mirror of
https://github.com/nodejs/node.git
synced 2025-05-08 18:53:34 +00:00
d9b9229d98
This test is testing the workaround for an OpenSSL 1.0.x bug, which was fixed in 1.1.0. With the bug fixed, the test expectations need to change slightly. PR-URL: https://github.com/nodejs/node/pull/16130 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
97 lines
2.4 KiB
JavaScript
97 lines
2.4 KiB
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
const { readKey } = require('../common/fixtures');
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const assert = require('assert');
|
|
const https = require('https');
|
|
const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =
|
|
require('crypto').constants;
|
|
|
|
const options = {
|
|
key: readKey('agent1-key.pem'),
|
|
cert: readKey('agent1-cert.pem'),
|
|
secureOptions: SSL_OP_NO_TICKET
|
|
};
|
|
|
|
// Create TLS1.2 server
|
|
https.createServer(options, function(req, res) {
|
|
res.end('ohai');
|
|
}).listen(0, function() {
|
|
first(this);
|
|
});
|
|
|
|
// Do request and let agent cache the session
|
|
function first(server) {
|
|
const port = server.address().port;
|
|
const req = https.request({
|
|
port: port,
|
|
rejectUnauthorized: false
|
|
}, function(res) {
|
|
res.resume();
|
|
|
|
server.close(function() {
|
|
faultyServer(port);
|
|
});
|
|
});
|
|
req.end();
|
|
}
|
|
|
|
// Create TLS1 server
|
|
function faultyServer(port) {
|
|
options.secureProtocol = 'TLSv1_method';
|
|
https.createServer(options, function(req, res) {
|
|
res.end('hello faulty');
|
|
}).listen(port, function() {
|
|
second(this);
|
|
});
|
|
}
|
|
|
|
// Attempt to request using cached session
|
|
function second(server, session) {
|
|
const req = https.request({
|
|
port: server.address().port,
|
|
rejectUnauthorized: false
|
|
}, function(res) {
|
|
res.resume();
|
|
});
|
|
|
|
if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
|
|
// Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
|
|
// connection to the TLS 1.0 server should work.
|
|
req.on('response', common.mustCall(function(res) {
|
|
// The test is now complete for OpenSSL 1.1.0.
|
|
server.close();
|
|
}));
|
|
} else {
|
|
// OpenSSL 1.0.x mistakenly locked versions based on the session it was
|
|
// offering. This causes this sequent request to fail. Let it fail, but
|
|
// test that this is mitigated on the next try by invalidating the session.
|
|
req.on('error', common.mustCall(function(err) {
|
|
assert(/wrong version number/.test(err.message));
|
|
|
|
req.on('close', function() {
|
|
third(server);
|
|
});
|
|
}));
|
|
}
|
|
req.end();
|
|
}
|
|
|
|
// Try one more time - session should be evicted!
|
|
function third(server) {
|
|
const req = https.request({
|
|
port: server.address().port,
|
|
rejectUnauthorized: false
|
|
}, function(res) {
|
|
res.resume();
|
|
assert(!req.socket.isSessionReused());
|
|
server.close();
|
|
});
|
|
req.on('error', common.mustNotCall());
|
|
req.end();
|
|
}
|