forked from konstantin-azarov/node
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: make tls-socket-default-options tests run
Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: nodejs/node#10538 PR-URL: nodejs/node#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information
1 parent
822b6c4
commit e70d959
Showing
1 changed file
with
50 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,55 +1,59 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
|
||
// Test a directly created TLS socket supports no options, and empty options. | ||
|
||
const assert = require('assert'); | ||
const join = require('path').join; | ||
const { | ||
connect, keys, tls | ||
} = require(join(common.fixturesDir, 'tls-connect')); | ||
|
||
if (!common.hasCrypto) { | ||
common.skip('missing crypto'); | ||
return; | ||
} | ||
const tls = require('tls'); | ||
|
||
const fs = require('fs'); | ||
|
||
const sent = 'hello world'; | ||
|
||
const serverOptions = { | ||
isServer: true, | ||
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), | ||
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') | ||
}; | ||
|
||
function testSocketOptions(socket, socketOptions) { | ||
let received = ''; | ||
const server = tls.createServer(serverOptions, function(s) { | ||
s.on('data', function(chunk) { | ||
received += chunk; | ||
}); | ||
|
||
s.on('end', function() { | ||
server.close(); | ||
s.destroy(); | ||
assert.strictEqual(received, sent); | ||
setImmediate(runTests); | ||
}); | ||
}).listen(0, function() { | ||
const c = new tls.TLSSocket(socket, socketOptions); | ||
c.connect(this.address().port, function() { | ||
c.end(sent); | ||
}); | ||
}); | ||
|
||
process.exit(0); | ||
} | ||
|
||
const testArgs = [ | ||
[], | ||
[undefined, {}] | ||
]; | ||
|
||
let n = 0; | ||
function runTests() { | ||
if (n++ < testArgs.length) { | ||
testSocketOptions.apply(null, testArgs[n]); | ||
} | ||
test(undefined, (err) => { | ||
assert.strictEqual(err.message, 'unable to verify the first certificate'); | ||
}); | ||
|
||
test({}, (err) => { | ||
assert.strictEqual(err.message, 'unable to verify the first certificate'); | ||
}); | ||
|
||
test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => { | ||
assert.ifError(err); | ||
}); | ||
|
||
function test(client, callback) { | ||
callback = common.mustCall(callback); | ||
connect({ | ||
server: { | ||
key: keys.agent1.key, | ||
cert: keys.agent1.cert, | ||
}, | ||
}, function(err, pair, cleanup) { | ||
assert.strictEqual(err.message, 'unable to verify the first certificate'); | ||
let recv = ''; | ||
pair.server.server.once('secureConnection', common.mustCall((conn) => { | ||
conn.on('data', (data) => recv += data); | ||
conn.on('end', common.mustCall(() => { | ||
// Server sees nothing wrong with connection, even though the client's | ||
// authentication of the server cert failed. | ||
assert.strictEqual(recv, 'hello'); | ||
cleanup(); | ||
})); | ||
})); | ||
|
||
// Client doesn't support the 'secureConnect' event, and doesn't error if | ||
// authentication failed. Caller must explicitly check for failure. | ||
(new tls.TLSSocket(null, client)).connect(pair.server.server.address().port) | ||
.on('connect', common.mustCall(function() { | ||
this.end('hello'); | ||
})) | ||
.on('secure', common.mustCall(function() { | ||
callback(this.ssl.verifyError()); | ||
})); | ||
}); | ||
} | ||
|
||
runTests(); |