diff options
author | cjihrig <cjihrig@gmail.com> | 2019-04-30 12:19:10 -0400 |
---|---|---|
committer | cjihrig <cjihrig@gmail.com> | 2019-05-02 12:37:54 -0400 |
commit | 495822f544a34feadc8d8c19e674f0b00eefefd6 (patch) | |
tree | d3c1cdbe215d010a5a6d811bdc7e5c23cbcb9295 /test/parallel/test-tls-enable-trace-cli.js | |
parent | c6a2fdf3aa8f8db7344ae7c530468b9feb715086 (diff) | |
download | android-node-v8-495822f544a34feadc8d8c19e674f0b00eefefd6.tar.gz android-node-v8-495822f544a34feadc8d8c19e674f0b00eefefd6.tar.bz2 android-node-v8-495822f544a34feadc8d8c19e674f0b00eefefd6.zip |
tls,cli: add --trace-tls command-line flag
This commit adds a --trace-tls command-line flag. The
purpose is to enable tracing of TLS connections without the
need to modify existing application code.
PR-URL: https://github.com/nodejs/node/pull/27497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'test/parallel/test-tls-enable-trace-cli.js')
-rw-r--r-- | test/parallel/test-tls-enable-trace-cli.js | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/test/parallel/test-tls-enable-trace-cli.js b/test/parallel/test-tls-enable-trace-cli.js new file mode 100644 index 0000000000..5b7189af70 --- /dev/null +++ b/test/parallel/test-tls-enable-trace-cli.js @@ -0,0 +1,59 @@ +// Flags: --expose-internals +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) common.skip('missing crypto'); +const fixtures = require('../common/fixtures'); + +// Test --trace-tls CLI flag. + +const assert = require('assert'); +const { fork } = require('child_process'); + +if (process.argv[2] === 'test') + return test(); + +const binding = require('internal/test/binding').internalBinding; + +if (!binding('tls_wrap').HAVE_SSL_TRACE) + return common.skip('no SSL_trace() compiled into openssl'); + +const child = fork(__filename, ['test'], { + silent: true, + execArgv: ['--trace-tls'] +}); + +let stderr = ''; +child.stderr.setEncoding('utf8'); +child.stderr.on('data', (data) => stderr += data); +child.on('close', common.mustCall(() => { + assert(/Warning: Enabling --trace-tls can expose sensitive/.test(stderr)); + assert(/Received Record/.test(stderr)); + assert(/ClientHello/.test(stderr)); +})); + +// For debugging and observation of actual trace output. +child.stderr.pipe(process.stderr); +child.stdout.pipe(process.stdout); + +child.on('exit', common.mustCall((code) => { + assert.strictEqual(code, 0); +})); + +function test() { + const { + connect, keys + } = require(fixtures.path('tls-connect')); + + connect({ + client: { + checkServerIdentity: (servername, cert) => { }, + ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, + }, + server: { + cert: keys.agent6.cert, + key: keys.agent6.key + }, + }, common.mustCall((err, pair, cleanup) => { + return cleanup(); + })); +} |