From bd947def9b4b2e8434dc8ad28fd271ccab46ec0d Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 16 Jan 2017 15:24:28 -0800 Subject: [PATCH] test: make tls-socket-default-options tests run Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: https://github.com/nodejs/node/issues/10538 PR-URL: https://github.com/nodejs/node/pull/11005 Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell --- .../test-tls-socket-default-options.js | 84 ++++++++++--------- 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/test/parallel/test-tls-socket-default-options.js b/test/parallel/test-tls-socket-default-options.js index dd62a41090c..b4c5a9754eb 100644 --- a/test/parallel/test-tls-socket-default-options.js +++ b/test/parallel/test-tls-socket-default-options.js @@ -1,55 +1,59 @@ 'use strict'; const common = require('../common'); + +// Test a directly created TLS socket supports no options, and empty options. + const assert = require('assert'); +const join = require('path').join; +const { + connect, keys, tls +} = require(join(common.fixturesDir, 'tls-connect')); if (!common.hasCrypto) { common.skip('missing crypto'); return; } -const tls = require('tls'); -const fs = require('fs'); +test(undefined, (err) => { + assert.strictEqual(err.message, 'unable to verify the first certificate'); +}); -const sent = 'hello world'; +test({}, (err) => { + assert.strictEqual(err.message, 'unable to verify the first certificate'); +}); -const serverOptions = { - isServer: true, - key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), - cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') -}; +test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => { + assert.ifError(err); +}); -function testSocketOptions(socket, socketOptions) { - let received = ''; - const server = tls.createServer(serverOptions, function(s) { - s.on('data', function(chunk) { - received += chunk; - }); +function test(client, callback) { + callback = common.mustCall(callback); + connect({ + server: { + key: keys.agent1.key, + cert: keys.agent1.cert, + }, + }, function(err, pair, cleanup) { + assert.strictEqual(err.message, 'unable to verify the first certificate'); + let recv = ''; + pair.server.server.once('secureConnection', common.mustCall((conn) => { + conn.on('data', (data) => recv += data); + conn.on('end', common.mustCall(() => { + // Server sees nothing wrong with connection, even though the client's + // authentication of the server cert failed. + assert.strictEqual(recv, 'hello'); + cleanup(); + })); + })); - s.on('end', function() { - server.close(); - s.destroy(); - assert.strictEqual(received, sent); - setImmediate(runTests); - }); - }).listen(0, function() { - const c = new tls.TLSSocket(socket, socketOptions); - c.connect(this.address().port, function() { - c.end(sent); - }); + // Client doesn't support the 'secureConnect' event, and doesn't error if + // authentication failed. Caller must explicitly check for failure. + (new tls.TLSSocket(null, client)).connect(pair.server.server.address().port) + .on('connect', common.mustCall(function() { + this.end('hello'); + })) + .on('secure', common.mustCall(function() { + callback(this.ssl.verifyError()); + })); }); - } - -const testArgs = [ - [], - [undefined, {}] -]; - -let n = 0; -function runTests() { - if (n++ < testArgs.length) { - testSocketOptions.apply(null, testArgs[n]); - } -} - -runTests();