mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
a65105ec28
Refs: https://github.com/nodejs/node/issues/53382 Looks like test is forcing an error through bad data and the error code we get is different for OpenSSL32. Adjust test to cope with the variation across versions. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: https://github.com/nodejs/node/pull/54909 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>
110 lines
3.0 KiB
JavaScript
110 lines
3.0 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
if (!common.opensslCli)
|
|
common.skip('node compiled without OpenSSL CLI');
|
|
|
|
const assert = require('assert');
|
|
const net = require('net');
|
|
const tls = require('tls');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
let clientClosed = false;
|
|
let errorReceived = false;
|
|
function canCloseServer() {
|
|
return clientClosed && errorReceived;
|
|
}
|
|
|
|
function loadPEM(n) {
|
|
return fixtures.readKey(`${n}.pem`, 'utf-8');
|
|
}
|
|
|
|
const opts = {
|
|
key: loadPEM('agent2-key'),
|
|
cert: loadPEM('agent2-cert')
|
|
};
|
|
|
|
const max_iter = 20;
|
|
let iter = 0;
|
|
|
|
const errorHandler = common.mustCall((err) => {
|
|
let expectedErrorCode = 'ERR_SSL_WRONG_VERSION_NUMBER';
|
|
let expectedErrorReason = 'wrong version number';
|
|
if (common.hasOpenSSL(3, 2)) {
|
|
expectedErrorCode = 'ERR_SSL_PACKET_LENGTH_TOO_LONG';
|
|
expectedErrorReason = 'packet length too long';
|
|
};
|
|
|
|
assert.strictEqual(err.code, expectedErrorCode);
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
|
|
assert.strictEqual(err.reason, expectedErrorReason);
|
|
errorReceived = true;
|
|
if (canCloseServer())
|
|
server.close();
|
|
});
|
|
const server = tls.createServer(opts, common.mustCall(function(s) {
|
|
s.pipe(s);
|
|
s.on('error', errorHandler);
|
|
}, 2));
|
|
|
|
server.listen(0, common.mustCall(function() {
|
|
sendClient();
|
|
}));
|
|
|
|
server.on('tlsClientError', common.mustNotCall());
|
|
|
|
server.on('error', common.mustNotCall());
|
|
|
|
function sendClient() {
|
|
const client = tls.connect(server.address().port, {
|
|
rejectUnauthorized: false
|
|
});
|
|
client.on('data', common.mustCall(function() {
|
|
if (iter++ === 2) sendBADTLSRecord();
|
|
if (iter < max_iter) {
|
|
client.write('a');
|
|
return;
|
|
}
|
|
client.end();
|
|
}, max_iter));
|
|
client.write('a', common.mustCall());
|
|
client.on('error', common.mustNotCall());
|
|
client.on('close', common.mustCall(function() {
|
|
clientClosed = true;
|
|
if (canCloseServer())
|
|
server.close();
|
|
}));
|
|
}
|
|
|
|
|
|
function sendBADTLSRecord() {
|
|
const BAD_RECORD = Buffer.from([0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
|
|
const socket = net.connect(server.address().port);
|
|
const client = tls.connect({
|
|
socket: socket,
|
|
rejectUnauthorized: false
|
|
}, common.mustCall(function() {
|
|
client.write('x');
|
|
client.on('data', (data) => {
|
|
socket.end(BAD_RECORD);
|
|
});
|
|
}));
|
|
client.on('error', common.mustCall((err) => {
|
|
let expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION';
|
|
let expectedErrorReason = 'tlsv1 alert protocol version';
|
|
if (common.hasOpenSSL(3, 2)) {
|
|
expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW';
|
|
expectedErrorReason = 'tlsv1 alert record overflow';
|
|
}
|
|
assert.strictEqual(err.code, expectedErrorCode);
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
if (!common.hasOpenSSL3)
|
|
assert.strictEqual(err.function, 'ssl3_read_bytes');
|
|
assert.strictEqual(err.reason, expectedErrorReason);
|
|
}));
|
|
}
|