Two-way SSL about primus HOT 5 CLOSED

The biggest problem here is that ws is the only transformer that supports client certificates for the client. And it's a non standard API, so it's not compatible with regular WebSockets..

So i'm not really sure how to deal with this.

from primus.

There are essentially 2 parts:

1. Add authentication info in the Spark object.
2. Find a way to set options (key, cert, rejectUnauthorized, ...) on the WebSocket client

For (1): Right now, the problem is that we don't have access to the HTTP request object from the Spark, only the headers. Would it be possible to keep a reference to the request object? Is it dangerous in terms of leaks? This way, when we see a new Spark, we could check who the connection is. It's a bit the same problem with HTTP Basic auth: it's not possible to know who is behind a Spark connection, right? So it's just authorization, no authentication.

For (2), we have to find a way to configure a transformer, or give options to a transformer. A simple solution is to introduce a transformerOptions object to the options object. What do you think?
https://github.com/primus/primus/blob/master/transformers/websockets/client.js#L43

It might be better to split this issue in 2 others.

from primus.

@legege I guess we can keep a reference to the HTTP request object. It just requires us to do additional clean up when we destroy the Spark but it should be possible as there is a way of retrieving this socket from from the supported transformers. Sockjs is known to limit developer freedom, we even had to use horrible hacks in order for us to get access to the request headers, getting access to the full request socket would be just, if not more painful.

I think it's best to split this issue up in 2 different issues just because they are quite development heavy features.

from primus.

I divided this issue in two: #84 and #85.

from primus.

I published a gist here to summarize how to do two-way SSL with Primus.io:
https://gist.github.com/legege/8087063

from primus.