Skip to content

Commit

Permalink
test: make tls-socket-default-options tests run
Browse files Browse the repository at this point in the history
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
sam-github committed Feb 20, 2017
1 parent d2de2ad commit bd947de
Showing 1 changed file with 49 additions and 45 deletions.
94 changes: 49 additions & 45 deletions test/parallel/test-tls-socket-default-options.js
Original file line number Diff line number Diff line change
@@ -1,55 +1,59 @@
'use strict';
const common = require('../common');

// Test a directly created TLS socket supports no options, and empty options.

const assert = require('assert');
const join = require('path').join;
const {
connect, keys, tls
} = require(join(common.fixturesDir, 'tls-connect'));

if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const tls = require('tls');

const fs = require('fs');

const sent = 'hello world';

const serverOptions = {
isServer: true,
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};

function testSocketOptions(socket, socketOptions) {
let received = '';
const server = tls.createServer(serverOptions, function(s) {
s.on('data', function(chunk) {
received += chunk;
});

s.on('end', function() {
server.close();
s.destroy();
assert.strictEqual(received, sent);
setImmediate(runTests);
});
}).listen(0, function() {
const c = new tls.TLSSocket(socket, socketOptions);
c.connect(this.address().port, function() {
c.end(sent);
});
});

}

const testArgs = [
[],
[undefined, {}]
];

let n = 0;
function runTests() {
if (n++ < testArgs.length) {
testSocketOptions.apply(null, testArgs[n]);
}
test(undefined, (err) => {
assert.strictEqual(err.message, 'unable to verify the first certificate');
});

test({}, (err) => {
assert.strictEqual(err.message, 'unable to verify the first certificate');
});

test({secureContext: tls.createSecureContext({ca: keys.agent1.ca})}, (err) => {
assert.ifError(err);
});

function test(client, callback) {
callback = common.mustCall(callback);
connect({
server: {
key: keys.agent1.key,
cert: keys.agent1.cert,
},
}, function(err, pair, cleanup) {
assert.strictEqual(err.message, 'unable to verify the first certificate');
let recv = '';
pair.server.server.once('secureConnection', common.mustCall((conn) => {
conn.on('data', (data) => recv += data);
conn.on('end', common.mustCall(() => {
// Server sees nothing wrong with connection, even though the client's
// authentication of the server cert failed.
assert.strictEqual(recv, 'hello');
cleanup();
}));
}));

// Client doesn't support the 'secureConnect' event, and doesn't error if
// authentication failed. Caller must explicitly check for failure.
(new tls.TLSSocket(null, client)).connect(pair.server.server.address().port)
.on('connect', common.mustCall(function() {
this.end('hello');
}))
.on('secure', common.mustCall(function() {
callback(this.ssl.verifyError());
}));
});
}

runTests();

0 comments on commit bd947de

Please sign in to comment.