tls: Allow establishing secure connection on the existing socket

Author: koichik

doc/api/tls.markdown

@@ -130,6 +130,11 @@ defaults to `localhost`.) `options` should be an object which specifies
 
   - `servername`: Servername for SNI (Server Name Indication) TLS extension.
 
+  - `socket`: Establish secure connection on a given socket rather than
+    creating a new socket. If this option is specified, `host` and `port`
+    are ignored.  This is intended FOR INTERNAL USE ONLY.  As with all
+    undocumented APIs in Node, they should not be used.
+
 The `secureConnectListener` parameter will be added as a listener for the
 ['secureConnect'](#event_secureConnect_) event.
 

lib/tls.js

@@ -1030,7 +1030,7 @@ exports.connect = function(port /* host, options, cb */) {
     }
   }
 
-  var socket = new net.Stream();
+  var socket = options.socket ? options.socket : new net.Stream();
 
   var sslcontext = crypto.createCredentials(options);
 
@@ -1050,7 +1050,9 @@ exports.connect = function(port /* host, options, cb */) {
     cleartext.on('secureConnect', cb);
   }
 
-  socket.connect(port, host);
+  if (!options.socket) {
+    socket.connect(port, host);
+  }
 
   pair.on('secure', function() {
     var verifyError = pair.ssl.verifyError();

test/simple/test-tls-connect-given-socket.js

@@ -0,0 +1,59 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var common = require('../common');
+var assert = require('assert');
+var tls = require('tls');
+var net = require('net');
+var fs = require('fs');
+var path = require('path');
+
+var serverConnected = false;
+var clientConnected = false;
+
+var options = {
+  key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')),
+  cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
+};
+
+var server = tls.createServer(options, function(socket) {
+  serverConnected = true;
+  socket.end('Hello');
+}).listen(common.PORT, function() {
+  var socket = net.connect(common.PORT, function() {
+    var client = tls.connect(0, {socket: socket}, function() {
+      clientConnected = true;
+      var data = '';
+      client.on('data', function(chunk) {
+        data += chunk.toString();
+      });
+      client.on('end', function() {
+        assert.equal(data, 'Hello');
+        server.close();
+      });
+    });
+  });
+});
+
+process.on('exit', function() {
+  assert(serverConnected);
+  assert(clientConnected);
+});