summaryrefslogtreecommitdiff
path: root/test/parallel/test-tls-disable-renegotiation.js
blob: 9e9a672768649c8fa03d84d916e18afe503754a7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

'use strict';
const common = require('../common');
const assert = require('assert');
const fs = require('fs');

// Tests that calling disableRenegotiation on a TLSSocket stops renegotiation.

if (!common.hasCrypto) {
  common.skip('missing crypto');
  return;
}
const tls = require('tls');

const options = {
  key: fs.readFileSync(`${common.fixturesDir}/keys/agent1-key.pem`),
  cert: fs.readFileSync(`${common.fixturesDir}/keys/agent1-cert.pem`)
};

const server = tls.Server(options, common.mustCall((socket) => {
  socket.on('error', common.mustCall((err) => {
    assert.strictEqual(
      err.message,
      'TLS session renegotiation disabled for this socket');
    socket.destroy();
    server.close();
  }));
  // Disable renegotiation after the first chunk of data received.
  // Demonstrates that renegotiation works successfully up until
  // disableRenegotiation is called.
  socket.on('data', common.mustCall((chunk) => {
    socket.write(chunk);
    socket.disableRenegotiation();
  }));
  socket.on('secure', common.mustCall(() => {
    assert(socket._handle.handshakes < 2,
           `Too many handshakes [${socket._handle.handshakes}]`);
  }));
}));


server.listen(0, common.mustCall(() => {
  const port = server.address().port;
  const client =
    tls.connect({rejectUnauthorized: false, port: port}, common.mustCall(() => {
      client.write('');
      // Negotiation is still permitted for this first
      // attempt. This should succeed.
      client.renegotiate(
        {rejectUnauthorized: false},
        common.mustCall(() => {
          // Once renegotiation completes, we write some
          // data to the socket, which triggers the on
          // data event on the server. After that data
          // is received, disableRenegotiation is called.
          client.write('data', common.mustCall(() => {
            client.write('');
            // This second renegotiation attempt should fail
            // and the callback should never be invoked. The
            // server will simply drop the connection after
            // emitting the error.
            client.renegotiate(
              {rejectUnauthorized: false},
              common.mustNotCall());
          }));
        }));
    }));
}));
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 22:30:12 +0000