jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-01 08:42:45 +00:00
Code Issues Actions 19 Packages Projects Releases Wiki Activity
cb15fc56d8
node/test/parallel/test-tls-alert-handling.js
Daniel Bevenius 640fe94354 src,test: support dynamically linking OpenSSL 3.0 
This commit enables node to dynamically link against OpenSSL 3.0.

The motivation for opening this PR even though OpenSSL 3.0 has not been
released yet is to allow a nightly CI job to be created. This will
allow us stay on top of changes required for OpenSSL 3.0, and also to
make sure that changes to node crypto do not cause issues when linking
to OpenSSL 3.0.

PR-URL: https://github.com/nodejs/node/pull/37669
Refs: https://github.com/nodejs/node/issues/29817
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
2021-03-16 05:59:25 +01:00

97 lines
2.5 KiB
JavaScript
Raw Blame History

'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.opensslCli)
common.skip('node compiled without OpenSSL CLI');
const assert = require('assert');
const net = require('net');
const tls = require('tls');
const fixtures = require('../common/fixtures');
let clientClosed = false;
let errorReceived = false;
function canCloseServer() {
return clientClosed && errorReceived;
}
function loadPEM(n) {
return fixtures.readKey(`${n}.pem`, 'utf-8');
}
const opts = {
key: loadPEM('agent2-key'),
cert: loadPEM('agent2-cert')
};
const max_iter = 20;
let iter = 0;
const errorHandler = common.mustCall((err) => {
assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
assert.strictEqual(err.library, 'SSL routines');
if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
assert.strictEqual(err.reason, 'wrong version number');
errorReceived = true;
if (canCloseServer())
server.close();
});
const server = tls.createServer(opts, common.mustCall(function(s) {
s.pipe(s);
s.on('error', errorHandler);
}, 2));
server.listen(0, common.mustCall(function() {
sendClient();
}));
server.on('tlsClientError', common.mustNotCall());
server.on('error', common.mustNotCall());
function sendClient() {
const client = tls.connect(server.address().port, {
rejectUnauthorized: false
});
client.on('data', common.mustCall(function() {
if (iter++ === 2) sendBADTLSRecord();
if (iter < max_iter) {
client.write('a');
return;
}
client.end();
}, max_iter));
client.write('a', common.mustCall());
client.on('error', common.mustNotCall());
client.on('close', common.mustCall(function() {
clientClosed = true;
if (canCloseServer())
server.close();
}));
}
function sendBADTLSRecord() {
const BAD_RECORD = Buffer.from([0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
const socket = net.connect(server.address().port);
const client = tls.connect({
socket: socket,
rejectUnauthorized: false
}, common.mustCall(function() {
client.write('x');
client.on('data', (data) => {
socket.end(BAD_RECORD);
});
}));
client.on('error', common.mustCall((err) => {
assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
assert.strictEqual(err.library, 'SSL routines');
if (!common.hasOpenSSL3)
assert.strictEqual(err.function, 'ssl3_read_bytes');
assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
}));
}
Reference in New Issue View Git Blame Copy Permalink