tlsSocket.renegotiate(options, callback)

版本历史

版本	变更
v18.0.0	将无效回调传给 `callback` 参数现在会抛出 `ERR_INVALID_ARG_TYPE` 而不是 `ERR_INVALID_CALLBACK`。
v0.11.8	新增于: v0.11.8

options <Object>
- rejectUnauthorized <boolean> 如果不是 false，则服务器证书将根据提供的 CA 列表进行验证。如果验证失败，则会触发 'error' 事件；err.code 包含 OpenSSL 错误代码。 默认值: true。
- requestCert
callback <Function> 如果 renegotiate() 返回 true，则回调将绑定到 'secure' 事件。如果 renegotiate() 返回 false, 则 callback 将在下一个滴答中被调用并出错, 除非 tlsSocket 已被销毁, 在这种情况下根本不会调用 callback。
返回: <boolean> 如果重新协商已启动则为 true，否则为 false。

tlsSocket.renegotiate() 方法启动 TLS 重新协商过程。当完成后，callback 函数将传入一个参数，该参数是 Error（如果请求失败）或 null。

此方法可用于在建立安全连接后请求对等方的证书。

当作为服务器运行时，套接字将在 handshakeTimeout 超时后销毁并出现错误。

对于 TLSv1.3，无法发起重协商，协议不支持。

History

Version	Changes
v18.0.0	Passing an invalid callback to the `callback` argument now throws `ERR_INVALID_ARG_TYPE` instead of `ERR_INVALID_CALLBACK`.
v0.11.8	Added in: v0.11.8

options <Object>
- rejectUnauthorized <boolean> If not false, the server certificate is verified against the list of supplied CAs. An 'error' event is emitted if verification fails; err.code contains the OpenSSL error code. Default: true.
- requestCert
callback <Function> If renegotiate() returned true, callback is attached once to the 'secure' event. If renegotiate() returned false, callback will be called in the next tick with an error, unless the tlsSocket has been destroyed, in which case callback will not be called at all.
Returns: <boolean> true if renegotiation was initiated, false otherwise.

The tlsSocket.renegotiate() method initiates a TLS renegotiation process. Upon completion, the callback function will be passed a single argument that is either an Error (if the request failed) or null.

This method can be used to request a peer's certificate after the secure connection has been established.

When running as the server, the socket will be destroyed with an error after handshakeTimeout timeout.

For TLSv1.3, renegotiation cannot be initiated, it is not supported by the protocol.