add passphrase option

README.md

@@ -102,6 +102,15 @@ Then you need to run the server with `-S` for enabling SSL and `-C` for your cer
 http-server -S -C cert.pem
 ```
 
+If you wish to use a passphrase with your private key you can include one in the openssl command via the -passout parameter (using password of foobar)
+
+
+e.g.
+`openssl req -newkey rsa:2048 -passout pass:foobar -keyout key.pem -x509 -days 365 -out cert.pem`
+
+For security reasons rather than the command line http-server will read this from the `NODE_HTTP_SERVER_SSL_PASSPHRASE` environment variable.
+
+
 This is what should be output if successful:
 
 ``` sh

bin/http-server

@@ -61,6 +61,7 @@ if (argv.h || argv.help) {
 var port = argv.p || argv.port || parseInt(process.env.PORT, 10),
     host = argv.a || '0.0.0.0',
     ssl = argv.S || argv.ssl,
+    sslPassphrase = process.env.NODE_HTTP_SERVER_SSL_PASSPHRASE,
     proxy = argv.P || argv.proxy,
     utc = argv.U || argv.utc,
     version = argv.v || argv.version,
@@ -143,7 +144,8 @@ function listen(port) {
   if (ssl) {
     options.https = {
       cert: argv.C || argv.cert || 'cert.pem',
-      key: argv.K || argv.key || 'key.pem'
+      key: argv.K || argv.key || 'key.pem',
+      passphrase: sslPassphrase,
     };
     try {
       fs.lstatSync(options.https.cert);

doc/http-server.1

@@ -110,6 +110,7 @@ If not specified, uses cert.pem.
 .BI \-K ", " \-\-key " " [\fIFILE\fR]
 Path to SSL key file.
 If not specified, uses key.pem.
+Passphrase will be read from NODE_HTTP_SERVER_SSL_PASSPHRASE (if set)
 
 .TP
 .BI \-r ", " \-\-robots " " [\fIUSER\-AGENT\fR]

lib/http-server.js

@@ -173,7 +173,11 @@ function HttpServer(options) {
     serverOptions.https = options.https;
   }
 
-  this.server = union.createServer(serverOptions);
+  this.server = options.https.passphrase
+    // if passphrase is set, shim must be used as union does not support
+    ? require('./shims/https-server-shim')(serverOptions)
+    : union.createServer(serverOptions);
+
   if (options.timeout !== undefined) {
     this.server.setTimeout(options.timeout);
   }

lib/shims/https-server-shim.js

@@ -0,0 +1,61 @@
+var https = require('https');
+var fs = require('fs');
+var RoutingStream = require('union/lib/routing-stream');
+
+module.exports = function (options) {
+  var isArray = Array.isArray(options.after),
+      credentials;
+
+  if (!options) {
+    throw new Error('options is required to create a server');
+  }
+
+  function requestHandler(req, res) {
+    var routingStream = new RoutingStream({
+      before: options.before,
+      buffer: options.buffer,
+      after: isArray && options.after.map(function (After) {
+        return new After;
+      }),
+      request: req,
+      response: res,
+      limit: options.limit,
+      headers: options.headers
+    });
+
+    routingStream.on('error', function (err) {
+      var fn = options.onError || core.errorHandler;
+      fn(err, routingStream, routingStream.target, function () {
+        routingStream.target.emit('next');
+      });
+    });
+
+    req.pipe(routingStream);
+  }
+
+  var serverOptions,
+      credentials;
+
+  serverOptions = options.https;
+  if (!serverOptions.key || !serverOptions.cert) {
+    throw new Error('Both options.' + key + '.`key` and options.' + key + '.`cert` are required.');
+  }
+
+  credentials = {
+    key:  fs.readFileSync(serverOptions.key),
+    cert: fs.readFileSync(serverOptions.cert),
+    passphrase: process.env.NODE_HTTP_SERVER_SSL_PASSPHRASE
+  };
+
+  if (serverOptions.ca) {
+    serverOptions.ca = !Array.isArray(serverOptions.ca)
+      ? [serverOptions.ca]
+      : serverOptions.ca
+
+    credentials.ca = serverOptions.ca.map(function (ca) {
+      return fs.readFileSync(ca);
+    });
+  }
+
+  return https.createServer(credentials, requestHandler);
+};