nodejs/test/parallel/test-tls-friendly-error-message.js

if (!process.versions.openssl) {
  console.error('Skipping because node compiled without OpenSSL.');
  process.exit(0);
}

var common = require('../common');
var assert = require('assert');
var fs = require('fs');
var tls = require('tls');

var key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');
var cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');

tls.createServer({ key: key, cert: cert }, function(conn) {
  conn.end();
  this.close();
}).listen(common.PORT, function() {
  var options = { port: this.address().port, rejectUnauthorized: true };
  tls.connect(options).on('error', common.mustCall(function(err) {
    assert.equal(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
    assert.equal(err.message, 'unable to verify the first certificate');
    this.destroy();
  }));
});
tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people. 2014-01-17 18:15:36 +01:00			`if (!process.versions.openssl) {`
			`console.error('Skipping because node compiled without OpenSSL.');`
			`process.exit(0);`
			`}`

			`var common = require('../common');`
			`var assert = require('assert');`
			`var fs = require('fs');`
			`var tls = require('tls');`

			`var key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');`
			`var cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');`

			`tls.createServer({ key: key, cert: cert }, function(conn) {`
			`conn.end();`
			`this.close();`
test: split test in parallel/sequential Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> PR-URL: https://github.com/iojs/io.js/pull/172 Fix: iojs/io.js#139 2014-12-17 14:30:04 +01:00			`}).listen(common.PORT, function() {`
tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people. 2014-01-17 18:15:36 +01:00			`var options = { port: this.address().port, rejectUnauthorized: true };`
			`tls.connect(options).on('error', common.mustCall(function(err) {`
			`assert.equal(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');`
			`assert.equal(err.message, 'unable to verify the first certificate');`
			`this.destroy();`
			`}));`
			`});`