jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-03 09:23:11 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
77def91bf9
node/test/parallel/test-http2-server-unknown-protocol.js
Tobias Nießen 77def91bf9
tls,http2: send fatal alert on ALPN mismatch 
To comply with RFC 7301, make TLS servers send a fatal alert during the
TLS handshake if both the client and the server are configured to use
ALPN and if the server does not support any of the protocols advertised
by the client.

This affects HTTP/2 servers. Until now, applications could intercept the
'unknownProtocol' event when the client either did not advertise any
protocols or if the list of protocols advertised by the client did not
include HTTP/2 (or HTTP/1.1 if allowHTTP1 was true). With this change,
only the first case can be handled, and the 'unknownProtocol' event will
not be emitted in the second case because the TLS handshake fails and no
secure connection is established.

PR-URL: https://github.com/nodejs/node/pull/44031
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2022-08-13 07:25:23 +00:00

48 lines
1.4 KiB
JavaScript
Raw Blame History

'use strict';
const common = require('../common');
const fixtures = require('../common/fixtures');
// This test verifies that when a server receives an unknownProtocol it will
// not leave the socket open if the client does not close it.
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const h2 = require('http2');
const tls = require('tls');
const server = h2.createSecureServer({
key: fixtures.readKey('rsa_private.pem'),
cert: fixtures.readKey('rsa_cert.crt'),
unknownProtocolTimeout: 500,
allowHalfOpen: true
});
server.on('secureConnection', common.mustCall((socket) => {
socket.on('close', common.mustCall(() => {
server.close();
}));
}));
server.listen(0, function() {
// If the client does not send an ALPN connection, and the server has not been
// configured with allowHTTP1, then the server should destroy the socket
// after unknownProtocolTimeout.
tls.connect({
port: server.address().port,
rejectUnauthorized: false,
});
// If the client sends an ALPN extension that does not contain 'h2', the
// server should send a fatal alert to the client before a secure connection
// is established at all.
tls.connect({
port: server.address().port,
rejectUnauthorized: false,
ALPNProtocols: ['bogus']
}).on('error', common.mustCall((err) => {
assert.strictEqual(err.code, 'ECONNRESET');
}));
});
Reference in New Issue View Git Blame Copy Permalink