Skip to content

test: do not assume tls handshake order #25508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sam-github wants to merge 11 commits into from
Closed

test: do not assume tls handshake order #25508

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
74f1db9
test: wait for TCP connect, not TLS handshake
sam-github Feb 1, 2019
6c13102
test: do not assume server gets secure connection
sam-github Feb 1, 2019
78565d7
test: do not assume tls handshake order
sam-github Jan 8, 2019
c523483
test: do not race connection and rejection
sam-github Jan 9, 2019
e981f20
test: pin regression test for #8074 to TLS 1.2
sam-github Jan 15, 2019
39327b2
test: end tls gracefully, rather than destroy
sam-github Feb 1, 2019
79412a4
test: send a bad record only after connection done
sam-github Feb 1, 2019
431fd20
test: use mustCall in ephemeralkeyinfo test
sam-github Feb 1, 2019
55e0809
test: use common.mustCall(), and log the events
sam-github Feb 1, 2019
3dab493
test: use mustCall(), not global state checks
sam-github Feb 1, 2019
619b034
test: clarify confusion over "client" in comment
sam-github Feb 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
test: do not race connection and rejection 
Existing code assumed that the server completed the handshake before the
client rejected the certificate, and destroyed the socket. This
assumption is fragile, remove it, and instead check explicitly that data
can or cannot be exchanged via TLS, whichever is expected.
  • Loading branch information
@sam-github
sam-github committed Feb 5, 2019
commit c523483bf453e627e474b1a3f9fba8a36439b204
38 changes: 23 additions & 15 deletions test/parallel/test-tls-client-reject.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,49 +33,57 @@ const options = {
cert: fixtures.readSync('test_cert.pem')
};

const server = tls.createServer(options, common.mustCall(function(socket) {
socket.on('data', function(data) {
console.error(data.toString());
assert.strictEqual(data.toString(), 'ok');
});
}, 3)).listen(0, function() {
const server = tls.createServer(options, function(socket) {
socket.pipe(socket);
socket.on('end', () => socket.end());
}).listen(0, common.mustCall(function() {
unauthorized();
});
}));

function unauthorized() {
console.log('connect unauthorized');
const socket = tls.connect({
port: server.address().port,
servername: 'localhost',
rejectUnauthorized: false
}, common.mustCall(function() {
console.log('... unauthorized');
assert(!socket.authorized);
socket.end();
rejectUnauthorized();
socket.on('data', common.mustCall((data) => {
assert.strictEqual(data.toString(), 'ok');
}));
socket.on('end', () => rejectUnauthorized());
}));
socket.on('error', common.mustNotCall());
socket.write('ok');
socket.end('ok');
}

function rejectUnauthorized() {
console.log('reject unauthorized');
const socket = tls.connect(server.address().port, {
servername: 'localhost'
}, common.mustNotCall());
socket.on('data', common.mustNotCall());
socket.on('error', common.mustCall(function(err) {
console.error(err);
console.log('... rejected:', err);
authorized();
}));
socket.write('ng');
socket.end('ng');
}

function authorized() {
console.log('connect authorized');
const socket = tls.connect(server.address().port, {
ca: [fixtures.readSync('test_cert.pem')],
servername: 'localhost'
}, common.mustCall(function() {
console.log('... authorized');
assert(socket.authorized);
socket.end();
server.close();
socket.on('data', common.mustCall((data) => {
assert.strictEqual(data.toString(), 'ok');
}));
socket.on('end', () => server.close());
}));
socket.on('error', common.mustNotCall());
socket.write('ok');
socket.end('ok');
}