diff options
| author | Fedor Indutny <fedor@indutny.com> | 2015-04-18 10:19:23 +0200 |
|---|---|---|
| committer | Fedor Indutny <fedor@indutny.com> | 2015-05-01 16:56:55 +0200 |
| commit | 550c2638c0885f9cbb1022f8f5234015e21836fe (patch) | |
| tree | 5bc382b6cef0b84dc1851f719a33b7eb975339b6 /test/parallel/test-tls-sni-server-client.js | |
| parent | 30b7349176da785cd7294fec8c31cfb9c5f791e8 (diff) | |
| download | android-node-v8-550c2638c0885f9cbb1022f8f5234015e21836fe.tar.gz android-node-v8-550c2638c0885f9cbb1022f8f5234015e21836fe.tar.bz2 android-node-v8-550c2638c0885f9cbb1022f8f5234015e21836fe.zip | |
tls: use `SSL_set_cert_cb` for async SNI/OCSP
Do not enable ClientHello parser for async SNI/OCSP. Use new
OpenSSL-1.0.2's API `SSL_set_cert_cb` to pause the handshake process and
load the cert/OCSP response asynchronously. Hopefuly this will make
whole async SNI/OCSP process much faster and will eventually let us
remove the ClientHello parser itself (which is currently used only for
async session, see #1462 for the discussion of removing it).
NOTE: Ported our code to `SSL_CTX_add1_chain_cert` to use
`SSL_CTX_get0_chain_certs` in `CertCbDone`. Test provided for this
feature.
Fix: https://github.com/iojs/io.js/issues/1423
PR-URL: https://github.com/iojs/io.js/pull/1464
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Diffstat (limited to 'test/parallel/test-tls-sni-server-client.js')
| -rw-r--r-- | test/parallel/test-tls-sni-server-client.js | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/test/parallel/test-tls-sni-server-client.js b/test/parallel/test-tls-sni-server-client.js index 7a1d09b9c2..a1d867233b 100644 --- a/test/parallel/test-tls-sni-server-client.js +++ b/test/parallel/test-tls-sni-server-client.js @@ -35,6 +35,11 @@ var SNIContexts = { 'asterisk.test.com': { key: loadPEM('agent3-key'), cert: loadPEM('agent3-cert') + }, + 'chain.example.com': { + key: loadPEM('agent6-key'), + // NOTE: Contains ca3 chain cert + cert: loadPEM('agent6-cert') } }; @@ -42,32 +47,29 @@ var serverPort = common.PORT; var clientsOptions = [{ port: serverPort, - key: loadPEM('agent1-key'), - cert: loadPEM('agent1-cert'), ca: [loadPEM('ca1-cert')], servername: 'a.example.com', rejectUnauthorized: false }, { port: serverPort, - key: loadPEM('agent2-key'), - cert: loadPEM('agent2-cert'), ca: [loadPEM('ca2-cert')], servername: 'b.test.com', rejectUnauthorized: false }, { port: serverPort, - key: loadPEM('agent2-key'), - cert: loadPEM('agent2-cert'), ca: [loadPEM('ca2-cert')], servername: 'a.b.test.com', rejectUnauthorized: false }, { port: serverPort, - key: loadPEM('agent3-key'), - cert: loadPEM('agent3-cert'), ca: [loadPEM('ca1-cert')], servername: 'c.wrong.com', rejectUnauthorized: false +}, { + port: serverPort, + ca: [loadPEM('ca1-cert')], + servername: 'chain.example.com', + rejectUnauthorized: false }]; var serverResults = [], @@ -79,6 +81,7 @@ var server = tls.createServer(serverOptions, function(c) { server.addContext('a.example.com', SNIContexts['a.example.com']); server.addContext('*.test.com', SNIContexts['asterisk.test.com']); +server.addContext('chain.example.com', SNIContexts['chain.example.com']); server.listen(serverPort, startTest); @@ -105,7 +108,9 @@ function startTest() { } process.on('exit', function() { - assert.deepEqual(serverResults, ['a.example.com', 'b.test.com', - 'a.b.test.com', 'c.wrong.com']); - assert.deepEqual(clientResults, [true, true, false, false]); + assert.deepEqual(serverResults, [ + 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com', + 'chain.example.com' + ]); + assert.deepEqual(clientResults, [true, true, false, false, true]); }); |