import tls from 'tls'
import net from 'net'
import _debug from 'debug'
import { StreamBuilder } from '../shared'
const debug = _debug('mqttjs:tls')
const buildStream: StreamBuilder = (client, opts) => {
opts.port = opts.port || 8883
opts.host = opts.hostname || opts.host || 'localhost'
if (net.isIP(opts.host) === 0) {
opts.servername = opts.host
}
opts.rejectUnauthorized = opts.rejectUnauthorized !== false
delete opts.path
debug(
'port %d host %s rejectUnauthorized %b',
opts.port,
opts.host,
opts.rejectUnauthorized,
)
const connection = tls.connect(opts)
connection.on('secureConnect', () => {
if (opts.rejectUnauthorized && !connection.authorized) {
connection.emit('error', new Error('TLS not authorized'))
} else {
connection.removeListener('error', handleTLSerrors)
}
})
function handleTLSerrors(err: Error) {
// How can I get verify this error is a tls error?
if (opts.rejectUnauthorized) {
client.emit('error', err)
}
// close this connection to match the behaviour of net
// otherwise all we get is an error from the connection
// and close event doesn't fire. This is a work around
// to enable the reconnect code to work the same as with
// net.createConnection
connection.end()
}
connection.on('error', handleTLSerrors)
return connection
}
export default buildStream