test: revise test-tls-econnreset for OpenSSL 1.1.0
This test is testing what happens to the server if the client shuts off the connection (so the server sees ECONNRESET), but the way it does it is convoluted. It uses a static RSA key exchange with a tiny (384-bit) RSA key. The server doesn't notice (since it is static RSA, the client acts on the key first), so the client tries to encrypt a premaster and fails: rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size SSL routines:ssl3_send_client_key_exchange:bad rsa encrypt OpenSSL happens not to send an alert in this case, so we get ECONNRESET with no alert. This is quite fragile and, notably, breaks in OpenSSL 1.1.0 now that small RSA keys are rejected by libssl. Instead, test by just connecting a TCP socket and immediately closing it. PR-URL: https://github.com/nodejs/node/pull/16130 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
This commit is contained in:
parent
00872a851f
commit
b54a4d871f
@ -25,72 +25,28 @@ if (!common.hasCrypto)
|
||||
common.skip('missing crypto');
|
||||
|
||||
const assert = require('assert');
|
||||
const fixtures = require('../common/fixtures');
|
||||
const net = require('net');
|
||||
const tls = require('tls');
|
||||
|
||||
const cacert =
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIBxTCCAX8CAnXnMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
|
||||
VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQU3Ryb25n
|
||||
TG9vcCwgSW5jLjESMBAGA1UECxMJU3Ryb25nT3BzMRowGAYDVQQDExFjYS5zdHJv
|
||||
bmdsb29wLmNvbTAeFw0xNDAxMTcyMjE1MDdaFw00MTA2MDMyMjE1MDdaMH0xCzAJ
|
||||
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZ
|
||||
MBcGA1UEChMQU3Ryb25nTG9vcCwgSW5jLjESMBAGA1UECxMJU3Ryb25nT3BzMRow
|
||||
GAYDVQQDExFjYS5zdHJvbmdsb29wLmNvbTBMMA0GCSqGSIb3DQEBAQUAAzsAMDgC
|
||||
MQDKbQ6rIR5t1q1v4Ha36jrq0IkyUohy9EYNvLnXUly1PGqxby0ILlAVJ8JawpY9
|
||||
AVkCAwEAATANBgkqhkiG9w0BAQUFAAMxALA1uS4CqQXRSAyYTfio5oyLGz71a+NM
|
||||
+0AFLBwh5AQjhGd0FcenU4OfHxyDEOJT/Q==
|
||||
-----END CERTIFICATE-----`;
|
||||
|
||||
const cert =
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIBfDCCATYCAgQaMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
|
||||
VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQU3Ryb25n
|
||||
TG9vcCwgSW5jLjESMBAGA1UECxMJU3Ryb25nT3BzMRowGAYDVQQDExFjYS5zdHJv
|
||||
bmdsb29wLmNvbTAeFw0xNDAxMTcyMjE1MDdaFw00MTA2MDMyMjE1MDdaMBkxFzAV
|
||||
BgNVBAMTDnN0cm9uZ2xvb3AuY29tMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMfk
|
||||
I0LWU15pPUwIQNMnRVhhOibi0TQmAau8FBtgwEfGK01WpfGUaJr1a41K8Uq7xwID
|
||||
AQABoxkwFzAVBgNVHREEDjAMhwQAAAAAhwR/AAABMA0GCSqGSIb3DQEBBQUAAzEA
|
||||
cGpYrhkrb7mIh9DNhV0qp7pGjqBzlHqB7KQXw2luLDp//6dyHBMexDCQznkhZKRU
|
||||
-----END CERTIFICATE-----`;
|
||||
|
||||
const key =
|
||||
`-----BEGIN RSA PRIVATE KEY-----
|
||||
MIH0AgEAAjEAx+QjQtZTXmk9TAhA0ydFWGE6JuLRNCYBq7wUG2DAR8YrTVal8ZRo
|
||||
mvVrjUrxSrvHAgMBAAECMBCGccvSwC2r8Z9Zh1JtirQVxaL1WWpAQfmVwLe0bAgg
|
||||
/JWMU/6hS36TsYyZMxwswQIZAPTAfht/zDLb7Hwgu2twsS1Ra9w/yyvtlwIZANET
|
||||
26votwJAHK1yUrZGA5nnp5qcmQ/JUQIZAII5YV/UUZvF9D/fUplJ7puENPWNY9bN
|
||||
pQIZAMMwxuS3XiO7two2sQF6W+JTYyX1DPCwAQIZAOYg1TvEGT38k8e8jygv8E8w
|
||||
YqrWTeQFNQ==
|
||||
-----END RSA PRIVATE KEY-----`;
|
||||
|
||||
const ca = [ cert, cacert ];
|
||||
|
||||
let clientError = null;
|
||||
let connectError = null;
|
||||
|
||||
const server = tls.createServer({ ca: ca, cert: cert, key: key }, () => {
|
||||
assert.fail('should be unreachable');
|
||||
}).on('tlsClientError', function(err, conn) {
|
||||
const server = tls.createServer({
|
||||
cert: fixtures.readKey('agent1-cert.pem'),
|
||||
key: fixtures.readKey('agent1-key.pem'),
|
||||
}, common.mustNotCall()).on('tlsClientError', function(err, conn) {
|
||||
assert(!clientError && conn);
|
||||
clientError = err;
|
||||
server.close();
|
||||
}).listen(0, function() {
|
||||
const options = {
|
||||
ciphers: 'AES128-GCM-SHA256',
|
||||
port: this.address().port,
|
||||
ca: ca
|
||||
};
|
||||
tls.connect(options).on('error', function(err) {
|
||||
assert(!connectError);
|
||||
|
||||
connectError = err;
|
||||
net.connect(this.address().port, function() {
|
||||
// Destroy the socket once it is connected, so the server sees ECONNRESET.
|
||||
this.destroy();
|
||||
server.close();
|
||||
}).write('123');
|
||||
}).on('error', common.mustNotCall());
|
||||
});
|
||||
|
||||
process.on('exit', function() {
|
||||
assert(clientError);
|
||||
assert(connectError);
|
||||
assert(/socket hang up/.test(clientError.message));
|
||||
assert(/ECONNRESET/.test(clientError.code));
|
||||
});
|
||||
|
Loading…
x
Reference in New Issue
Block a user