nodejs/test/parallel/test-https-agent-session-eviction.js

'use strict';

const common = require('../common');

if (!common.hasCrypto) {
  common.skip('missing crypto');
  return;
}

const assert = require('assert');
const https = require('https');
const fs = require('fs');
const SSL_OP_NO_TICKET = require('crypto').constants.SSL_OP_NO_TICKET;

const options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'),
  secureOptions: SSL_OP_NO_TICKET
};

// Create TLS1.2 server
https.createServer(options, function(req, res) {
  res.end('ohai');
}).listen(0, function() {
  first(this);
});

// Do request and let agent cache the session
function first(server) {
  const port = server.address().port;
  const req = https.request({
    port: port,
    rejectUnauthorized: false
  }, function(res) {
    res.resume();

    server.close(function() {
      faultyServer(port);
    });
  });
  req.end();
}

// Create TLS1 server
function faultyServer(port) {
  options.secureProtocol = 'TLSv1_method';
  https.createServer(options, function(req, res) {
    res.end('hello faulty');
  }).listen(port, function() {
    second(this);
  });
}

// Attempt to request using cached session
function second(server, session) {
  const req = https.request({
    port: server.address().port,
    rejectUnauthorized: false
  }, function(res) {
    res.resume();
  });

  // Let it fail
  req.on('error', common.mustCall(function(err) {
    assert(/wrong version number/.test(err.message));

    req.on('close', function() {
      third(server);
    });
  }));
  req.end();
}

// Try one more time - session should be evicted!
function third(server) {
  const req = https.request({
    port: server.address().port,
    rejectUnauthorized: false
  }, function(res) {
    res.resume();
    assert(!req.socket.isSessionReused());
    server.close();
  });
  req.on('error', common.mustNotCall());
  req.end();
}
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`'use strict';`

			`const common = require('../common');`

			`if (!common.hasCrypto) {`
test: abstract skip functionality to common The tap skipping output is so prevalent yet obscure in nature that we ought to move it into it's own function in test/common.js PR-URL: https://github.com/nodejs/node/pull/6697 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> 2016-05-11 21:34:52 +02:00			`common.skip('missing crypto');`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`return;`
			`}`

			`const assert = require('assert');`
			`const https = require('https');`
			`const fs = require('fs');`
src: refactor require('constants') The require('constants') module is currently undocumented and mashes together unrelated constants. This refactors the require('constants') in favor of distinct os.constants, fs.constants, and crypto.constants that are specific to the modules for which they are relevant. The next step is to document those within the specific modules. PR-URL: https://github.com/nodejs/node/pull/6534 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com> 2016-05-02 19:27:12 +02:00			`const SSL_OP_NO_TICKET = require('crypto').constants.SSL_OP_NO_TICKET;`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00
			`const options = {`
			`key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),`
			`cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'),`
src: refactor require('constants') The require('constants') module is currently undocumented and mashes together unrelated constants. This refactors the require('constants') in favor of distinct os.constants, fs.constants, and crypto.constants that are specific to the modules for which they are relevant. The next step is to document those within the specific modules. PR-URL: https://github.com/nodejs/node/pull/6534 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com> 2016-05-02 19:27:12 +02:00			`secureOptions: SSL_OP_NO_TICKET`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`};`

			`// Create TLS1.2 server`
			`https.createServer(options, function(req, res) {`
			`res.end('ohai');`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`}).listen(0, function() {`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`first(this);`
			`});`

			`// Do request and let agent cache the session`
benchmark,test,lib: remove extra spaces In preparation for stricter linting, remove extra spaces. PR-URL: https://github.com/nodejs/node/pull/6645 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Roman Reiss <me@silverwind.io> 2016-05-09 08:04:17 +02:00			`function first(server) {`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`const port = server.address().port;`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`const req = https.request({`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`port: port,`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`rejectUnauthorized: false`
			`}, function(res) {`
			`res.resume();`

			`server.close(function() {`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`faultyServer(port);`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`});`
			`});`
			`req.end();`
			`}`

			`// Create TLS1 server`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`function faultyServer(port) {`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`options.secureProtocol = 'TLSv1_method';`
			`https.createServer(options, function(req, res) {`
			`res.end('hello faulty');`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`}).listen(port, function() {`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`second(this);`
			`});`
			`}`

			`// Attempt to request using cached session`
			`function second(server, session) {`
			`const req = https.request({`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`port: server.address().port,`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`rejectUnauthorized: false`
			`}, function(res) {`
			`res.resume();`
			`});`

			`// Let it fail`
			`req.on('error', common.mustCall(function(err) {`
			`assert(/wrong version number/.test(err.message));`

			`req.on('close', function() {`
			`third(server);`
			`});`
			`}));`
			`req.end();`
			`}`

test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`// Try one more time - session should be evicted!`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`function third(server) {`
			`const req = https.request({`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 09:06:56 +02:00			`port: server.address().port,`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`rejectUnauthorized: false`
			`}, function(res) {`
			`res.resume();`
			`assert(!req.socket.isSessionReused());`
			`server.close();`
			`});`
test: add common.mustNotCall() This commit adds a mustNotCall() helper for testing. This provides an alternative to using common.fail() as a callback, or creating a callback function for the sole purpose of calling common.fail(). PR-URL: https://github.com/nodejs/node/pull/11152 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com> 2017-02-03 20:54:19 +01:00			`req.on('error', common.mustNotCall());`
https: evict cached sessions on error Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: https://github.com/nodejs/node/issues/3692 PR-URL: https://github.com/nodejs/node/pull/4982 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2016-01-31 00:49:11 +01:00			`req.end();`
			`}`