2015-05-19 13:00:06 +02:00
|
|
|
'use strict';
|
2016-12-27 22:14:37 -08:00
|
|
|
const common = require('../common');
|
2015-05-08 13:35:47 +09:00
|
|
|
|
2017-07-01 02:29:09 +03:00
|
|
|
if (!common.hasCrypto)
|
2016-05-11 15:34:52 -04:00
|
|
|
common.skip('missing crypto');
|
2017-07-01 02:29:09 +03:00
|
|
|
|
|
|
|
if (!common.opensslCli)
|
2017-08-06 10:48:14 -07:00
|
|
|
common.skip('node compiled without OpenSSL CLI');
|
2015-05-08 13:35:47 +09:00
|
|
|
|
2018-11-21 18:02:53 -08:00
|
|
|
const assert = require('assert');
|
2017-06-30 20:52:53 +03:00
|
|
|
const net = require('net');
|
|
|
|
const tls = require('tls');
|
2017-07-17 15:33:46 -07:00
|
|
|
const fixtures = require('../common/fixtures');
|
2015-05-08 13:35:47 +09:00
|
|
|
|
2017-08-06 10:48:14 -07:00
|
|
|
let clientClosed = false;
|
|
|
|
let errorReceived = false;
|
|
|
|
function canCloseServer() {
|
|
|
|
return clientClosed && errorReceived;
|
|
|
|
}
|
|
|
|
|
2015-05-08 13:35:47 +09:00
|
|
|
function loadPEM(n) {
|
2017-08-06 10:48:14 -07:00
|
|
|
return fixtures.readKey(`${n}.pem`, 'utf-8');
|
2015-05-08 13:35:47 +09:00
|
|
|
}
|
|
|
|
|
2016-12-27 22:14:37 -08:00
|
|
|
const opts = {
|
2015-05-08 13:35:47 +09:00
|
|
|
key: loadPEM('agent2-key'),
|
|
|
|
cert: loadPEM('agent2-cert')
|
|
|
|
};
|
2017-08-06 10:48:14 -07:00
|
|
|
|
2016-12-27 22:14:37 -08:00
|
|
|
const max_iter = 20;
|
|
|
|
let iter = 0;
|
2015-05-08 13:35:47 +09:00
|
|
|
|
2018-11-21 18:02:53 -08:00
|
|
|
const errorHandler = common.mustCall((err) => {
|
|
|
|
assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
|
|
assert.strictEqual(err.function, 'ssl3_get_record');
|
|
|
|
assert.strictEqual(err.reason, 'wrong version number');
|
2017-08-06 10:48:14 -07:00
|
|
|
errorReceived = true;
|
|
|
|
if (canCloseServer())
|
|
|
|
server.close();
|
2015-05-08 13:35:47 +09:00
|
|
|
});
|
2017-08-06 10:48:14 -07:00
|
|
|
const server = tls.createServer(opts, common.mustCall(function(s) {
|
|
|
|
s.pipe(s);
|
|
|
|
s.on('error', errorHandler);
|
|
|
|
}, 2));
|
2015-05-08 13:35:47 +09:00
|
|
|
|
2017-08-06 10:48:14 -07:00
|
|
|
server.listen(0, common.mustCall(function() {
|
2015-05-08 13:35:47 +09:00
|
|
|
sendClient();
|
2017-08-06 10:48:14 -07:00
|
|
|
}));
|
2015-05-08 13:35:47 +09:00
|
|
|
|
2019-02-01 12:02:44 -08:00
|
|
|
server.on('tlsClientError', common.mustNotCall());
|
|
|
|
|
|
|
|
server.on('error', common.mustNotCall());
|
2015-05-08 13:35:47 +09:00
|
|
|
|
|
|
|
function sendClient() {
|
2016-12-27 22:14:37 -08:00
|
|
|
const client = tls.connect(server.address().port, {
|
2015-05-08 13:35:47 +09:00
|
|
|
rejectUnauthorized: false
|
|
|
|
});
|
2016-12-27 22:14:37 -08:00
|
|
|
client.on('data', common.mustCall(function() {
|
2015-05-08 13:35:47 +09:00
|
|
|
if (iter++ === 2) sendBADTLSRecord();
|
|
|
|
if (iter < max_iter) {
|
|
|
|
client.write('a');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
client.end();
|
2016-12-27 22:14:37 -08:00
|
|
|
}, max_iter));
|
2015-05-08 13:35:47 +09:00
|
|
|
client.write('a');
|
2017-08-06 10:48:14 -07:00
|
|
|
client.on('error', common.mustNotCall());
|
|
|
|
client.on('close', common.mustCall(function() {
|
|
|
|
clientClosed = true;
|
|
|
|
if (canCloseServer())
|
|
|
|
server.close();
|
|
|
|
}));
|
2015-05-08 13:35:47 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function sendBADTLSRecord() {
|
2016-12-27 22:14:37 -08:00
|
|
|
const BAD_RECORD = Buffer.from([0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
|
|
|
|
const socket = net.connect(server.address().port);
|
|
|
|
const client = tls.connect({
|
2015-05-08 13:35:47 +09:00
|
|
|
socket: socket,
|
|
|
|
rejectUnauthorized: false
|
2017-08-06 10:48:14 -07:00
|
|
|
}, common.mustCall(function() {
|
2019-02-01 12:02:44 -08:00
|
|
|
client.write('x');
|
|
|
|
client.on('data', (data) => {
|
|
|
|
socket.end(BAD_RECORD);
|
|
|
|
});
|
2017-08-06 10:48:14 -07:00
|
|
|
}));
|
2018-11-21 18:02:53 -08:00
|
|
|
client.on('error', common.mustCall((err) => {
|
|
|
|
assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
|
|
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
|
|
assert.strictEqual(err.function, 'ssl3_read_bytes');
|
|
|
|
assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
|
|
|
|
}));
|
2015-05-08 13:35:47 +09:00
|
|
|
}
|