mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
14863e8058
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: https://github.com/openssl/openssl/pull/24338 PR-URL: https://github.com/nodejs/node/pull/53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
49 lines
1.5 KiB
JavaScript
49 lines
1.5 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
// This test verifies that when a server receives an unknownProtocol it will
|
|
// not leave the socket open if the client does not close it.
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const assert = require('assert');
|
|
const h2 = require('http2');
|
|
const tls = require('tls');
|
|
|
|
const server = h2.createSecureServer({
|
|
key: fixtures.readKey('rsa_private.pem'),
|
|
cert: fixtures.readKey('rsa_cert.crt'),
|
|
unknownProtocolTimeout: 500,
|
|
allowHalfOpen: true
|
|
});
|
|
|
|
server.on('secureConnection', common.mustCall((socket) => {
|
|
socket.on('close', common.mustCall(() => {
|
|
server.close();
|
|
}));
|
|
}));
|
|
|
|
server.listen(0, function() {
|
|
// If the client does not send an ALPN connection, and the server has not been
|
|
// configured with allowHTTP1, then the server should destroy the socket
|
|
// after unknownProtocolTimeout.
|
|
tls.connect({
|
|
port: server.address().port,
|
|
rejectUnauthorized: false,
|
|
});
|
|
|
|
// If the client sends an ALPN extension that does not contain 'h2', the
|
|
// server should send a fatal alert to the client before a secure connection
|
|
// is established at all.
|
|
tls.connect({
|
|
port: server.address().port,
|
|
rejectUnauthorized: false,
|
|
ALPNProtocols: ['bogus']
|
|
}).on('error', common.mustCall((err) => {
|
|
const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
|
|
assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);
|
|
}));
|
|
});
|