Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: wrap ssl errors in ECONNRESET #54492

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

tls: wrap ssl errors in ECONNRESET #54492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion lib/_tls_wrap.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,19 @@ function onerror(err) {
// Set closing the socket after emitting an event since the socket needs to
// be accessible when the `tlsClientError` event is emitted.
owner._closeAfterHandlingError = true;
owner.destroy(err);

this._hadError = true;
const error = new ConnResetException('Client network socket disconnected ' +
'before secure TLS connection was ' +
'established', { cause: err });
const options = owner[kConnectOptions];
if (options) {
error.path = options.path;
error.host = options.host;
error.port = options.port;
error.localAddress = options.localAddress;
}
owner.destroy(error);
} else if (owner._tlsOptions?.isServer &&
owner._rejectUnauthorized &&
/peer did not return a certificate/.test(err.message)) {
Expand Down
4 changes: 2 additions & 2 deletions lib/internal/errors.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -829,8 +829,8 @@ class DNSException extends Error {
}

class ConnResetException extends Error {
constructor(msg) {
super(msg);
constructor(msg, opts) {
super(msg, opts);
this.code = 'ECONNRESET';
}

Expand Down
12 changes: 10 additions & 2 deletions test/parallel/test-tls-min-max-version.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
'use strict';

Check failure on line 1 in test/parallel/test-tls-min-max-version.js

View workflow job for this annotation

GitHub Actions / test-linux 

--- stderr ---
(node:176068) [DEP0060] DeprecationWarning: The `util._extend` API is deprecated. Please use Object.assign() instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
node:assert:126
  throw new AssertionError(obj);
  ^

AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
+ actual - expected

+ 'ECONNRESET'
- 'ERR_SSL_WRONG_VERSION_NUMBER'
    at /home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:75:18
    at /home/runner/work/node/node/test/common/index.js:488:15
    at /home/runner/work/node/node/test/common/index.js:488:15
    at maybeCallback (/home/runner/work/node/node/test/fixtures/tls-connect.js:97:7)
    at Server.<anonymous> (/home/runner/work/node/node/test/fixtures/tls-connect.js:84:7)
    at Server.emit (node:events:520:28)
    at TLSSocket.onSocketTLSError (node:_tls_wrap:1221:29)
    at TLSSocket.emit (node:events:520:28)
    at TLSSocket._tlsError (node:_tls_wrap:1050:8)
    at TLSSocket.emit (node:events:520:28) {
  generatedMessage: true,
  code: 'ERR_ASSERTION',
  actual: 'ECONNRESET',
  expected: 'ERR_SSL_WRONG_VERSION_NUMBER',
  operator: 'strictEqual'
}

Node.js v23.0.0-pre
--- stdout ---
test: U U U U U SSLv2_method U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:98:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U U SSLv3_method U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:100:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U U hokey-pokey U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:108:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U U %s_method U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:113:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U TLSv1.2 TLS1_2_method U expect U U ERR_TLS_PROTOCOL_VERSION_CONFLICT
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:117:1)
client undefined
server ERR_TLS_PROTOCOL_VERSION_CONFLICT
test: U U U TLSv1.2 U TLS1_2_method U expect U U ERR_TLS_PROTOCOL_VERSION_CONFLICT
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:119:1)
client undefined
server ERR_TLS_PROTOCOL_VERSION_CONFLICT
test: U U SSLv2_method U U U U expect U ERR_TLS_INVALID_PROTOCOL_METHOD U
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:102:1)
client ERR_TLS_INVALID_PROTOCOL_METHOD
server undefined
test: U U SSLv3_method U U U U expect U ERR_TLS_INVALID_PROTOCOL_METHOD U
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:104:1)
client ERR_TLS_INVALID_PROTOCOL_METHOD
server undefined
test: U U hokey-pokey U U U U expect U ERR_TLS_INVALID_PROTOCOL_METHOD U
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:106:1)
client ERR_TLS_INVALID_PROTOCOL_METHOD
server undefined
test: U TLSv1.2 TLS1_2_method U U U U expect U ERR_TLS_PROTOCOL_VERSION_CONFLICT U
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:121:1)
client ERR_TLS_PROTOCOL_VERSION_CONFLICT
server undefined
test: TLSv1.2 U TLS1_2_method U U U U expect U ERR_TLS_PROTOCOL_VERSION_CONFLICT U
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:123:1)
client ERR_TLS_PROTOCOL_VERSION_CONFLICT
server undefined
test: U U TLSv1_1_method U U SSLv23_method U expect U ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION ERR_SSL_UNSUPPORTED_PROTOCOL
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:162:3)
client ECONNRESET
server ECONNRESET
test: U U TLSv1_method U U SSLv23_method U expect U ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION ERR_SSL_UNSUPPORTED_PROTOCOL
   (/home/runner/work/node/node/test/parallel/test-tls-min-max-version.js:165:3)
client ECONNRESET
server ECONNRESET
test: U U TLSv1_1_method U U U U expect U ERR_SSL_TLSV1_ALE

Check failure on line 1 in test/parallel/test-tls-min-max-version.js

View workflow job for this annotation

GitHub Actions / test-macOS 

--- stderr ---
(node:72684) [DEP0060] DeprecationWarning: The `util._extend` API is deprecated. Please use Object.assign() instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
node:assert:126
  throw new AssertionError(obj);
  ^

AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
+ actual - expected

+ 'ECONNRESET'
- 'ERR_SSL_WRONG_VERSION_NUMBER'
    at /Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:75:18
    at /Users/runner/work/node/node/test/common/index.js:488:15
    at /Users/runner/work/node/node/test/common/index.js:488:15
    at maybeCallback (/Users/runner/work/node/node/test/fixtures/tls-connect.js:97:7)
    at Server.<anonymous> (/Users/runner/work/node/node/test/fixtures/tls-connect.js:84:7)
    at Server.emit (node:events:520:28)
    at TLSSocket.onSocketTLSError (node:_tls_wrap:1221:29)
    at TLSSocket.emit (node:events:520:28)
    at TLSSocket._tlsError (node:_tls_wrap:1050:8)
    at TLSSocket.emit (node:events:520:28) {
  generatedMessage: true,
  code: 'ERR_ASSERTION',
  actual: 'ECONNRESET',
  expected: 'ERR_SSL_WRONG_VERSION_NUMBER',
  operator: 'strictEqual'
}

Node.js v23.0.0-pre
--- stdout ---
test: U U U U U SSLv2_method U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:98:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U U SSLv3_method U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:100:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U U hokey-pokey U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:108:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U U %s_method U expect U U ERR_TLS_INVALID_PROTOCOL_METHOD
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:113:1)
client undefined
server ERR_TLS_INVALID_PROTOCOL_METHOD
test: U U U U TLSv1.2 TLS1_2_method U expect U U ERR_TLS_PROTOCOL_VERSION_CONFLICT
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:117:1)
client undefined
server ERR_TLS_PROTOCOL_VERSION_CONFLICT
test: U U U TLSv1.2 U TLS1_2_method U expect U U ERR_TLS_PROTOCOL_VERSION_CONFLICT
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:119:1)
client undefined
server ERR_TLS_PROTOCOL_VERSION_CONFLICT
test: U U SSLv2_method U U U U expect U ERR_TLS_INVALID_PROTOCOL_METHOD U
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:102:1)
client ERR_TLS_INVALID_PROTOCOL_METHOD
server undefined
test: U U SSLv3_method U U U U expect U ERR_TLS_INVALID_PROTOCOL_METHOD U
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:104:1)
client ERR_TLS_INVALID_PROTOCOL_METHOD
server undefined
test: U U hokey-pokey U U U U expect U ERR_TLS_INVALID_PROTOCOL_METHOD U
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:106:1)
client ERR_TLS_INVALID_PROTOCOL_METHOD
server undefined
test: U TLSv1.2 TLS1_2_method U U U U expect U ERR_TLS_PROTOCOL_VERSION_CONFLICT U
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:121:1)
client ERR_TLS_PROTOCOL_VERSION_CONFLICT
server undefined
test: TLSv1.2 U TLS1_2_method U U U U expect U ERR_TLS_PROTOCOL_VERSION_CONFLICT U
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:123:1)
client ERR_TLS_PROTOCOL_VERSION_CONFLICT
server undefined
test: U U TLSv1_1_method U U SSLv23_method U expect U ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION ERR_SSL_UNSUPPORTED_PROTOCOL
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:162:3)
client ECONNRESET
server ECONNRESET
test: U U TLSv1_method U U SSLv23_method U expect U ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION ERR_SSL_UNSUPPORTED_PROTOCOL
   (/Users/runner/work/node/node/test/parallel/test-tls-min-max-version.js:165:3)
client ECONNRESET
server ECONNRESET
test: U U TLSv1_1_method U U U U expect U
const common = require('../common');
const fixtures = require('../common/fixtures');
const { inspect } = require('util');
Expand Down Expand Up @@ -61,11 +61,19 @@
if (cerr === 'ERR_SSL_UNSUPPORTED_PROTOCOL' &&
pair.client.err.code === 'ERR_SSL_VERSION_TOO_LOW')
cerr = 'ERR_SSL_VERSION_TOO_LOW';
assert.strictEqual(pair.client.err.code, cerr);
if (cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION' || cerr === 'ERR_SSL_UNSUPPORTED_PROTOCOL') {
assert.strictEqual(pair.client.err.code, 'ECONNRESET');
} else {
assert.strictEqual(pair.client.err.code, cerr);
}
}
if (serr) {
assert(pair.server.err);
assert.strictEqual(pair.server.err.code, serr);
if (serr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION' || serr === 'ERR_SSL_UNSUPPORTED_PROTOCOL') {
assert.strictEqual(pair.server.err.code, 'ECONNRESET');
} else {
assert.strictEqual(pair.server.err.code, serr);
}
}
return cleanup();
}
Expand Down
10 changes: 6 additions & 4 deletions test/parallel/test-tls-set-sigalgs.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,15 @@ function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) {
);
} else {
if (serr) {
assert(pair.server.err);
assert.strictEqual(pair.server.err.code, serr);
assert(pair.server.err.cause);
assert.strictEqual(pair.server.err.code, 'ECONNRESET');
assert.strictEqual(pair.server.err.cause.code, serr);
}

if (cerr) {
assert(pair.client.err);
assert.strictEqual(pair.client.err.code, cerr);
assert(pair.client.err.cause);
assert.strictEqual(pair.client.err.code, 'ECONNRESET');
assert.strictEqual(pair.client.err.cause.code, cerr);
}
}

Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-tls-sni-servername.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ function test(options) {
const server = tls.createServer(serverOptions, common.mustNotCall());

server.on('tlsClientError', common.mustCall((err, socket) => {
assert.strictEqual(err.message, 'Invalid SNI context');
assert.strictEqual(err.cause.message, 'Invalid SNI context');
// The `servername` should match.
assert.strictEqual(socket.servername, options.servername);
}));
Expand Down
Loading