tls: forward new SecureContext options

We have a few places where we individually forward each parameter to tls.createSecureContext(). In #28973 and others, we added new SecureContext options but forgot to keep these places up to date. As per https.Agent#getName, I understand that at least `privateKeyIdentifier` and `privateKeyEngine` should be added too, since they're a substitute for `key`. I've also added sigalgs. Fixes: #36322 Refs: #28973 PR-URL: #36416 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rich Trott <[email protected]>

Author: mildsunrise

lib/_tls_wrap.js

@@ -1320,6 +1320,9 @@ Server.prototype.setSecureContext = function(options){
 if(options.ticketKeys)
 this.ticketKeys=options.ticketKeys;
 
+this.privateKeyIdentifier=options.privateKeyIdentifier;
+this.privateKeyEngine=options.privateKeyEngine;
+
 this._sharedCreds=tls.createSecureContext({
 pfx: this.pfx,
 key: this.key,
@@ -1339,7 +1342,9 @@ Server.prototype.setSecureContext = function(options){
 crl: this.crl,
 sessionIdContext: this.sessionIdContext,
 ticketKeys: this.ticketKeys,
-sessionTimeout: this.sessionTimeout
+sessionTimeout: this.sessionTimeout,
+privateKeyIdentifier: this.privateKeyIdentifier,
+privateKeyEngine: this.privateKeyEngine,
 });
 };
 
@@ -1405,6 +1410,11 @@ Server.prototype.setOptions = deprecate(function(options){
 }
 if(options.pskCallback)this[kPskCallback]=options.pskCallback;
 if(options.pskIdentityHint)this[kPskIdentityHint]=options.pskIdentityHint;
+if(options.sigalgs)this.sigalgs=options.sigalgs;
+if(options.privateKeyIdentifier!==undefined)
+this.privateKeyIdentifier=options.privateKeyIdentifier;
+if(options.privateKeyEngine!==undefined)
+this.privateKeyEngine=options.privateKeyEngine;
 },'Server.prototype.setOptions() is deprecated','DEP0122');
 
 // SNI Contexts High-Level API

lib/https.js

@@ -24,6 +24,7 @@
 const{
  ObjectAssign,
  ObjectSetPrototypeOf,
+ JSONStringify,
 }=primordials;
 
 require('internal/util').assertCrypto();
@@ -236,6 +237,18 @@ Agent.prototype.getName = function getName(options){
 if(options.sessionIdContext)
 name+=options.sessionIdContext;
 
+name+=':';
+if(options.sigalgs)
+name+=JSONStringify(options.sigalgs);
+
+name+=':';
+if(options.privateKeyIdentifier)
+name+=options.privateKeyIdentifier;
+
+name+=':';
+if(options.privateKeyEngine)
+name+=options.privateKeyEngine;
+
 returnname;
 };
 

test/parallel/test-https-agent-getname.js

@@ -12,7 +12,7 @@ const agent = new https.Agent();
 // empty options
 assert.strictEqual(
 agent.getName({}),
-'localhost:::::::::::::::::::'
+'localhost::::::::::::::::::::::'
 );
 
 // Pass all options arguments
@@ -34,11 +34,15 @@ const options ={
 secureOptions: 0,
 secureProtocol: 'secureProtocol',
 servername: 'localhost',
-sessionIdContext: 'sessionIdContext'
+sessionIdContext: 'sessionIdContext',
+sigalgs: 'sigalgs',
+privateKeyIdentifier: 'privateKeyIdentifier',
+privateKeyEngine: 'privateKeyEngine',
 };
 
 assert.strictEqual(
 agent.getName(options),
 '0.0.0.0:443:192.168.1.1:ca:cert:dynamic:ciphers:key:pfx:false:localhost:'+
-'::secureProtocol:c,r,l:false:ecdhCurve:dhparam:0:sessionIdContext'
+'::secureProtocol:c,r,l:false:ecdhCurve:dhparam:0:sessionIdContext:'+
+'"sigalgs":privateKeyIdentifier:privateKeyEngine'
 );