diff options
| author | Sam Roberts <vieuxtech@gmail.com> | 2019-01-30 12:18:04 -0800 |
|---|---|---|
| committer | Sam Roberts <vieuxtech@gmail.com> | 2019-02-01 19:06:58 -0800 |
| commit | 0f8e8f7c6b9e7a8bdae53c831f37b2034d1c9fa7 (patch) | |
| tree | 2b7d72ab24c8b9538e4e1da9a3fa5c71482fdb01 /test/parallel | |
| parent | e1aa9438ead2093a536e5981da7097c9196e7113 (diff) | |
| download | android-node-v8-0f8e8f7c6b9e7a8bdae53c831f37b2034d1c9fa7.tar.gz android-node-v8-0f8e8f7c6b9e7a8bdae53c831f37b2034d1c9fa7.tar.bz2 android-node-v8-0f8e8f7c6b9e7a8bdae53c831f37b2034d1c9fa7.zip | |
tls: introduce client 'session' event
OpenSSL has supported async notification of sessions and tickets since
1.1.0 using SSL_CTX_sess_set_new_cb(), for all versions of TLS. Using
the async API is optional for TLS1.2 and below, but for TLS1.3 it will
be mandatory. Future-proof applications should start to use async
notification immediately. In the future, for TLS1.3, applications that
don't use the async API will silently, but gracefully, fail to resume
sessions and instead do a full handshake.
See: https://wiki.openssl.org/index.php/TLS1.3#Sessions
PR-URL: https://github.com/nodejs/node/pull/25831
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Diffstat (limited to 'test/parallel')
| -rw-r--r-- | test/parallel/test-https-client-resume.js | 27 | ||||
| -rw-r--r-- | test/parallel/test-tls-async-cb-after-socket-end.js | 10 | ||||
| -rw-r--r-- | test/parallel/test-tls-client-resume.js | 42 | ||||
| -rw-r--r-- | test/parallel/test-tls-ticket-cluster.js | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-ticket.js | 10 |
5 files changed, 58 insertions, 34 deletions
diff --git a/test/parallel/test-https-client-resume.js b/test/parallel/test-https-client-resume.js index 04a89364fe..cf1bbdf262 100644 --- a/test/parallel/test-https-client-resume.js +++ b/test/parallel/test-https-client-resume.js @@ -43,37 +43,34 @@ const server = https.createServer(options, common.mustCall((req, res) => { }, 2)); // start listening -server.listen(0, function() { - - let session1 = null; +server.listen(0, common.mustCall(function() { const client1 = tls.connect({ port: this.address().port, rejectUnauthorized: false - }, () => { + }, common.mustCall(() => { console.log('connect1'); - assert.ok(!client1.isSessionReused(), 'Session *should not* be reused.'); - session1 = client1.getSession(); + assert.strictEqual(client1.isSessionReused(), false); client1.write('GET / HTTP/1.0\r\n' + 'Server: 127.0.0.1\r\n' + '\r\n'); - }); + })); - client1.on('close', () => { - console.log('close1'); + client1.on('session', common.mustCall((session) => { + console.log('session'); const opts = { port: server.address().port, rejectUnauthorized: false, - session: session1 + session, }; - const client2 = tls.connect(opts, () => { + const client2 = tls.connect(opts, common.mustCall(() => { console.log('connect2'); - assert.ok(client2.isSessionReused(), 'Session *should* be reused.'); + assert.strictEqual(client2.isSessionReused(), true); client2.write('GET / HTTP/1.0\r\n' + 'Server: 127.0.0.1\r\n' + '\r\n'); - }); + })); client2.on('close', () => { console.log('close2'); @@ -81,7 +78,7 @@ server.listen(0, function() { }); client2.resume(); - }); + })); client1.resume(); -}); +})); diff --git a/test/parallel/test-tls-async-cb-after-socket-end.js b/test/parallel/test-tls-async-cb-after-socket-end.js index 6ca38461fd..5c812c8f04 100644 --- a/test/parallel/test-tls-async-cb-after-socket-end.js +++ b/test/parallel/test-tls-async-cb-after-socket-end.js @@ -6,9 +6,15 @@ const fixtures = require('../common/fixtures'); const SSL_OP_NO_TICKET = require('crypto').constants.SSL_OP_NO_TICKET; const tls = require('tls'); -// Check tls async callback after socket ends +// Check that TLS1.2 session resumption callbacks don't explode when made after +// the tls socket is destroyed. Disable TLS ticket support to force the legacy +// session resumption mechanism to be used. + +// TLS1.2 is the last protocol version to support TLS sessions, after that the +// new and resume session events will never be emitted on the server. const options = { + maxVersion: 'TLSv1.2', secureOptions: SSL_OP_NO_TICKET, key: fixtures.readSync('test_key.pem'), cert: fixtures.readSync('test_cert.pem') @@ -25,6 +31,8 @@ server.on('newSession', common.mustCall((key, session, done) => { server.on('resumeSession', common.mustCall((id, cb) => { sessionCb = cb; + // Destroy the client and then call the session cb, to check that the cb + // doesn't explode when called after the handle has been destroyed. next(); })); diff --git a/test/parallel/test-tls-client-resume.js b/test/parallel/test-tls-client-resume.js index db4c898d74..9f868fdcdc 100644 --- a/test/parallel/test-tls-client-resume.js +++ b/test/parallel/test-tls-client-resume.js @@ -20,9 +20,9 @@ // USE OR OTHER DEALINGS IN THE SOFTWARE. 'use strict'; -// Create an ssl server. First connection, validate that not resume. -// Cache session and close connection. Use session on second connection. -// ASSERT resumption. + +// Check that the ticket from the first connection causes session resumption +// when used to make a second connection. const common = require('../common'); if (!common.hasCrypto) @@ -43,20 +43,28 @@ const server = tls.Server(options, common.mustCall((socket) => { }, 2)); // start listening -server.listen(0, function() { +server.listen(0, common.mustCall(function() { + let sessionx = null; let session1 = null; const client1 = tls.connect({ port: this.address().port, rejectUnauthorized: false - }, () => { + }, common.mustCall(() => { console.log('connect1'); - assert.ok(!client1.isSessionReused(), 'Session *should not* be reused.'); - session1 = client1.getSession(); - }); + assert.strictEqual(client1.isSessionReused(), false); + sessionx = client1.getSession(); + })); + + client1.once('session', common.mustCall((session) => { + console.log('session1'); + session1 = session; + })); - client1.on('close', () => { - console.log('close1'); + client1.on('close', common.mustCall(() => { + assert(sessionx); + assert(session1); + assert.strictEqual(sessionx.compare(session1), 0); const opts = { port: server.address().port, @@ -64,18 +72,18 @@ server.listen(0, function() { session: session1 }; - const client2 = tls.connect(opts, () => { + const client2 = tls.connect(opts, common.mustCall(() => { console.log('connect2'); - assert.ok(client2.isSessionReused(), 'Session *should* be reused.'); - }); + assert.strictEqual(client2.isSessionReused(), true); + })); - client2.on('close', () => { + client2.on('close', common.mustCall(() => { console.log('close2'); server.close(); - }); + })); client2.resume(); - }); + })); client1.resume(); -}); +})); diff --git a/test/parallel/test-tls-ticket-cluster.js b/test/parallel/test-tls-ticket-cluster.js index 32a5c671d8..98fe533b69 100644 --- a/test/parallel/test-tls-ticket-cluster.js +++ b/test/parallel/test-tls-ticket-cluster.js @@ -45,7 +45,6 @@ if (cluster.isMaster) { session: lastSession, rejectUnauthorized: false }, () => { - lastSession = c.getSession(); c.end(); if (++reqCount === expectedReqCount) { @@ -55,6 +54,8 @@ if (cluster.isMaster) { } else { shoot(); } + }).once('session', (session) => { + lastSession = session; }); } diff --git a/test/parallel/test-tls-ticket.js b/test/parallel/test-tls-ticket.js index 187dd22cee..d11535dd3a 100644 --- a/test/parallel/test-tls-ticket.js +++ b/test/parallel/test-tls-ticket.js @@ -81,6 +81,15 @@ const shared = net.createServer(function(c) { }); }); +// 'session' events only occur for new sessions. The first connection is new. +// After, for each set of 3 connections, the middle connection is made when the +// server has random keys set, so the client's ticket is silently ignored, and a +// new ticket is sent. +const onNewSession = common.mustCall((s, session) => { + assert(session); + assert.strictEqual(session.compare(s.getSession()), 0); +}, 4); + function start(callback) { let sess = null; let left = servers.length; @@ -99,6 +108,7 @@ function start(callback) { else connect(); }); + s.once('session', (session) => onNewSession(s, session)); } connect(); |