From 3ccfeb483df5a6402da9b40346a7eb33cfb4b70a Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 29 Jun 2017 19:20:11 -0400 Subject: [PATCH] tls: migrate tls.js to use internal/errors.js Migrate tls.js to use internal/errors.js as per https://github.com/nodejs/node/issues/11273 PR-URL: https://github.com/nodejs/node/pull/13994 Reviewed-By: James M Snell Reviewed-By: Refael Ackermann Reviewed-By: Joyee Cheung Reviewed-By: Matteo Collina --- lib/internal/errors.js | 2 ++ lib/tls.js | 4 ++-- test/parallel/test-https-strict.js | 17 ++++------------- test/parallel/test-internal-errors.js | 6 ++++++ test/parallel/test-tls-client-verify.js | 3 +-- test/parallel/test-tls-sni-option.js | 3 ++- test/parallel/test-tls-sni-server-client.js | 2 +- 7 files changed, 18 insertions(+), 19 deletions(-) diff --git a/lib/internal/errors.js b/lib/internal/errors.js index b7020c13ef8925..7508907939c022 100644 --- a/lib/internal/errors.js +++ b/lib/internal/errors.js @@ -174,6 +174,8 @@ E('ERR_SOCKET_DGRAM_NOT_RUNNING', 'Not running'); E('ERR_STDERR_CLOSE', 'process.stderr cannot be closed'); E('ERR_STDOUT_CLOSE', 'process.stdout cannot be closed'); E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode'); +E('ERR_TLS_CERT_ALTNAME_INVALID', + 'Hostname/IP does not match certificate\'s altnames: %s'); E('ERR_TRANSFORM_ALREADY_TRANSFORMING', 'Calling transform done when still transforming'); E('ERR_TRANSFORM_WITH_LENGTH_0', diff --git a/lib/tls.js b/lib/tls.js index d89f241383d2e5..30525a254c52bc 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -21,6 +21,7 @@ 'use strict'; +const errors = require('internal/errors'); const internalUtil = require('internal/util'); internalUtil.assertCrypto(); @@ -219,8 +220,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) { } if (!valid) { - const err = new Error( - `Hostname/IP doesn't match certificate's altnames: "${reason}"`); + const err = new errors.Error('ERR_TLS_CERT_ALTNAME_INVALID', reason); err.reason = reason; err.host = host; err.cert = cert; diff --git a/test/parallel/test-https-strict.js b/test/parallel/test-https-strict.js index 060151332d2768..7c2f64098fff3e 100644 --- a/test/parallel/test-https-strict.js +++ b/test/parallel/test-https-strict.js @@ -170,13 +170,9 @@ function allListening() { // server1: host 'agent1', signed by ca1 makeReq('/inv1', port1, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'); - makeReq('/inv1-ca1', port1, - 'Hostname/IP doesn\'t match certificate\'s altnames: ' + - '"Host: localhost. is not cert\'s CN: agent1"', + makeReq('/inv1-ca1', port1, 'ERR_TLS_CERT_ALTNAME_INVALID', null, ca1); - makeReq('/inv1-ca1ca2', port1, - 'Hostname/IP doesn\'t match certificate\'s altnames: ' + - '"Host: localhost. is not cert\'s CN: agent1"', + makeReq('/inv1-ca1ca2', port1, 'ERR_TLS_CERT_ALTNAME_INVALID', null, [ca1, ca2]); makeReq('/val1-ca1', port1, null, 'agent1', ca1); makeReq('/val1-ca1ca2', port1, null, 'agent1', [ca1, ca2]); @@ -193,13 +189,8 @@ function allListening() { // server3: host 'agent3', signed by ca2 makeReq('/inv3', port3, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'); - makeReq('/inv3-ca2', port3, - 'Hostname/IP doesn\'t match certificate\'s altnames: ' + - '"Host: localhost. is not cert\'s CN: agent3"', - null, ca2); - makeReq('/inv3-ca1ca2', port3, - 'Hostname/IP doesn\'t match certificate\'s altnames: ' + - '"Host: localhost. is not cert\'s CN: agent3"', + makeReq('/inv3-ca2', port3, 'ERR_TLS_CERT_ALTNAME_INVALID', null, ca2); + makeReq('/inv3-ca1ca2', port3, 'ERR_TLS_CERT_ALTNAME_INVALID', null, [ca1, ca2]); makeReq('/val3-ca2', port3, null, 'agent3', ca2); makeReq('/val3-ca1ca2', port3, null, 'agent3', [ca1, ca2]); diff --git a/test/parallel/test-internal-errors.js b/test/parallel/test-internal-errors.js index 8e06bab34944a1..4fb99d8fa332e6 100644 --- a/test/parallel/test-internal-errors.js +++ b/test/parallel/test-internal-errors.js @@ -229,3 +229,9 @@ assert.throws( code: 'ERR_ASSERTION', message: /^At least one arg needs to be specified$/ })); + + +// Test ERR_TLS_CERT_ALTNAME_INVALID +assert.strictEqual( + errors.message('ERR_TLS_CERT_ALTNAME_INVALID', ['altname']), + 'Hostname/IP does not match certificate\'s altnames: altname'); diff --git a/test/parallel/test-tls-client-verify.js b/test/parallel/test-tls-client-verify.js index 217185166584a4..097ec264e799bf 100644 --- a/test/parallel/test-tls-client-verify.js +++ b/test/parallel/test-tls-client-verify.js @@ -29,7 +29,6 @@ const fs = require('fs'); const path = require('path'); const tls = require('tls'); -const hosterr = /Hostname\/IP doesn't match certificate's altnames/; const testCases = [{ ca: ['ca1-cert'], key: 'agent2-key', @@ -101,7 +100,7 @@ function testServers(index, servers, clientOptions, cb) { clientOptions.port = this.address().port; const client = tls.connect(clientOptions, common.mustCall(function() { const authorized = client.authorized || - hosterr.test(client.authorizationError); + (client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID'); console.error(`expected: ${ok} authed: ${authorized}`); diff --git a/test/parallel/test-tls-sni-option.js b/test/parallel/test-tls-sni-option.js index f744b6db54c9ce..c211b695d46b4f 100644 --- a/test/parallel/test-tls-sni-option.js +++ b/test/parallel/test-tls-sni-option.js @@ -141,7 +141,8 @@ function startTest() { options.port = server.address().port; const client = tls.connect(options, function() { clientResults.push( - /Hostname\/IP doesn't/.test(client.authorizationError || '')); + client.authorizationError && + (client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID')); client.destroy(); next(); diff --git a/test/parallel/test-tls-sni-server-client.js b/test/parallel/test-tls-sni-server-client.js index 83fd50c06603d1..14ad9e7c835ceb 100644 --- a/test/parallel/test-tls-sni-server-client.js +++ b/test/parallel/test-tls-sni-server-client.js @@ -113,7 +113,7 @@ function startTest() { const client = tls.connect(options, function() { clientResults.push( client.authorizationError && - /Hostname\/IP doesn't/.test(client.authorizationError)); + (client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID')); client.destroy(); // Continue