1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

test: do not race connection and rejection

Browse Source 
Existing code assumed that the server completed the handshake before the
client rejected the certificate, and destroyed the socket. This
assumption is fragile, remove it, and instead check explicitly that data
can or cannot be exchanged via TLS, whichever is expected.

PR-URL: https://github.com/nodejs/node/pull/25508
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Sam Roberts 2019-01-09 14:03:31 -08:00
parent 426a87025b
commit 1316b7652a
1 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
test/parallel/test-tls-client-reject.js
View File

@ -33,49 +33,57 @@ const options = {
cert: fixtures.readSync('test_cert.pem') cert: fixtures.readSync('test_cert.pem')
}; };
const server = tls.createServer(options, common.mustCall(function(socket) { const server = tls.createServer(options, function(socket) {
socket.on('data', function(data) { socket.pipe(socket);
console.error(data.toString()); socket.on('end', () => socket.end());
assert.strictEqual(data.toString(), 'ok'); }).listen(0, common.mustCall(function() {
});
}, 3)).listen(0, function() {
unauthorized(); unauthorized();
}); }));
function unauthorized() { function unauthorized() {
console.log('connect unauthorized');
const socket = tls.connect({ const socket = tls.connect({
port: server.address().port, port: server.address().port,
servername: 'localhost', servername: 'localhost',
rejectUnauthorized: false rejectUnauthorized: false
}, common.mustCall(function() { }, common.mustCall(function() {
console.log('... unauthorized');
assert(!socket.authorized); assert(!socket.authorized);
socket.end(); socket.on('data', common.mustCall((data) => {
rejectUnauthorized(); assert.strictEqual(data.toString(), 'ok');
}));
socket.on('end', () => rejectUnauthorized());
})); }));
socket.on('error', common.mustNotCall()); socket.on('error', common.mustNotCall());
socket.write('ok'); socket.end('ok');
} }
function rejectUnauthorized() { function rejectUnauthorized() {
console.log('reject unauthorized');
const socket = tls.connect(server.address().port, { const socket = tls.connect(server.address().port, {
servername: 'localhost' servername: 'localhost'
}, common.mustNotCall()); }, common.mustNotCall());
socket.on('data', common.mustNotCall());
socket.on('error', common.mustCall(function(err) { socket.on('error', common.mustCall(function(err) {
console.error(err); console.log('... rejected:', err);
authorized(); authorized();
})); }));
socket.write('ng'); socket.end('ng');
} }
function authorized() { function authorized() {
console.log('connect authorized');
const socket = tls.connect(server.address().port, { const socket = tls.connect(server.address().port, {
ca: [fixtures.readSync('test_cert.pem')], ca: [fixtures.readSync('test_cert.pem')],
servername: 'localhost' servername: 'localhost'
}, common.mustCall(function() { }, common.mustCall(function() {
console.log('... authorized');
assert(socket.authorized); assert(socket.authorized);
socket.end(); socket.on('data', common.mustCall((data) => {
server.close(); assert.strictEqual(data.toString(), 'ok');
}));
socket.on('end', () => server.close());
})); }));
socket.on('error', common.mustNotCall()); socket.on('error', common.mustNotCall());
socket.write('ok'); socket.end('ok');
} }