mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
425c5ca27d
This option was made from the floating patch of d269e07.
It is no longer needed because the issue was resolved in
OpenSSL-1.1.0.
Fixes: https://github.com/nodejs/node/issues/4270
PR-URL: https://github.com/nodejs/node/pull/19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
77 lines
1.8 KiB
JavaScript
77 lines
1.8 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
|
|
// This test ensures that ecdhCurve option of TLS server supports colon
|
|
// separated ECDH curve names as value.
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
if (!common.opensslCli)
|
|
common.skip('missing openssl-cli');
|
|
|
|
const assert = require('assert');
|
|
const tls = require('tls');
|
|
const spawn = require('child_process').spawn;
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
function loadPEM(n) {
|
|
return fixtures.readKey(`${n}.pem`);
|
|
}
|
|
|
|
const options = {
|
|
key: loadPEM('agent2-key'),
|
|
cert: loadPEM('agent2-cert'),
|
|
ciphers: '-ALL:ECDHE-RSA-AES128-SHA256',
|
|
ecdhCurve: 'secp256k1:prime256v1:secp521r1'
|
|
};
|
|
|
|
const reply = 'I AM THE WALRUS'; // something recognizable
|
|
|
|
const server = tls.createServer(options, function(conn) {
|
|
conn.end(reply);
|
|
});
|
|
|
|
let gotReply = false;
|
|
|
|
server.listen(0, function() {
|
|
const args = ['s_client',
|
|
'-cipher', `${options.ciphers}`,
|
|
'-connect', `127.0.0.1:${this.address().port}`];
|
|
|
|
const client = spawn(common.opensslCli, args);
|
|
|
|
client.stdout.on('data', function(data) {
|
|
const message = data.toString();
|
|
if (message.includes(reply))
|
|
gotReply = true;
|
|
});
|
|
|
|
client.on('exit', function(code) {
|
|
assert.strictEqual(0, code);
|
|
server.close();
|
|
});
|
|
|
|
client.on('error', assert.ifError);
|
|
});
|
|
|
|
process.on('exit', function() {
|
|
assert.ok(gotReply);
|
|
|
|
// Some of unsupported curves
|
|
const unsupportedCurves = [
|
|
'wap-wsg-idm-ecid-wtls1',
|
|
'c2pnb163v1',
|
|
'prime192v3'
|
|
];
|
|
|
|
// Brainpool is not supported in FIPS mode
|
|
if (common.hasFipsCrypto)
|
|
unsupportedCurves.push('brainpoolP256r1');
|
|
|
|
unsupportedCurves.forEach((ecdhCurve) => {
|
|
assert.throws(() => tls.createServer({ ecdhCurve }),
|
|
/Error: Failed to set ECDH curve/);
|
|
});
|
|
});
|