Skip to content

v19.4.0 proposal #46061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RafaelGSS merged 120 commits into from
Jan 6, 2023
Merged

v19.4.0 proposal #46061

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
120 commits
Select commit Hold shift + click to select a range
e294410
deps: V8: cherry-pick bf0bd4868dde
targos Dec 19, 2022
7bd6a2c
wasi: fast calls
devsnek Dec 8, 2022
faee973
deps: V8: cherry-pick bc831f8ba33b
anonrig Dec 10, 2022
7e047df
doc: fix wrong output of example in util
deokjinkim Dec 12, 2022
d08a574
tls: fix re-entrancy issue with TLS close_notify
davidben Sep 6, 2022
ca9b9b9
tls: don't treat fatal TLS alerts as EOF
davidben Sep 6, 2022
99fec0b
deps: update undici to 5.14.0
nodejs-github-bot Dec 13, 2022
3c2ce56
test: remove use of --experimental-global-webcrypto flag
panva Dec 13, 2022
bdbb676
test_runner: parse yaml
MoLow Dec 13, 2022
c37a119
doc: remove last example use of require('crypto').webcrypto
panva Dec 11, 2022
fea122d
test: enable idlharness WebCryptoAPI WPTs
panva Dec 13, 2022
27cf389
tools: update eslint to 8.29.0
nodejs-github-bot Dec 14, 2022
124c2b3
tools: fix incorrect version history order
welfoz Dec 14, 2022
24cae6b
repl: improve robustness wrt to prototype pollution
aduh95 Dec 14, 2022
c86f4a1
doc: remove Juan Jose keys
RafaelGSS Dec 14, 2022
5de08ef
test: add postject to fixtures
RaisinTen Dec 15, 2022
b93a967
doc: add stream/promises pipeline and finished to doc
marco-ippolito Dec 15, 2022
dd77c05
bootstrap: support module_wrap binding in snapshot
joyeecheung Dec 13, 2022
508e830
bootstrap: include event_target into the built-in snapshot
joyeecheung Dec 13, 2022
c6ab449
modules: move modules/cjs/helpers.js to modules/helpers.js
joyeecheung Dec 13, 2022
943852a
lib: add getLazy() method to internal/util
joyeecheung Dec 13, 2022
e529ea4
lib: lazy-load deps in source_map_cache.js
joyeecheung Dec 13, 2022
f6c6673
lib: lazy-load deps in modules/run_main.js
joyeecheung Dec 13, 2022
0b3512f
modules: move callbacks and conditions into modules/esm/utils.js
joyeecheung Dec 13, 2022
d181b76
bootstrap: make CJS loader snapshotable
joyeecheung Dec 13, 2022
6e3d7f8
bootstrap: optimize modules loaded in the built-in snapshot
joyeecheung Dec 13, 2022
c980286
crypto: fix error when getRandomValues is called without arguments
panva Dec 12, 2022
6eede72
crypto: fix CryptoKey WebIDL conformance
panva Dec 12, 2022
b5e1245
test,crypto: update WebCryptoAPI WPT
panva Dec 14, 2022
dfa58c1
doc: remove release cleanup step
targos Dec 16, 2022
e229f06
doc: add backticks to webcrypto rsaOaepParams
panva Dec 16, 2022
53f02cf
test: add CryptoKey transferring tests
panva Dec 16, 2022
c9747f1
crypto: use globalThis.crypto over require('crypto').webcrypto
panva Dec 16, 2022
d500445
doc: reduce likelihood of mismerges during release
richardlau Dec 16, 2022
10367c4
test: update url wpt to latest
anonrig Dec 17, 2022
c5004d4
test_runner: run t.after() if test body throws
cjihrig Dec 17, 2022
71056da
test: update encoding wpt to latest
anonrig Dec 17, 2022
97868be
test: fix mock.method to support class instances
ErickWendel Dec 17, 2022
eff92a6
src: add undici and acorn to `process.versions`
debadree25 Dec 18, 2022
794611a
tools: enforce use of trailing commas in `tools/`
aduh95 Dec 18, 2022
353dab5
meta: update AUTHORS
nodejs-github-bot Dec 18, 2022
95ce16d
test: fix test broken under --node-builtin-modules-path
GeoffreyBooth Dec 18, 2022
cf30fca
doc: add tip for NODE_MODULE
theanarkh Dec 19, 2022
2f898f2
src: fix tls certificate root store data race
bnoordhuis Dec 19, 2022
a89f8c1
doc: fix some history entries in `deprecations.md`
aduh95 Dec 19, 2022
f3bb6a3
node-api: generalize finalizer second pass callback
legendecas Dec 19, 2022
f446af7
tools: update lint-md dependencies
nodejs-github-bot Dec 19, 2022
29f90cf
deps: update timezone to 2022g
nodejs-github-bot Dec 20, 2022
56f3ad1
crypto: fix CryptoKey prototype WPT
panva Dec 14, 2022
97a8e05
test: add all WebCryptoAPI globals to WPTRunner's loadLazyGlobals
panva Dec 14, 2022
f7dba5b
crypto: fix globalThis.crypto this check
panva Dec 16, 2022
c6c0947
test: split parallel fs-watch-recursive tests
anonrig Dec 20, 2022
27d3201
src: check size of args before using for exec_path
awilfox Dec 20, 2022
4454f5f
src: fix UB in overflow checks
bnoordhuis Dec 20, 2022
7bdad94
deps: V8: backport 8ca9f77d0f7c
addaleax Dec 21, 2022
9ed547b
doc: fix wrong output of example in `url.password`
deokjinkim Dec 21, 2022
cf2ff81
benchmark: include webstreams benchmark
RafaelGSS Dec 21, 2022
b995138
src: use CreateEnvironment instead of inlining its code where possible
addaleax Dec 21, 2022
e7b98a3
build: add option to disable shared readonly heap
addaleax Dec 21, 2022
d71883e
os: add availableParallelism()
cjihrig Dec 17, 2022
faf5c23
doc: add parallelism note to os.cpus()
cjihrig Dec 18, 2022
c2ed0cc
src: use string_view for FastStringKey implementation
addaleax Dec 21, 2022
344c5ec
deps: add simdutf dependency
anonrig Nov 30, 2022
ae842a4
util: add fast path for text-decoder fatal flag
anonrig Dec 15, 2022
98fc94a
deps: disable avx512 for simutf on benchmark ci
anonrig Dec 17, 2022
8046e0e
errors: refactor to use a method that formats a list string
daeyeon Dec 23, 2022
ded87f6
src: fix creating `Isolate`s from addons
addaleax Dec 23, 2022
e956956
meta: add `nodejs/test_runner` to CODEOWNERS
aduh95 Dec 23, 2022
1282f7f
tools: update GitHub workflow action
VoltrexKeyva Dec 23, 2022
908f4fa
doc: show output of example in http
deokjinkim Dec 24, 2022
86e30fc
meta: add `nodejs/loaders` to CODEOWNERS
GeoffreyBooth Dec 24, 2022
4457e05
doc: remove port from example in `url.hostname`
deokjinkim Dec 24, 2022
7ea72ee
http: improved timeout defaults handling
ShogunPanda Dec 24, 2022
8e6b8db
net: add autoSelectFamily global getter and setter
ShogunPanda Dec 24, 2022
d8b5b7d
doc: fix typos in packages.md
ericmutta Dec 23, 2022
eaf6b63
doc: update error message of example in repl
deokjinkim Dec 24, 2022
233a66f
build: fix arm64 cross-compile from powershell
StefanStojanovic Dec 24, 2022
05fee67
Revert "deps: disable avx512 for simutf on benchmark ci"
anonrig Dec 24, 2022
fbe399c
buffer: add buffer.isUtf8 for utf8 validation
anonrig Dec 25, 2022
4c08505
process,worker: ensure code after exit() effectless
ywave620 Dec 25, 2022
71cc3b3
doc: replace single executable champion in strategic initiatives doc
RaisinTen Dec 25, 2022
e4323f0
deps: fix updater github workflow job
anonrig Dec 25, 2022
0f5a145
test: print failed JS/parallel tests
GeoffreyBooth Dec 27, 2022
7c518cb
tools: update lint-md-dependencies to rollup@3.8.1
nodejs-github-bot Dec 27, 2022
0a70316
meta: update AUTHORS
nodejs-github-bot Dec 27, 2022
7ae24ab
test_runner: use os.availableParallelism()
cjihrig Dec 27, 2022
e73be1b
deps: update to uvwasi 0.0.14
cjihrig Dec 27, 2022
f968fdb
tools: add url to `AUTHORS` update automation
aduh95 Dec 27, 2022
952e03a
doc: make EventEmitterAsyncResource's `options` as optional
deokjinkim Dec 27, 2022
0552b13
deps: update simdutf to 2.0.9
nodejs-github-bot Dec 27, 2022
db535b6
src: define per-isolate internal bindings registration callback
legendecas Oct 25, 2022
6c5b7e6
src: add worker per-isolate binding initialization
legendecas Nov 29, 2022
bc43922
http: replace `var` with `const` on code of comment
deokjinkim Dec 28, 2022
9251dce
doc: use `os.availableParallelism()` in async_context and cluster
deokjinkim Dec 28, 2022
3d09754
debugger: refactor console in lib/internal/debugger/inspect.js
debadree25 Dec 28, 2022
261d6d0
src: fix crash on OnStreamRead on Windows
santigimeno Dec 28, 2022
0858956
stream: fix typo in JSDoc
deokjinkim Dec 28, 2022
8be1b66
doc: fix wrong output of example in `url.protocol`
deokjinkim Dec 28, 2022
af25c95
src: fix typo in `node_file.cc`
kwarabei Dec 28, 2022
2d49e0e
esm: rewrite loader hooks test
GeoffreyBooth Dec 31, 2022
ab22a8f
stream: refactor to use `validateFunction`
deokjinkim Jan 1, 2023
22a66cf
fs: refactor to use `validateInteger`
deokjinkim Jan 1, 2023
49253e1
doc: use console.error for error case in timers and tls
deokjinkim Jan 1, 2023
2807efa
test: use `process.hrtime.bigint` instead of `process.hrtime`
deokjinkim Jan 1, 2023
9e16406
doc: sort http.createServer() options alphabetically
lpinca Dec 1, 2022
71bf513
deps: patch V8 to 10.8.168.25
targos Dec 28, 2022
28f9089
lib: use `kEmptyObject` as default value for options
deokjinkim Dec 31, 2022
54b748a
async_hooks: refactor to use `validateObject`
deokjinkim Jan 1, 2023
389cc3e
vm: refactor to use `validateStringArray`
deokjinkim Jan 1, 2023
fdda2ff
deps: V8: cherry-pick 30861a39323d
AaronFriel Dec 13, 2022
47cc0e4
events: fix violation of symbol naming convention
deokjinkim Jan 1, 2023
7f1daed
lib: update JSDoc of `getOwnPropertyValueOrDefault`
deokjinkim Jan 1, 2023
54776ff
tools: add release host var to promotion script
ruyadorno Jan 1, 2023
e113d16
doc: update isUtf8 description
anonrig Jan 1, 2023
5a8d125
tools: update doc to unist-util-select@4.0.2
nodejs-github-bot Jan 1, 2023
0f0d22a
tools: update lint-md-dependencies to rollup@3.9.0
nodejs-github-bot Jan 1, 2023
25d0a94
meta: update AUTHORS
nodejs-github-bot Jan 1, 2023
777c551
crypto: ensure exported webcrypto EC keys use uncompressed point format
bnoordhuis Dec 30, 2022
4d62b09
net: handle socket.write(cb) edge case
santigimeno Jan 1, 2023
e58ed6d
2023-01-06, Version 19.4.0 (Current)
RafaelGSS Jan 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
tls: don't treat fatal TLS alerts as EOF 
SSL_RECEIVED_SHUTDOWN means not just close_notify or fatal alert. From
what I can tell, this was just a mistake? OnStreamRead's comment
suggests eof_ was intended to be for close_notify.

This fixes a bug in TLSSocket error reporting that seems to have made it
into existing tests. If we receive a fatal alert, EmitRead(UV_EOF)
would, via onConnectEnd in _tls_wrap.js, synthesize an ECONNRESET before
the alert itself is surfaced. As a result, TLS alerts received during
the handshake are misreported by Node.

See the tests that had to be updated as part of this.

PR-URL: #44563
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
@davidben @targos
davidben authored and targos committed Jan 1, 2023
commit ca9b9b9ce697ab3277495df557b1e6350fa9779b
23 changes: 9 additions & 14 deletions src/crypto/crypto_tls.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -728,30 +728,25 @@ void TLSWrap::ClearOut() {
// change OpenSSL's error queue, modify ssl_, or even destroy ssl_
// altogether.
if (read <= 0) {
int err = SSL_get_error(ssl_.get(), read);
unsigned long ssl_err = ERR_peek_error(); // NOLINT(runtime/int)
const std::string error_str = GetBIOError();

int flags = SSL_get_shutdown(ssl_.get());
if (!eof_ && flags & SSL_RECEIVED_SHUTDOWN) {
eof_ = true;
EmitRead(UV_EOF);
}

HandleScope handle_scope(env()->isolate());
Local<Value> error;
int err = SSL_get_error(ssl_.get(), read);
switch (err) {
case SSL_ERROR_ZERO_RETURN:
// Ignore ZERO_RETURN after EOF, it is basically not an error.
if (eof_) return;
error = env()->zero_return_string();
break;
if (!eof_) {
eof_ = true;
EmitRead(UV_EOF);
}
return;

case SSL_ERROR_SSL:
case SSL_ERROR_SYSCALL:
{
unsigned long ssl_err = ERR_peek_error(); // NOLINT(runtime/int)

Local<Context> context = env()->isolate()->GetCurrentContext();
if (UNLIKELY(context.IsEmpty())) return;
const std::string error_str = GetBIOError();
Local<String> message = OneByteString(
env()->isolate(), error_str.c_str(), error_str.size());
if (UNLIKELY(message.IsEmpty())) return;
Expand Down
3 changes: 1 addition & 2 deletions src/env_properties.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,8 +321,7 @@
V(writable_string, "writable") \
V(write_host_object_string, "_writeHostObject") \
V(write_queue_size_string, "writeQueueSize") \
V(x_forwarded_string, "x-forwarded-for") \
V(zero_return_string, "ZERO_RETURN")
V(x_forwarded_string, "x-forwarded-for")

#define PER_ISOLATE_TEMPLATE_PROPERTIES(V) \
V(async_wrap_ctor_template, v8::FunctionTemplate) \
Expand Down
3 changes: 2 additions & 1 deletion test/parallel/test-tls-client-auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@ connect({
}, function(err, pair, cleanup) {
assert.strictEqual(pair.server.err.code,
'ERR_SSL_PEER_DID_NOT_RETURN_A_CERTIFICATE');
assert.strictEqual(pair.client.err.code, 'ECONNRESET');
assert.strictEqual(pair.client.err.code,
'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
return cleanup();
});

Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-tls-empty-sni-context.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,6 @@ const server = tls.createServer(options, (c) => {
}, common.mustNotCall());

c.on('error', common.mustCall((err) => {
assert.match(err.message, /Client network socket disconnected/);
assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
}));
}));
43 changes: 28 additions & 15 deletions test/parallel/test-tls-min-max-version.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,23 +120,27 @@ test(U, U, 'TLS_method', U, U, 'TLSv1_2_method', 'TLSv1.2');
test(U, U, 'TLS_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
test(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1');

// OpenSSL 1.1.1 and 3.0 use a different error code and alert (sent to the
// client) when no protocols are enabled on the server.
const NO_PROTOCOLS_AVAILABLE_SERVER = common.hasOpenSSL3 ?
'ERR_SSL_NO_PROTOCOLS_AVAILABLE' : 'ERR_SSL_INTERNAL_ERROR';
const NO_PROTOCOLS_AVAILABLE_SERVER_ALERT = common.hasOpenSSL3 ?
'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION' : 'ERR_SSL_TLSV1_ALERT_INTERNAL_ERROR';

// SSLv23 also means "any supported protocol" greater than the default
// minimum (which is configurable via command line).
if (DEFAULT_MIN_VERSION === 'TLSv1.3') {
test(U, U, 'TLSv1_2_method', U, U, 'SSLv23_method',
U, 'ECONNRESET', common.hasOpenSSL3 ?
'ERR_SSL_NO_PROTOCOLS_AVAILABLE' : 'ERR_SSL_INTERNAL_ERROR');
U, NO_PROTOCOLS_AVAILABLE_SERVER_ALERT, NO_PROTOCOLS_AVAILABLE_SERVER);
} else {
test(U, U, 'TLSv1_2_method', U, U, 'SSLv23_method', 'TLSv1.2');
}

if (DEFAULT_MIN_VERSION === 'TLSv1.3') {
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
U, 'ECONNRESET', common.hasOpenSSL3 ?
'ERR_SSL_NO_PROTOCOLS_AVAILABLE' : 'ERR_SSL_INTERNAL_ERROR');
U, NO_PROTOCOLS_AVAILABLE_SERVER_ALERT, NO_PROTOCOLS_AVAILABLE_SERVER);
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
U, 'ECONNRESET', common.hasOpenSSL3 ?
'ERR_SSL_NO_PROTOCOLS_AVAILABLE' : 'ERR_SSL_INTERNAL_ERROR');
U, NO_PROTOCOLS_AVAILABLE_SERVER_ALERT, NO_PROTOCOLS_AVAILABLE_SERVER);
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
U, 'ERR_SSL_NO_PROTOCOLS_AVAILABLE', 'ERR_SSL_UNEXPECTED_MESSAGE');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
Expand All @@ -145,9 +149,11 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.3') {

if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
Expand All @@ -157,7 +163,8 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1');
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
Expand All @@ -179,9 +186,11 @@ test(U, U, 'TLSv1_method', U, U, 'TLSv1_method', 'TLSv1');
// The default default.
if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
test(U, U, 'TLSv1_1_method', U, U, U,
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'TLSv1_method', U, U, U,
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');

if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
test(U, U, U, U, U, 'TLSv1_1_method',
Expand All @@ -191,17 +200,20 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
} else {
// TLS1.3 client hellos are are not understood by TLS1.1 or below.
test(U, U, U, U, U, 'TLSv1_1_method',
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, U, U, U, 'TLSv1_method',
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
}
}

// The default with --tls-v1.1.
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1');
test(U, U, 'TLSv1_method', U, U, U,
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1');

if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
Expand All @@ -210,7 +222,8 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
} else {
// TLS1.3 client hellos are are not understood by TLS1.1 or below.
test(U, U, U, U, U, 'TLSv1_method',
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
}
}

Expand Down
12 changes: 5 additions & 7 deletions test/parallel/test-tls-psk-circuit.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,24 +49,22 @@ function test(secret, opts, error) {
} else {
const client = tls.connect(options, common.mustNotCall());
client.on('error', common.mustCall((err) => {
assert.strictEqual(err.message, error);
assert.strictEqual(err.code, error);
server.close();
}));
}
}));
}

const DISCONNECT_MESSAGE =
'Client network socket disconnected before ' +
'secure TLS connection was established';

test({ psk: USERS.UserA, identity: 'UserA' });
test({ psk: USERS.UserA, identity: 'UserA' }, { maxVersion: 'TLSv1.2' });
test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' });
test({ psk: USERS.UserB, identity: 'UserB' });
test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
// Unrecognized user should fail handshake
test({ psk: USERS.UserB, identity: 'UserC' }, {}, DISCONNECT_MESSAGE);
test({ psk: USERS.UserB, identity: 'UserC' }, {},
'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
// Recognized user but incorrect secret should fail handshake
test({ psk: USERS.UserA, identity: 'UserB' }, {}, DISCONNECT_MESSAGE);
test({ psk: USERS.UserA, identity: 'UserB' }, {},
'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER');
test({ psk: USERS.UserB, identity: 'UserB' });
9 changes: 5 additions & 4 deletions test/parallel/test-tls-set-ciphers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,12 +88,13 @@ test('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');

// Do not have shared ciphers.
test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');

test('AES128-SHA', 'AES256-SHA', U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
'ERR_SSL_NO_SHARED_CIPHER');
test('AES128-SHA:TLS_AES_256_GCM_SHA384',
'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');

// Cipher order ignored, TLS1.3 chosen before TLS1.2.
test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
Expand All @@ -109,7 +110,7 @@ test(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' })
// TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
// default, but work.
test('TLS_AES_128_CCM_8_SHA256', U,
U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');

test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
'TLS_AES_128_CCM_8_SHA256');
Expand Down