diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-01-09 14:03:31 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2019-02-06 15:18:05 -0800 |
commit | 1316b7652a50da7e996897edfab9a1d3c365d3b5 (patch) | |
tree | 14bc9e9732221f5a4b6a48e60b027eb09ec69dfe /test | |
parent | 426a87025ba093c292026760ec548e9a68c0fb1c (diff) | |
download | android-node-v8-1316b7652a50da7e996897edfab9a1d3c365d3b5.tar.gz android-node-v8-1316b7652a50da7e996897edfab9a1d3c365d3b5.tar.bz2 android-node-v8-1316b7652a50da7e996897edfab9a1d3c365d3b5.zip |
test: do not race connection and rejection
Existing code assumed that the server completed the handshake before the
client rejected the certificate, and destroyed the socket. This
assumption is fragile, remove it, and instead check explicitly that data
can or cannot be exchanged via TLS, whichever is expected.
PR-URL: https://github.com/nodejs/node/pull/25508
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/parallel/test-tls-client-reject.js | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/test/parallel/test-tls-client-reject.js b/test/parallel/test-tls-client-reject.js index 955d97da6f..9eff6cb9ce 100644 --- a/test/parallel/test-tls-client-reject.js +++ b/test/parallel/test-tls-client-reject.js @@ -33,49 +33,57 @@ const options = { cert: fixtures.readSync('test_cert.pem') }; -const server = tls.createServer(options, common.mustCall(function(socket) { - socket.on('data', function(data) { - console.error(data.toString()); - assert.strictEqual(data.toString(), 'ok'); - }); -}, 3)).listen(0, function() { +const server = tls.createServer(options, function(socket) { + socket.pipe(socket); + socket.on('end', () => socket.end()); +}).listen(0, common.mustCall(function() { unauthorized(); -}); +})); function unauthorized() { + console.log('connect unauthorized'); const socket = tls.connect({ port: server.address().port, servername: 'localhost', rejectUnauthorized: false }, common.mustCall(function() { + console.log('... unauthorized'); assert(!socket.authorized); - socket.end(); - rejectUnauthorized(); + socket.on('data', common.mustCall((data) => { + assert.strictEqual(data.toString(), 'ok'); + })); + socket.on('end', () => rejectUnauthorized()); })); socket.on('error', common.mustNotCall()); - socket.write('ok'); + socket.end('ok'); } function rejectUnauthorized() { + console.log('reject unauthorized'); const socket = tls.connect(server.address().port, { servername: 'localhost' }, common.mustNotCall()); + socket.on('data', common.mustNotCall()); socket.on('error', common.mustCall(function(err) { - console.error(err); + console.log('... rejected:', err); authorized(); })); - socket.write('ng'); + socket.end('ng'); } function authorized() { + console.log('connect authorized'); const socket = tls.connect(server.address().port, { ca: [fixtures.readSync('test_cert.pem')], servername: 'localhost' }, common.mustCall(function() { + console.log('... authorized'); assert(socket.authorized); - socket.end(); - server.close(); + socket.on('data', common.mustCall((data) => { + assert.strictEqual(data.toString(), 'ok'); + })); + socket.on('end', () => server.close()); })); socket.on('error', common.mustNotCall()); - socket.write('ok'); + socket.end('ok'); } |