jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-03 11:41:22 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
a20a328a9b
node/test/parallel/test-tls-set-sigalgs.js
Anton Gerasimov 0c32ca96c8 tls: add option to override signature algorithms 
Passes the list down to SSL_CTX_set1_sigalgs_list.

Option to get the list of shared signature algorithms
from a TLS socket added as well for testing.

Signed-off-by: Anton Gerasimov <agerasimov@twilio.com>

PR-URL: https://github.com/nodejs/node/pull/29598
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2019-09-23 23:32:45 -07:00

75 lines
2.1 KiB
JavaScript
Raw Blame History

'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');
const fixtures = require('../common/fixtures');
// Test sigalgs: option for TLS.
const {
assert, connect, keys
} = require(fixtures.path('tls-connect'));
function assert_arrays_equal(left, right) {
assert.strictEqual(left.length, right.length);
for (let i = 0; i < left.length; i++) {
assert.strictEqual(left[i], right[i]);
}
}
function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) {
assert(shared_sigalgs || serr || cerr, 'test missing any expectations');
connect({
client: {
checkServerIdentity: (servername, cert) => { },
ca: `${keys.agent1.cert}\n${keys.agent6.ca}`,
cert: keys.agent2.cert,
key: keys.agent2.key,
sigalgs: csigalgs
},
server: {
cert: keys.agent6.cert,
key: keys.agent6.key,
ca: keys.agent2.ca,
context: {
requestCert: true,
rejectUnauthorized: true
},
sigalgs: ssigalgs
},
}, common.mustCall((err, pair, cleanup) => {
if (shared_sigalgs) {
assert.ifError(err);
assert.ifError(pair.server.err);
assert.ifError(pair.client.err);
assert(pair.server.conn);
assert(pair.client.conn);
assert_arrays_equal(pair.server.conn.getSharedSigalgs(), shared_sigalgs);
} else {
if (serr) {
assert(pair.server.err);
assert(pair.server.err.code, serr);
}
if (cerr) {
assert(pair.client.err);
assert(pair.client.err.code, cerr);
}
}
return cleanup();
}));
}
// Have shared sigalgs
test('RSA-PSS+SHA384', 'RSA-PSS+SHA384', ['RSA-PSS+SHA384']);
test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
'RSA-PSS+SHA256:ECDSA+SHA256',
['RSA-PSS+SHA256', 'ECDSA+SHA256']);
// Do not have shared sigalgs.
test('RSA-PSS+SHA384', 'ECDSA+SHA256',
undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS');
test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256',
undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS');
Reference in New Issue View Git Blame Copy Permalink