test: make tls-socket-default-options tests run

Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: https://github.com/nodejs/node/issues/10538
PR-URL: https://github.com/nodejs/node/pull/11005
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>

test/parallel/test-tls-socket-default-options.js

@@ -1,55 +1,59 @@
 'use strict';
 const common = require('../common');
+
+// Test a directly created TLS socket supports no options, and empty options.
+
 const assert = require('assert');
+const join = require('path').join;
+const {
+  connect, keys, tls
+} = require(join(common.fixturesDir, 'tls-connect'));
 
 if (!common.hasCrypto) {
   common.skip('missing crypto');
   return;
 }
-const tls = require('tls');
 
-const fs = require('fs');
+test(undefined, (err) => {
+  assert.strictEqual(err.message, 'unable to verify the first certificate');
+});
 
-const sent = 'hello world';
+test({}, (err) => {
+  assert.strictEqual(err.message, 'unable to verify the first certificate');
+});
 
-const serverOptions = {
+test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => {
-  isServer: true,
+  assert.ifError(err);
-  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
+});
-  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
-};
 
-function testSocketOptions(socket, socketOptions) {
+function test(client, callback) {
-  let received = '';
+  callback = common.mustCall(callback);
-  const server = tls.createServer(serverOptions, function(s) {
+  connect({
-    s.on('data', function(chunk) {
+    server: {
-      received += chunk;
+      key: keys.agent1.key,
-    });
+      cert: keys.agent1.cert,
+    },
+  }, function(err, pair, cleanup) {
+    assert.strictEqual(err.message, 'unable to verify the first certificate');
+    let recv = '';
+    pair.server.server.once('secureConnection', common.mustCall((conn) => {
+      conn.on('data', (data) => recv += data);
+      conn.on('end', common.mustCall(() => {
+        // Server sees nothing wrong with connection, even though the client's
+        // authentication of the server cert failed.
+        assert.strictEqual(recv, 'hello');
+        cleanup();
+      }));
+    }));
 
-    s.on('end', function() {
+    // Client doesn't support the 'secureConnect' event, and doesn't error if
-      server.close();
+    // authentication failed. Caller must explicitly check for failure.
-      s.destroy();
+    (new tls.TLSSocket(null, client)).connect(pair.server.server.address().port)
-      assert.strictEqual(received, sent);
+      .on('connect', common.mustCall(function() {
-      setImmediate(runTests);
+        this.end('hello');
-    });
+      }))
-  }).listen(0, function() {
+      .on('secure', common.mustCall(function() {
-    const c = new tls.TLSSocket(socket, socketOptions);
+        callback(this.ssl.verifyError());
-    c.connect(this.address().port, function() {
+      }));
-      c.end(sent);
-    });
   });
-
 }
-
-const testArgs = [
-  [],
-  [undefined, {}]
-];
-
-let n = 0;
-function runTests() {
-  if (n++ < testArgs.length) {
-    testSocketOptions.apply(null, testArgs[n]);
-  }
-}
-
-runTests();