mirror of
https://github.com/nodejs/node.git
synced 2025-04-30 15:41:06 +00:00
761de815c5
Since `common/crypto` already exists, it makes sense to keep crypto-related utilities there. The only exception being common.hasCrypto which is needed up front to determine if tests should be skipped. Eliminate the redundant check in hasFipsCrypto and just use crypto.getFips() directly where needed. PR-URL: https://github.com/nodejs/node/pull/56714 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
78 lines
2.1 KiB
JavaScript
78 lines
2.1 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
if (!common.hasCrypto) {
|
|
common.skip('missing crypto');
|
|
}
|
|
const { hasOpenSSL } = require('../common/crypto');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
// Test sigalgs: option for TLS.
|
|
|
|
const {
|
|
assert, connect, keys
|
|
} = require(fixtures.path('tls-connect'));
|
|
|
|
function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) {
|
|
assert(shared_sigalgs || serr || cerr, 'test missing any expectations');
|
|
connect({
|
|
client: {
|
|
checkServerIdentity: (servername, cert) => { },
|
|
ca: `${keys.agent1.cert}\n${keys.agent6.ca}`,
|
|
cert: keys.agent2.cert,
|
|
key: keys.agent2.key,
|
|
sigalgs: csigalgs
|
|
},
|
|
server: {
|
|
cert: keys.agent6.cert,
|
|
key: keys.agent6.key,
|
|
ca: keys.agent2.ca,
|
|
context: {
|
|
requestCert: true,
|
|
rejectUnauthorized: true
|
|
},
|
|
sigalgs: ssigalgs
|
|
},
|
|
}, common.mustCall((err, pair, cleanup) => {
|
|
if (shared_sigalgs) {
|
|
assert.ifError(err);
|
|
assert.ifError(pair.server.err);
|
|
assert.ifError(pair.client.err);
|
|
assert(pair.server.conn);
|
|
assert(pair.client.conn);
|
|
assert.deepStrictEqual(
|
|
pair.server.conn.getSharedSigalgs(),
|
|
shared_sigalgs
|
|
);
|
|
} else {
|
|
if (serr) {
|
|
assert(pair.server.err);
|
|
assert.strictEqual(pair.server.err.code, serr);
|
|
}
|
|
|
|
if (cerr) {
|
|
assert(pair.client.err);
|
|
assert.strictEqual(pair.client.err.code, cerr);
|
|
}
|
|
}
|
|
|
|
return cleanup();
|
|
}));
|
|
}
|
|
|
|
// Have shared sigalgs
|
|
test('RSA-PSS+SHA384', 'RSA-PSS+SHA384', ['RSA-PSS+SHA384']);
|
|
test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
|
|
'RSA-PSS+SHA256:ECDSA+SHA256',
|
|
['RSA-PSS+SHA256', 'ECDSA+SHA256']);
|
|
|
|
// Do not have shared sigalgs.
|
|
const handshakeErr = hasOpenSSL(3, 2) ?
|
|
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
|
|
test('RSA-PSS+SHA384', 'ECDSA+SHA256',
|
|
undefined, handshakeErr,
|
|
'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS');
|
|
|
|
test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256',
|
|
undefined, handshakeErr,
|
|
'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS');
|