+      parser.resume();
+      secureSocket.ssl.receive(buffer);
+    });
+  };
+} else {
+  // pre-0.11 environment
+  FakeConnection.prototype._startTLS = function _startTLS() {
+    // halt parser
+    this._parser.pause();
+    this._socket.removeAllListeners('data');
+
+    // inject secure pair
+    var credentials = Crypto.createCredentials(common.getSSLConfig());
+    var securePair = tls.createSecurePair(credentials, true);
+    this._socket.pipe(securePair.encrypted);
+    this._stream = securePair.cleartext;
+    securePair.cleartext.on('data', this._handleData.bind(this));
+    securePair.encrypted.pipe(this._socket);
+
+    // resume
+    var parser = this._parser;
+    process.nextTick(function() {
+      var buffer = parser._buffer.slice(parser._offset);
+      parser._offset = parser._buffer.length;
+      parser.resume();
+      securePair.encrypted.write(buffer);
+    });
+  };
+}

test/common.js

@@ -1,8 +1,6 @@
 var common     = exports;
-var crypto     = require('crypto');
 var fs         = require('fs');
 var path       = require('path');
-var tls        = require('tls');
 var _          = require('underscore');
 var FakeServer = require('./FakeServer');
 
@@ -48,12 +46,6 @@ common.createFakeServer = function(options) {
   return new FakeServer(_.extend({}, options));
 };
 
-common.createSecurePair = function() {
-  var credentials = crypto.createCredentials(common.getSSLConfig());
-
-  return tls.createSecurePair(credentials, true);
-};
-
 common.useTestDb = function(connection) {
   var query = connection.query('CREATE DATABASE ' + common.testDatabase, function(err) {
     if (err && err.code !== 'ER_DB_CREATE_EXISTS') throw err;