mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
6ad99ac1ef
When TLS Session Ticket is renewed by server - no Certificate record is to the client. We are prepared for empty certificate in this case, but this relies on the session reuse check, which was implemented incorrectly and was returning false when the TLS Session Ticket was renewed. Use session reuse check provided by OpenSSL instead. Fix: https://github.com/nodejs/io.js/issues/2304 PR-URL: https://github.com/nodejs/io.js/pull/2312 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
57 lines
1.2 KiB
JavaScript
57 lines
1.2 KiB
JavaScript
'use strict';
|
|
var common = require('../common');
|
|
var fs = require('fs');
|
|
var https = require('https');
|
|
var crypto = require('crypto');
|
|
|
|
var options = {
|
|
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
|
|
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'),
|
|
ca: fs.readFileSync(common.fixturesDir + '/keys/ca1-cert.pem')
|
|
};
|
|
|
|
var server = https.createServer(options, function(req, res) {
|
|
res.end('hello');
|
|
});
|
|
|
|
var aes = new Buffer(16);
|
|
aes.fill('S');
|
|
var hmac = new Buffer(16);
|
|
hmac.fill('H');
|
|
|
|
server._sharedCreds.context.enableTicketKeyCallback();
|
|
server._sharedCreds.context.onticketkeycallback = function(name, iv, enc) {
|
|
if (enc) {
|
|
var newName = new Buffer(16);
|
|
var newIV = crypto.randomBytes(16);
|
|
newName.fill('A');
|
|
} else {
|
|
// Renew
|
|
return [ 2, hmac, aes ];
|
|
}
|
|
|
|
return [ 1, hmac, aes, newName, newIV ];
|
|
};
|
|
|
|
server.listen(common.PORT, function() {
|
|
var addr = this.address();
|
|
|
|
function doReq(callback) {
|
|
https.request({
|
|
method: 'GET',
|
|
port: addr.port,
|
|
servername: 'agent1',
|
|
ca: options.ca
|
|
}, function(res) {
|
|
res.resume();
|
|
res.once('end', callback);
|
|
}).end();
|
|
}
|
|
|
|
doReq(function() {
|
|
doReq(function() {
|
|
server.close();
|
|
});
|
|
});
|
|
});
|