I want to pass a tls.CleartextStream instance to a worker process (created by cluster.fork() method). While I can send net.Socket instances using the send(message, handle) method I can't do the same using the ClearStream class.
Might there be a way to "rewrap" the connected raw socket by serializing the original CleartextStream instance?
This is what I want to achieve: The master process of a Node.js application is listening for TLS connections. There are a number of certain worker processes which where spawned at startup. A client connected to the master process want to be redirected to a certain worker process. Therefore the master should send the socket to the corresponding worker process. This actually works but as the TLS context gets lost the worker process can neither de- nor encode data to communicate to the connected client.
Do you have any idea how this could be realized?
Passing a connected TLS connection in a secure and trusted way is a difficult problem.
The easiest approach is to do the TLS decoding / encoding on the Master process, and then send the data itself to the individual workers. To keep security over that network connection, you can create another TLS session between the master and the worker. The main caveat is the possibility of a performance bottleneck
You can use stream.pipe http://nodejs.org/api/stream.html#stream_stream_pipe_destination_options to connect the two TLS streams to one another bi-directionally.
EDIT: Just read question more closely. Since the worker process is on the same machine, you don't have to use TLS between the master and workers.
After fork, each worker is a separate processor with its own address space. Passing fd or socket across process boundary might not work.
I agree with Eric, the best thing to do is use stream.pipe().