test: rework to remove flakiness, and be parallel
Let .end() propogate from client, to server, and back, before considering the test complete. Also, remove the test vector and exit handling in favour of running all the tests in parallel and using common.must/mustNotCall(). PR-URL: https://github.com/nodejs/node/pull/27300 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
This commit is contained in:
parent
f0df222e82
commit
6bbb9ebf8d
@ -69,114 +69,106 @@ const SNIContexts = {
|
||||
}
|
||||
};
|
||||
|
||||
const clientsOptions = [{
|
||||
test({
|
||||
port: undefined,
|
||||
key: loadPEM('agent1-key'),
|
||||
cert: loadPEM('agent1-cert'),
|
||||
ca: [loadPEM('ca1-cert')],
|
||||
servername: 'a.example.com',
|
||||
rejectUnauthorized: false
|
||||
}, {
|
||||
},
|
||||
true,
|
||||
{ sni: 'a.example.com', authorized: false },
|
||||
null,
|
||||
null);
|
||||
|
||||
test({
|
||||
port: undefined,
|
||||
key: loadPEM('agent4-key'),
|
||||
cert: loadPEM('agent4-cert'),
|
||||
ca: [loadPEM('ca1-cert')],
|
||||
servername: 'a.example.com',
|
||||
rejectUnauthorized: false
|
||||
}, {
|
||||
},
|
||||
true,
|
||||
{ sni: 'a.example.com', authorized: true },
|
||||
null,
|
||||
null);
|
||||
|
||||
test({
|
||||
port: undefined,
|
||||
key: loadPEM('agent2-key'),
|
||||
cert: loadPEM('agent2-cert'),
|
||||
ca: [loadPEM('ca2-cert')],
|
||||
servername: 'b.example.com',
|
||||
rejectUnauthorized: false
|
||||
}, {
|
||||
},
|
||||
true,
|
||||
{ sni: 'b.example.com', authorized: false },
|
||||
null,
|
||||
null);
|
||||
|
||||
test({
|
||||
port: undefined,
|
||||
key: loadPEM('agent3-key'),
|
||||
cert: loadPEM('agent3-cert'),
|
||||
ca: [loadPEM('ca1-cert')],
|
||||
servername: 'c.wrong.com',
|
||||
rejectUnauthorized: false
|
||||
}, {
|
||||
},
|
||||
false,
|
||||
{ sni: 'c.wrong.com', authorized: false },
|
||||
null,
|
||||
null);
|
||||
|
||||
test({
|
||||
port: undefined,
|
||||
key: loadPEM('agent3-key'),
|
||||
cert: loadPEM('agent3-cert'),
|
||||
ca: [loadPEM('ca1-cert')],
|
||||
servername: 'c.another.com',
|
||||
rejectUnauthorized: false
|
||||
}];
|
||||
},
|
||||
false,
|
||||
null,
|
||||
'Client network socket disconnected before secure TLS ' +
|
||||
'connection was established',
|
||||
'Invalid SNI context');
|
||||
|
||||
const serverResults = [];
|
||||
const clientResults = [];
|
||||
const serverErrors = [];
|
||||
const clientErrors = [];
|
||||
let serverError;
|
||||
let clientError;
|
||||
function test(options, clientResult, serverResult, clientError, serverError) {
|
||||
const server = tls.createServer(serverOptions, (c) => {
|
||||
assert.deepStrictEqual(
|
||||
{ sni: c.servername, authorized: c.authorized },
|
||||
serverResult
|
||||
);
|
||||
});
|
||||
|
||||
const server = tls.createServer(serverOptions, function(c) {
|
||||
serverResults.push({ sni: c.servername, authorized: c.authorized });
|
||||
c.end();
|
||||
});
|
||||
|
||||
server.on('tlsClientError', function(err) {
|
||||
serverResults.push(null);
|
||||
serverError = err.message;
|
||||
});
|
||||
|
||||
server.listen(0, startTest);
|
||||
|
||||
function startTest() {
|
||||
function connectClient(i, callback) {
|
||||
const options = clientsOptions[i];
|
||||
clientError = null;
|
||||
serverError = null;
|
||||
|
||||
options.port = server.address().port;
|
||||
const client = tls.connect(options, function() {
|
||||
clientResults.push(
|
||||
client.authorizationError &&
|
||||
(client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID'));
|
||||
|
||||
next();
|
||||
});
|
||||
|
||||
client.on('error', function(err) {
|
||||
clientResults.push(false);
|
||||
clientError = err.message;
|
||||
next();
|
||||
});
|
||||
|
||||
function next() {
|
||||
clientErrors.push(clientError);
|
||||
serverErrors.push(serverError);
|
||||
|
||||
if (i === clientsOptions.length - 1)
|
||||
callback();
|
||||
else
|
||||
connectClient(i + 1, callback);
|
||||
}
|
||||
if (serverResult) {
|
||||
assert(!serverError);
|
||||
server.on('tlsClientError', common.mustNotCall());
|
||||
} else {
|
||||
assert(serverError);
|
||||
server.on('tlsClientError', common.mustCall((err) => {
|
||||
assert.strictEqual(err.message, serverError);
|
||||
}));
|
||||
}
|
||||
|
||||
connectClient(0, function() {
|
||||
server.close();
|
||||
server.listen(0, () => {
|
||||
options.port = server.address().port;
|
||||
const client = tls.connect(options, () => {
|
||||
const result = client.authorizationError &&
|
||||
(client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID');
|
||||
assert.strictEqual(result, clientResult);
|
||||
client.end();
|
||||
});
|
||||
|
||||
client.on('close', common.mustCall(() => server.close()));
|
||||
|
||||
if (clientError)
|
||||
client.on('error', common.mustCall((err) => {
|
||||
assert.strictEqual(err.message, clientError);
|
||||
}));
|
||||
else
|
||||
client.on('error', common.mustNotCall());
|
||||
});
|
||||
}
|
||||
|
||||
process.on('exit', function() {
|
||||
assert.deepStrictEqual(serverResults, [
|
||||
{ sni: 'a.example.com', authorized: false },
|
||||
{ sni: 'a.example.com', authorized: true },
|
||||
{ sni: 'b.example.com', authorized: false },
|
||||
{ sni: 'c.wrong.com', authorized: false },
|
||||
null
|
||||
]);
|
||||
assert.deepStrictEqual(clientResults, [true, true, true, false, false]);
|
||||
assert.deepStrictEqual(clientErrors, [
|
||||
null, null, null, null,
|
||||
'Client network socket disconnected before secure TLS ' +
|
||||
'connection was established'
|
||||
]);
|
||||
assert.deepStrictEqual(serverErrors, [
|
||||
null, null, null, null, 'Invalid SNI context'
|
||||
]);
|
||||
});
|
||||
|
Loading…
x
Reference in New Issue
Block a user