mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
f1b6d872dd
Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: https://github.com/nodejs/node/pull/42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com>
296 lines
7.1 KiB
JavaScript
296 lines
7.1 KiB
JavaScript
// Copyright Joyent, Inc. and other Node contributors.
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining a
|
|
// copy of this software and associated documentation files (the
|
|
// "Software"), to deal in the Software without restriction, including
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|
// persons to whom the Software is furnished to do so, subject to the
|
|
// following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be included
|
|
// in all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
'use strict';
|
|
const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const assert = require('assert');
|
|
const tls = require('tls');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
const passKey = fixtures.readKey('rsa_private_encrypted.pem');
|
|
const rawKey = fixtures.readKey('rsa_private.pem');
|
|
const cert = fixtures.readKey('rsa_cert.crt');
|
|
|
|
assert(Buffer.isBuffer(passKey));
|
|
assert(Buffer.isBuffer(cert));
|
|
assert.strictEqual(typeof passKey.toString(), 'string');
|
|
assert.strictEqual(typeof cert.toString(), 'string');
|
|
|
|
function onSecureConnect() {
|
|
return common.mustCall(function() { this.end(); });
|
|
}
|
|
|
|
const server = tls.Server({
|
|
key: passKey,
|
|
passphrase: 'password',
|
|
cert: cert,
|
|
ca: [cert],
|
|
requestCert: true,
|
|
rejectUnauthorized: true
|
|
});
|
|
|
|
server.listen(0, common.mustCall(function() {
|
|
// Buffer
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: passKey,
|
|
passphrase: 'password',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: rawKey,
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: rawKey,
|
|
passphrase: 'ignored',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
// Buffer[]
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [passKey],
|
|
passphrase: 'password',
|
|
cert: [cert],
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [rawKey],
|
|
cert: [cert],
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [rawKey],
|
|
passphrase: 'ignored',
|
|
cert: [cert],
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
// string
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: passKey.toString(),
|
|
passphrase: 'password',
|
|
cert: cert.toString(),
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: rawKey.toString(),
|
|
cert: cert.toString(),
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: rawKey.toString(),
|
|
passphrase: 'ignored',
|
|
cert: cert.toString(),
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
// String[]
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [passKey.toString()],
|
|
passphrase: 'password',
|
|
cert: [cert.toString()],
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [rawKey.toString()],
|
|
cert: [cert.toString()],
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [rawKey.toString()],
|
|
passphrase: 'ignored',
|
|
cert: [cert.toString()],
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
// Object[]
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: passKey, passphrase: 'password' }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: passKey, passphrase: 'password' }],
|
|
passphrase: 'ignored',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: passKey }],
|
|
passphrase: 'password',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: passKey.toString(), passphrase: 'password' }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: rawKey, passphrase: 'ignored' }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: rawKey.toString(), passphrase: 'ignored' }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: rawKey }],
|
|
passphrase: 'ignored',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: rawKey.toString() }],
|
|
passphrase: 'ignored',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: rawKey }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
|
|
tls.connect({
|
|
port: this.address().port,
|
|
key: [{ pem: rawKey.toString() }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
}, onSecureConnect());
|
|
})).unref();
|
|
|
|
const errMessageDecrypt = /bad decrypt/;
|
|
|
|
// Missing passphrase
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: passKey,
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|
|
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: [passKey],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|
|
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: [{ pem: passKey }],
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|
|
|
|
// Invalid passphrase
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: passKey,
|
|
passphrase: 'invalid',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|
|
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: [passKey],
|
|
passphrase: 'invalid',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|
|
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: [{ pem: passKey }],
|
|
passphrase: 'invalid',
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|
|
|
|
assert.throws(function() {
|
|
tls.connect({
|
|
port: server.address().port,
|
|
key: [{ pem: passKey, passphrase: 'invalid' }],
|
|
passphrase: 'password', // Valid but unused
|
|
cert: cert,
|
|
rejectUnauthorized: false
|
|
});
|
|
}, errMessageDecrypt);
|