react-native-nitro-net 0.1.5 → 0.2.0

package/README.md

@@ -5,9 +5,11 @@ Node.js `net` API implementation for React Native using [Nitro Modules](https://
 ## Features
 
 *   🚀 **High Performance**: Built on top of Rust's `tokio` asynchronous runtime.
-*   🤝 **Node.js Compatible**: Implements the standard `net` API including `Socket` (Duplex stream) and `Server`.
+*   🤝 **Node.js Compatible**: Implements standard `net` and `tls` APIs including `Socket`, `Server`, `TLSSocket`, and `SecureContext`.
+*   🛡️ **Modern Security**: TLS implementation powered by **Rustls 0.23** (Ring provider), supporting TLS 1.2 and 1.3.
+*   🔒 **Full TLS Support**: Support for PEM/PFX certificates, encrypted private keys, SNI, Session tickets, and 100% Node.js API surface compatibility.
 *   ⚡ **Nitro Modules**: Uses JSI for zero-overhead communication between JavaScript and Native code.
-*   🛡️ **Robust & Stable**: Advanced fixes for common networking issues like port reuse, deadlocks, and DNS reliability.
+*   🛡️ **Robust & Stable**: Advanced fixes for port reuse, deadlocks, and DNS reliability.
 *   📱 **Cross-Platform**: Supports both iOS and Android.
 
 ## Installation
@@ -30,7 +32,7 @@ cd ios && pod install
 
 This library uses a high-performance three-layer architecture:
 
-1.  **JavaScript Layer**: Provides the high-level Node.js compatible `net.Socket` (Duplex) and `net.Server` APIs using `readable-stream` and `EventEmitter`.
+1.  **JavaScript Layer**: Provides high-level Node.js compatible `net` and `tls` APIs using `readable-stream` and `EventEmitter`.
 2.  **C++ Bridge (Nitro)**: Handles the zero-copy orchestration between JS and Rust using Nitro Hybrid Objects and JSI.
 3.  **Rust Core**: Implements the actual networking logic using the **Tokio** asynchronous runtime, providing memory safety and high concurrency.
 
@@ -73,6 +75,31 @@ server.listen(0, '127.0.0.1', () => {
 });
 ```
 
+### TLS (Secure Socket)
+
+```typescript
+import { tls } from 'react-native-nitro-net';
+
+// Client connection
+const socket = tls.connect({
+  host: 'example.com',
+  port: 443,
+  servername: 'example.com', // SNI
+}, () => {
+  console.log('Securely connected!');
+  console.log('Protocol:', socket.getProtocol());
+});
+
+// Server with PFX
+const server = tls.createServer({
+  pfx: fs.readFileSync('server.pfx'),
+  passphrase: 'your-password'
+}, (socket) => {
+  socket.write('Secure hello!');
+});
+server.listen(443);
+```
+
 ## Stability Improvements
 
 We have implemented several critical fixes to ensure production-grade stability:
@@ -82,6 +109,11 @@ We have implemented several critical fixes to ensure production-grade stability:
 *   **DNS Reliability**: Automatically retries all resolved IP addresses if the first one fails to connect.
 *   **Resource Management**: Strict protective shutdown logic in Rust to prevent socket and Unix domain socket file leaks.
 
+## Compatibility Notes
+
+> [!IMPORTANT]
+> **`Server.close()` Behavior**: Unlike Node.js's default behavior where `server.close()` only stops accepting new connections, this implementation **immediately destroys all active connections** when `close()` is called. This ensures clean resource release and is more intuitive for mobile applications.
+
 ## API Reference
 
 ### `net.Socket`
@@ -97,6 +129,20 @@ We have implemented several critical fixes to ensure production-grade stability:
 
 **Events**: `connect`, `ready`, `data`, `error`, `close`, `timeout`, `lookup`.
 
+### `tls.TLSSocket`
+*Extends `net.Socket`*
+
+| Property / Method | Description |
+| --- | --- |
+| `authorized` | `true` if peer certificate is verified. |
+| `getProtocol()` | Returns negotiated TLS version (e.g., "TLSv1.3"). |
+| `getCipher()` | Returns current cipher information. |
+| `getPeerCertificate()`| Returns detailed JSON of the peer certificate. |
+| `getSession()` | Returns the session ticket for resumption. |
+| `encrypted` | Always `true`. |
+
+**Events**: `secureConnect`, `session`, `keylog`, `OCSPResponse`.
+
 ### Global APIs
 
 | Method | Description |
@@ -110,12 +156,18 @@ We have implemented several critical fixes to ensure production-grade stability:
 | Method | Description |
 | --- | --- |
 | `listen(options)` | Start listening. Supports `port: 0` for dynamic allocation. |
-| `close()` | Stops the server from accepting new connections. |
+| `close()` | Stops the server and **destroys all active connections**. |
 | `address()` | Returns the bound address (crucial for dynamic ports). |
 | `getConnections(cb)`| Get count of active connections. |
 
 **Events**: `listening`, `connection`, `error`, `close`.
 
+### `tls.Server`
+*Extends `net.Server`*
+
+Supported methods: `listen`, `close`, `addContext`, `setTicketKeys`, `getTicketKeys`.
+**Events**: `secureConnection`, `keylog`, `newSession`.
+
 ## Debugging
 
 Enable verbose logging to see the internal data flow across JS, C++, and Rust:

package/cpp/HybridNetDriver.hpp

@@ -4,11 +4,16 @@
 #include "HybridNetServerDriver.hpp"
 #include "HybridNetSocketDriver.hpp"
 #include "NetManager.hpp"
+#include <NitroModules/ArrayBuffer.hpp>
+#include <optional>
+#include <string>
 
 namespace margelo {
 namespace nitro {
 namespace net {
 
+using namespace margelo::nitro;
+
 class HybridNetDriver : public HybridNetDriverSpec {
 public:
   HybridNetDriver() : HybridObject(TAG) {}
@@ -31,6 +36,69 @@ public:
     return std::make_shared<HybridNetServerDriver>();
   }
 
+  double
+  createSecureContext(const std::string &cert, const std::string &key,
+                      const std::optional<std::string> &passphrase) override {
+    return static_cast<double>(net_create_secure_context(
+        cert.c_str(), key.c_str(),
+        passphrase.has_value() ? passphrase.value().c_str() : nullptr));
+  }
+
+  double createEmptySecureContext() override {
+    return static_cast<double>(net_secure_context_create());
+  }
+
+  void addCACertToSecureContext(double scId, const std::string &ca) override {
+    net_secure_context_add_ca(static_cast<uint32_t>(scId), ca.c_str());
+  }
+
+  void addContextToSecureContext(
+      double scId, const std::string &hostname, const std::string &cert,
+      const std::string &key,
+      const std::optional<std::string> &passphrase) override {
+    net_secure_context_add_context(
+        static_cast<uint32_t>(scId), hostname.c_str(), cert.c_str(),
+        key.c_str(),
+        passphrase.has_value() ? passphrase.value().c_str() : nullptr);
+  }
+
+  void
+  setPFXToSecureContext(double scId, const std::shared_ptr<ArrayBuffer> &pfx,
+                        const std::optional<std::string> &passphrase) override {
+    if (pfx) {
+      net_secure_context_set_pfx(
+          static_cast<uint32_t>(scId), pfx->data(), pfx->size(),
+          passphrase.has_value() ? passphrase.value().c_str() : nullptr);
+    }
+  }
+
+  void setOCSPResponseToSecureContext(
+      double scId, const std::shared_ptr<ArrayBuffer> &ocsp) override {
+    if (ocsp) {
+      net_secure_context_set_ocsp_response(static_cast<uint32_t>(scId),
+                                           ocsp->data(), ocsp->size());
+    }
+  }
+
+  std::optional<std::shared_ptr<ArrayBuffer>>
+  getTicketKeys(double scId) override {
+    uint8_t buf[256];
+    size_t len = net_server_get_ticket_keys(static_cast<uint32_t>(scId), buf,
+                                            sizeof(buf));
+    if (len > 0) {
+      return ArrayBuffer::copy(buf, len);
+    }
+    return std::nullopt;
+  }
+
+  void setTicketKeys(double scId,
+                     const std::shared_ptr<ArrayBuffer> &keys) override {
+    if (keys) {
+      net_server_set_ticket_keys(static_cast<uint32_t>(scId), keys->data(),
+                                 keys->size());
+    }
+  }
+
   void initWithConfig(const NetConfig &config) override {
     uint32_t workerThreads = config.workerThreads.value_or(0);
     NetManager::shared().initWithConfig(workerThreads);

package/cpp/HybridNetServerDriver.hpp

@@ -49,6 +49,15 @@ public:
                ipv6Only.value_or(false), reusePort.value_or(false));
   }
 
+  void listenTLS(double port, double secureContextId,
+                 std::optional<double> backlog, std::optional<bool> ipv6Only,
+                 std::optional<bool> reusePort) override {
+    net_listen_tls(_id, static_cast<int>(port),
+                   static_cast<int>(backlog.value_or(128)),
+                   ipv6Only.value_or(false), reusePort.value_or(false),
+                   static_cast<uint32_t>(secureContextId));
+  }
+
   void listenUnix(const std::string &path,
                   std::optional<double> backlog) override {
     net_listen_unix(_id, path.c_str(), static_cast<int>(backlog.value_or(128)));

package/cpp/HybridNetSocketDriver.hpp

@@ -4,12 +4,15 @@
 #include "NetBindings.hpp"
 #include "NetManager.hpp"
 #include <NitroModules/ArrayBuffer.hpp>
+#include <optional>
 #include <string>
 
 namespace margelo {
 namespace nitro {
 namespace net {
 
+using namespace margelo::nitro;
+
 class HybridNetSocketDriver : public HybridNetSocketDriverSpec {
 public:
   HybridNetSocketDriver() : HybridObject(TAG) {
@@ -48,6 +51,111 @@ public:
     net_connect(_id, host.c_str(), static_cast<int>(port));
   }
 
+  void connectTLS(const std::string &host, double port,
+                  const std::optional<std::string> &serverName,
+                  std::optional<bool> rejectUnauthorized) override {
+    const char *sni = serverName.has_value() ? serverName->c_str() : nullptr;
+    bool ru = rejectUnauthorized.value_or(true);
+    net_connect_tls(_id, host.c_str(), static_cast<int>(port), sni,
+                    static_cast<int>(ru));
+  }
+
+  void connectTLSWithContext(const std::string &host, double port,
+                             const std::optional<std::string> &serverName,
+                             std::optional<bool> rejectUnauthorized,
+                             std::optional<double> secureContextId) override {
+    const char *sni = serverName.has_value() ? serverName->c_str() : nullptr;
+    bool ru = rejectUnauthorized.value_or(true);
+    if (secureContextId.has_value()) {
+      net_connect_tls_with_context(
+          _id, host.c_str(), static_cast<int>(port), sni, static_cast<int>(ru),
+          static_cast<uint32_t>(secureContextId.value()));
+    } else {
+      net_connect_tls(_id, host.c_str(), static_cast<int>(port), sni,
+                      static_cast<int>(ru));
+    }
+  }
+
+  std::optional<std::string> getAuthorizationError() override {
+    char buf[1024];
+    size_t len = net_get_authorization_error(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf);
+    }
+    return std::nullopt;
+  }
+
+  std::optional<std::string> getProtocol() override {
+    char buf[128];
+    size_t len = net_get_protocol(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf);
+    }
+    return std::nullopt;
+  }
+
+  std::optional<std::string> getCipher() override {
+    char buf[256];
+    size_t len = net_get_cipher(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf);
+    }
+    return std::nullopt;
+  }
+
+  std::optional<std::string> getALPN() override {
+    char buf[64];
+    size_t len = net_get_alpn(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf);
+    }
+    return std::nullopt;
+  }
+
+  std::optional<std::string> getPeerCertificateJSON() override {
+    char buf[16384];
+    size_t len = net_get_peer_certificate_json(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf, len);
+    }
+    return std::nullopt;
+  }
+
+  std::optional<std::string> getEphemeralKeyInfo() override {
+    char buf[512];
+    size_t len = net_get_ephemeral_key_info(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf, len);
+    }
+    return std::nullopt;
+  }
+
+  std::optional<std::string> getSharedSigalgs() override {
+    char buf[1024];
+    size_t len = net_get_shared_sigalgs(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return std::string(buf, len);
+    }
+    return std::nullopt;
+  }
+
+  bool isSessionReused() override { return net_is_session_reused(_id); }
+
+  std::optional<std::shared_ptr<ArrayBuffer>> getSession() override {
+    uint8_t buf[2048];
+    size_t len = net_get_session(_id, buf, sizeof(buf));
+    if (len > 0) {
+      return ArrayBuffer::copy(buf, len);
+    }
+    return std::nullopt;
+  }
+
+  void setSession(const std::shared_ptr<ArrayBuffer> &session) override {
+    if (session && session->size() > 0) {
+      net_set_session(_id, session->data(), session->size());
+    }
+  }
+
   void write(const std::shared_ptr<ArrayBuffer> &data) override {
     if (!data)
       return;
@@ -70,6 +178,8 @@ public:
     }
   }
 
+  void enableKeylog() override { net_socket_enable_keylog(_id); }
+
   void setNoDelay(bool enable) override { net_set_nodelay(_id, enable); }
 
   void setKeepAlive(bool enable, double delay) override {
@@ -107,6 +217,45 @@ public:
     net_connect_unix(_id, path.c_str());
   }
 
+  void connectUnixTLS(const std::string &path,
+                      const std::optional<std::string> &serverName,
+                      std::optional<bool> rejectUnauthorized) override {
+#if !defined(__ANDROID__)
+    const char *sni = serverName.has_value() ? serverName->c_str() : "";
+    bool ru = rejectUnauthorized.value_or(true);
+    net_connect_unix_tls(_id, path.c_str(), sni, static_cast<int>(ru));
+#else
+    // Unix TLS not supported on Android
+    (void)path;
+    (void)serverName;
+    (void)rejectUnauthorized;
+#endif
+  }
+
+  void
+  connectUnixTLSWithContext(const std::string &path,
+                            const std::optional<std::string> &serverName,
+                            std::optional<bool> rejectUnauthorized,
+                            std::optional<double> secureContextId) override {
+#if !defined(__ANDROID__)
+    const char *sni = serverName.has_value() ? serverName->c_str() : "";
+    bool ru = rejectUnauthorized.value_or(true);
+    if (secureContextId.has_value()) {
+      net_connect_unix_tls_with_context(
+          _id, path.c_str(), sni, static_cast<int>(ru),
+          static_cast<uint32_t>(secureContextId.value()));
+    } else {
+      net_connect_unix_tls(_id, path.c_str(), sni, static_cast<int>(ru));
+    }
+#else
+    // Unix TLS not supported on Android
+    (void)path;
+    (void)serverName;
+    (void)rejectUnauthorized;
+    (void)secureContextId;
+#endif
+  }
+
 private:
   void onNativeEvent(int type, const uint8_t *data, size_t len) {
     if (!_onEvent)

package/cpp/NetBindings.hpp

@@ -21,11 +21,27 @@ void net_init_with_config(NetCallback callback, void *context,
 // Socket
 uint32_t net_create_socket();
 void net_connect(uint32_t id, const char *host, int port);
+void net_connect_tls(uint32_t id, const char *host, int port,
+                     const char *server_name, int reject_unauthorized);
+void net_connect_tls_with_context(uint32_t id, const char *host, int port,
+                                  const char *server_name,
+                                  int reject_unauthorized,
+                                  uint32_t secure_context_id);
+size_t net_get_authorization_error(uint32_t id, char *buf, size_t len);
+size_t net_get_protocol(uint32_t id, char *buf, size_t len);
+size_t net_get_cipher(uint32_t id, char *buf, size_t len);
+size_t net_get_alpn(uint32_t id, char *buf, size_t len);
+size_t net_get_peer_certificate_json(uint32_t id, char *buf, size_t len);
+void net_socket_enable_keylog(uint32_t id);
 void net_write(uint32_t id, const uint8_t *data, size_t len);
 void net_close(uint32_t id);
 void net_destroy_socket(uint32_t id);
 void net_socket_reset_and_destroy(uint32_t id);
 
+// Phase 13: Advanced TLS inspection
+size_t net_get_ephemeral_key_info(uint32_t id, char *buf, size_t len);
+size_t net_get_shared_sigalgs(uint32_t id, char *buf, size_t len);
+
 // New Options
 void net_set_nodelay(uint32_t id, bool enable);
 void net_set_keepalive(uint32_t id, bool enable, uint64_t delay_ms);
@@ -41,28 +57,63 @@ void net_pause(uint32_t id);
 void net_resume(uint32_t id);
 void net_shutdown(uint32_t id);
 
-// IPC
+// IPC / Unix Domain Sockets
 void net_connect_unix(uint32_t id, const char *path);
 void net_listen_unix(uint32_t id, const char *path, int backlog);
 
+#if !defined(__ANDROID__)
+// Unix-only TLS functions (not available on Android)
+void net_connect_unix_tls(uint32_t id, const char *path,
+                          const char *server_name, int reject_unauthorized);
+void net_connect_unix_tls_with_context(uint32_t id, const char *path,
+                                       const char *server_name,
+                                       int reject_unauthorized,
+                                       uint32_t secure_context_id);
+#endif
+
 // Server
 uint32_t net_create_server();
 void net_listen(uint32_t id, int port, int backlog, bool ipv6_only,
                 bool reuse_port);
+void net_listen_tls(uint32_t id, int port, int backlog, bool ipv6_only,
+                    bool reuse_port, uint32_t secure_context_id);
 void net_server_close(uint32_t id);
 void net_destroy_server(uint32_t id);
 void net_server_set_max_connections(uint32_t id, int max_connections);
 size_t net_get_server_local_address(uint32_t id, char *buf, size_t len);
+uint32_t net_create_secure_context(const char *cert_pem, const char *key_pem,
+                                   const char *passphrase);
+uint32_t net_secure_context_create();
+void net_secure_context_add_ca(uint32_t sc_id, const char *ca_pem);
+void net_secure_context_set_cert_key(uint32_t sc_id, const char *cert_pem,
+                                     const char *key_pem,
+                                     const char *passphrase);
+void net_secure_context_add_context(uint32_t sc_id, const char *hostname,
+                                    const char *cert_pem, const char *key_pem,
+                                    const char *passphrase);
+void net_secure_context_set_pfx(uint32_t sc_id, const uint8_t *data, size_t len,
+                                const char *passphrase);
+void net_secure_context_set_ocsp_response(uint32_t sc_id, const uint8_t *data,
+                                          size_t len);
 /// Listen on an existing file descriptor (handle)
 /// @param id Server ID
 /// @param fd File descriptor of an already-bound TCP listener
 /// @param backlog Listen backlog
 void net_listen_handle(uint32_t id, int fd, int backlog);
 
+// Session
+bool net_is_session_reused(uint32_t id);
+size_t net_get_session(uint32_t id, uint8_t *buf, size_t len);
+void net_set_session(uint32_t id, const uint8_t *ticket, size_t ticket_len);
+size_t net_server_get_ticket_keys(uint32_t id, uint8_t *buf, size_t len);
+void net_server_set_ticket_keys(uint32_t id, const uint8_t *keys, size_t len);
+
 // Event Types
 #define NET_EVENT_CONNECT 1
 #define NET_EVENT_DATA 2
 #define NET_EVENT_ERROR 3
 #define NET_EVENT_CLOSE 4
 #define NET_EVENT_CONNECTION 6
+#define NET_EVENT_KEYLOG 10
+#define NET_EVENT_OCSP 11
 }

package/ios/Frameworks/RustCNet.xcframework/Info.plist

@@ -8,32 +8,32 @@
 			<key>BinaryPath</key>
 			<string>RustCNet.framework/RustCNet</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64_x86_64-simulator</string>
+			<string>ios-arm64</string>
 			<key>LibraryPath</key>
 			<string>RustCNet.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
-				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
-			<key>SupportedPlatformVariant</key>
-			<string>simulator</string>
 		</dict>
 		<dict>
 			<key>BinaryPath</key>
 			<string>RustCNet.framework/RustCNet</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64</string>
+			<string>ios-arm64_x86_64-simulator</string>
 			<key>LibraryPath</key>
 			<string>RustCNet.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
+				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
+			<key>SupportedPlatformVariant</key>
+			<string>simulator</string>
 		</dict>
 	</array>
 	<key>CFBundlePackageType</key>

package/lib/Net.nitro.d.ts

@@ -15,7 +15,9 @@ export declare enum NetSocketEvent {
     DRAIN = 5,
     TIMEOUT = 7,
     LOOKUP = 8,
-    DEBUG = 9
+    SESSION = 9,
+    KEYLOG = 10,
+    OCSP = 11
 }
 export interface NetSocketDriver extends HybridObject<{
     ios: 'swift';
@@ -23,7 +25,21 @@ export interface NetSocketDriver extends HybridObject<{
 }> {
     readonly id: number;
     connect(host: string, port: number): void;
+    connectTLS(host: string, port: number, serverName?: string, rejectUnauthorized?: boolean): void;
+    connectTLSWithContext(host: string, port: number, serverName?: string, rejectUnauthorized?: boolean, secureContextId?: number): void;
+    getAuthorizationError(): string | undefined;
+    getProtocol(): string | undefined;
+    getCipher(): string | undefined;
+    getALPN(): string | undefined;
+    getPeerCertificateJSON(): string | undefined;
+    getEphemeralKeyInfo(): string | undefined;
+    getSharedSigalgs(): string | undefined;
+    isSessionReused(): boolean;
+    getSession(): ArrayBuffer | undefined;
+    setSession(session: ArrayBuffer): void;
     connectUnix(path: string): void;
+    connectUnixTLS(path: string, serverName?: string, rejectUnauthorized?: boolean): void;
+    connectUnixTLSWithContext(path: string, serverName?: string, rejectUnauthorized?: boolean, secureContextId?: number): void;
     write(data: ArrayBuffer): void;
     pause(): void;
     resume(): void;
@@ -31,6 +47,7 @@ export interface NetSocketDriver extends HybridObject<{
     setTimeout(timeout: number): void;
     destroy(): void;
     resetAndDestroy(): void;
+    enableKeylog(): void;
     setNoDelay(enable: boolean): void;
     setKeepAlive(enable: boolean, delay: number): void;
     getLocalAddress(): string;
@@ -49,6 +66,7 @@ export interface NetServerDriver extends HybridObject<{
 }> {
     onEvent: (event: number, data: ArrayBuffer) => void;
     listen(port: number, backlog?: number, ipv6Only?: boolean, reusePort?: boolean): void;
+    listenTLS(port: number, secureContextId: number, backlog?: number, ipv6Only?: boolean, reusePort?: boolean): void;
     listenUnix(path: string, backlog?: number): void;
     /**
      * Listen on an existing file descriptor (handle)
@@ -76,6 +94,14 @@ export interface NetDriver extends HybridObject<{
 }> {
     createSocket(id?: string): NetSocketDriver;
     createServer(): NetServerDriver;
+    createSecureContext(cert: string, key: string, passphrase?: string): number;
+    createEmptySecureContext(): number;
+    addCACertToSecureContext(scId: number, ca: string): void;
+    addContextToSecureContext(scId: number, hostname: string, cert: string, key: string, passphrase?: string): void;
+    setPFXToSecureContext(scId: number, pfx: ArrayBuffer, passphrase?: string): void;
+    setOCSPResponseToSecureContext(scId: number, ocsp: ArrayBuffer): void;
+    getTicketKeys(scId: number): ArrayBuffer | undefined;
+    setTicketKeys(scId: number, keys: ArrayBuffer): void;
     /**
      * Initialize the network module with custom configuration
      * Must be called before any other network operations

package/lib/Net.nitro.js

@@ -10,7 +10,9 @@ var NetSocketEvent;
     NetSocketEvent[NetSocketEvent["DRAIN"] = 5] = "DRAIN";
     NetSocketEvent[NetSocketEvent["TIMEOUT"] = 7] = "TIMEOUT";
     NetSocketEvent[NetSocketEvent["LOOKUP"] = 8] = "LOOKUP";
-    NetSocketEvent[NetSocketEvent["DEBUG"] = 9] = "DEBUG";
+    NetSocketEvent[NetSocketEvent["SESSION"] = 9] = "SESSION";
+    NetSocketEvent[NetSocketEvent["KEYLOG"] = 10] = "KEYLOG";
+    NetSocketEvent[NetSocketEvent["OCSP"] = 11] = "OCSP";
 })(NetSocketEvent || (exports.NetSocketEvent = NetSocketEvent = {}));
 var NetServerEvent;
 (function (NetServerEvent) {

package/lib/index.d.ts

@@ -52,10 +52,10 @@ export interface SocketOptions extends DuplexOptions {
     remoteFamily?: string;
 }
 export declare class Socket extends Duplex {
-    private _driver;
+    protected _driver: NetSocketDriver | undefined;
     connecting: boolean;
-    private _connected;
-    private _hadError;
+    protected _connected: boolean;
+    protected _hadError: boolean;
     remoteAddress?: string;
     remotePort?: number;
     remoteFamily?: string;
@@ -141,6 +141,7 @@ export declare class Server extends EventEmitter {
 export declare function createConnection(options: any, connectionListener?: () => void): Socket;
 export declare const connect: typeof createConnection;
 export declare function createServer(options?: any, connectionListener?: (socket: Socket) => void): Server;
+export * as tls from './tls';
 export { isIP, isIPv4, isIPv6, getDefaultAutoSelectFamily, setDefaultAutoSelectFamily, setVerbose, initWithConfig, };
 export type { NetConfig };
 declare const _default: {