errors: migrate tls_wrap to use internal/errors
PR-URL: https://github.com/nodejs/node/pull/13476 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This commit is contained in:
Bidisha Pyne
Refael Ackermann
parent
e36166bd18
commit
f67aa566a6
@ -36,6 +36,7 @@ const Timer = process.binding('timer_wrap').Timer;
|
|||||||
const tls_wrap = process.binding('tls_wrap');
|
const tls_wrap = process.binding('tls_wrap');
|
||||||
const TCP = process.binding('tcp_wrap').TCP;
|
const TCP = process.binding('tcp_wrap').TCP;
|
||||||
const Pipe = process.binding('pipe_wrap').Pipe;
|
const Pipe = process.binding('pipe_wrap').Pipe;
|
||||||
|
const errors = require('internal/errors');
|
||||||
|
|
||||||
function onhandshakestart() {
|
function onhandshakestart() {
|
||||||
debug('onhandshakestart');
|
debug('onhandshakestart');
|
||||||
@ -59,7 +60,7 @@ function onhandshakestart() {
|
|||||||
// state machine and OpenSSL is not re-entrant. We cannot allow the user's
|
// state machine and OpenSSL is not re-entrant. We cannot allow the user's
|
||||||
// callback to destroy the connection right now, it would crash and burn.
|
// callback to destroy the connection right now, it would crash and burn.
|
||||||
setImmediate(function() {
|
setImmediate(function() {
|
||||||
var err = new Error('TLS session renegotiation attack detected');
|
var err = new errors.Error('ERR_TLS_SESSION_ATTACK');
|
||||||
self._emitTLSError(err);
|
self._emitTLSError(err);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -77,14 +78,14 @@ function loadSession(self, hello, cb) {
|
|||||||
var once = false;
|
var once = false;
|
||||||
function onSession(err, session) {
|
function onSession(err, session) {
|
||||||
if (once)
|
if (once)
|
||||||
return cb(new Error('TLS session callback was called 2 times'));
|
return cb(new errors.Error('ERR_MULTIPLE_CALLBACK'));
|
||||||
once = true;
|
once = true;
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
return cb(err);
|
return cb(err);
|
||||||
|
|
||||||
if (!self._handle)
|
if (!self._handle)
|
||||||
return cb(new Error('Socket is closed'));
|
return cb(new errors.Error('ERR_SOCKET_CLOSED'));
|
||||||
|
|
||||||
self._handle.loadSession(session);
|
self._handle.loadSession(session);
|
||||||
cb(null);
|
cb(null);
|
||||||
@ -106,14 +107,14 @@ function loadSNI(self, servername, cb) {
|
|||||||
var once = false;
|
var once = false;
|
||||||
self._SNICallback(servername, function(err, context) {
|
self._SNICallback(servername, function(err, context) {
|
||||||
if (once)
|
if (once)
|
||||||
return cb(new Error('TLS SNI callback was called 2 times'));
|
return cb(new errors.Error('ERR_MULTIPLE_CALLBACK'));
|
||||||
once = true;
|
once = true;
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
return cb(err);
|
return cb(err);
|
||||||
|
|
||||||
if (!self._handle)
|
if (!self._handle)
|
||||||
return cb(new Error('Socket is closed'));
|
return cb(new errors.Error('ERR_SOCKET_CLOSED'));
|
||||||
|
|
||||||
// TODO(indutny): eventually disallow raw `SecureContext`
|
// TODO(indutny): eventually disallow raw `SecureContext`
|
||||||
if (context)
|
if (context)
|
||||||
@ -152,14 +153,14 @@ function requestOCSP(self, hello, ctx, cb) {
|
|||||||
var once = false;
|
var once = false;
|
||||||
function onOCSP(err, response) {
|
function onOCSP(err, response) {
|
||||||
if (once)
|
if (once)
|
||||||
return cb(new Error('TLS OCSP callback was called 2 times'));
|
return cb(new errors.Error('ERR_MULTIPLE_CALLBACK'));
|
||||||
once = true;
|
once = true;
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
return cb(err);
|
return cb(err);
|
||||||
|
|
||||||
if (!self._handle)
|
if (!self._handle)
|
||||||
return cb(new Error('Socket is closed'));
|
return cb(new errors.Error('ERR_SOCKET_CLOSED'));
|
||||||
|
|
||||||
if (response)
|
if (response)
|
||||||
self._handle.setOCSPResponse(response);
|
self._handle.setOCSPResponse(response);
|
||||||
@ -192,7 +193,7 @@ function oncertcb(info) {
|
|||||||
return self.destroy(err);
|
return self.destroy(err);
|
||||||
|
|
||||||
if (!self._handle)
|
if (!self._handle)
|
||||||
return self.destroy(new Error('Socket is closed'));
|
return self.destroy(new errors.Error('ERR_SOCKET_CLOSED'));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
self._handle.certCbDone();
|
self._handle.certCbDone();
|
||||||
@ -221,7 +222,7 @@ function onnewsession(key, session) {
|
|||||||
once = true;
|
once = true;
|
||||||
|
|
||||||
if (!self._handle)
|
if (!self._handle)
|
||||||
return self.destroy(new Error('Socket is closed'));
|
return self.destroy(new errors.Error('ERR_SOCKET_CLOSED'));
|
||||||
|
|
||||||
self._handle.newSessionDone();
|
self._handle.newSessionDone();
|
||||||
|
|
||||||
@ -552,7 +553,7 @@ TLSSocket.prototype.renegotiate = function(options, callback) {
|
|||||||
}
|
}
|
||||||
if (!this._handle.renegotiate()) {
|
if (!this._handle.renegotiate()) {
|
||||||
if (callback) {
|
if (callback) {
|
||||||
process.nextTick(callback, new Error('Failed to renegotiate'));
|
process.nextTick(callback, new errors.Error('ERR_TLS_RENEGOTIATE'));
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -578,7 +579,7 @@ TLSSocket.prototype.getTLSTicket = function getTLSTicket() {
|
|||||||
};
|
};
|
||||||
|
|
||||||
TLSSocket.prototype._handleTimeout = function() {
|
TLSSocket.prototype._handleTimeout = function() {
|
||||||
this._emitTLSError(new Error('TLS handshake timeout'));
|
this._emitTLSError(new errors.Error('ERR_TLS_HANDSHAKE_TIMEOUT'));
|
||||||
};
|
};
|
||||||
|
|
||||||
TLSSocket.prototype._emitTLSError = function(err) {
|
TLSSocket.prototype._emitTLSError = function(err) {
|
||||||
@ -780,7 +781,7 @@ function Server(options, listener) {
|
|||||||
} else if (options == null || typeof options === 'object') {
|
} else if (options == null || typeof options === 'object') {
|
||||||
options = options || {};
|
options = options || {};
|
||||||
} else {
|
} else {
|
||||||
throw new TypeError('options must be an object');
|
throw new errors.TypeError('ERR_INVALID_ARG_TYPE', 'options', 'object');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -811,7 +812,7 @@ function Server(options, listener) {
|
|||||||
var timeout = options.handshakeTimeout || (120 * 1000);
|
var timeout = options.handshakeTimeout || (120 * 1000);
|
||||||
|
|
||||||
if (typeof timeout !== 'number') {
|
if (typeof timeout !== 'number') {
|
||||||
throw new TypeError('handshakeTimeout must be a number');
|
throw new errors.TypeError('ERR_INVALID_ARG_TYPE', 'timeout', 'number');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (self.sessionTimeout) {
|
if (self.sessionTimeout) {
|
||||||
@ -949,7 +950,7 @@ Server.prototype.setOptions = function(options) {
|
|||||||
// SNI Contexts High-Level API
|
// SNI Contexts High-Level API
|
||||||
Server.prototype.addContext = function(servername, context) {
|
Server.prototype.addContext = function(servername, context) {
|
||||||
if (!servername) {
|
if (!servername) {
|
||||||
throw new Error('"servername" is required parameter for Server.addContext');
|
throw new errors.Error('ERR_TLS_REQUIRED_SERVER_NAME');
|
||||||
}
|
}
|
||||||
|
|
||||||
var re = new RegExp('^' +
|
var re = new RegExp('^' +
|
||||||
@ -1088,8 +1089,7 @@ exports.connect = function(...args /* [port,] [host,] [options,] [cb] */) {
|
|||||||
// specified in options.
|
// specified in options.
|
||||||
var ekeyinfo = socket.getEphemeralKeyInfo();
|
var ekeyinfo = socket.getEphemeralKeyInfo();
|
||||||
if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) {
|
if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) {
|
||||||
var err = new Error('DH parameter size ' + ekeyinfo.size +
|
var err = new errors.Error('ERR_TLS_DH_PARAM_SIZE', ekeyinfo.size);
|
||||||
' is less than ' + options.minDHSize);
|
|
||||||
socket.emit('error', err);
|
socket.emit('error', err);
|
||||||
socket.destroy();
|
socket.destroy();
|
||||||
return;
|
return;
|
||||||
|
|||||||
@ -156,16 +156,24 @@ E('ERR_NO_CRYPTO', 'Node.js is not compiled with OpenSSL crypto support');
|
|||||||
E('ERR_NO_LONGER_SUPPORTED', '%s is no longer supported');
|
E('ERR_NO_LONGER_SUPPORTED', '%s is no longer supported');
|
||||||
E('ERR_PARSE_HISTORY_DATA', 'Could not parse history data in %s');
|
E('ERR_PARSE_HISTORY_DATA', 'Could not parse history data in %s');
|
||||||
E('ERR_SOCKET_ALREADY_BOUND', 'Socket is already bound');
|
E('ERR_SOCKET_ALREADY_BOUND', 'Socket is already bound');
|
||||||
|
E('ERR_SOCKET_BAD_PORT', 'Port should be > 0 and < 65536');
|
||||||
E('ERR_SOCKET_BAD_TYPE',
|
E('ERR_SOCKET_BAD_TYPE',
|
||||||
'Bad socket type specified. Valid types are: udp4, udp6');
|
'Bad socket type specified. Valid types are: udp4, udp6');
|
||||||
E('ERR_SOCKET_CANNOT_SEND', 'Unable to send data');
|
E('ERR_SOCKET_CANNOT_SEND', 'Unable to send data');
|
||||||
E('ERR_SOCKET_BAD_PORT', 'Port should be > 0 and < 65536');
|
E('ERR_SOCKET_CLOSED', 'Socket is closed');
|
||||||
E('ERR_SOCKET_DGRAM_NOT_RUNNING', 'Not running');
|
E('ERR_SOCKET_DGRAM_NOT_RUNNING', 'Not running');
|
||||||
E('ERR_STDERR_CLOSE', 'process.stderr cannot be closed');
|
E('ERR_STDERR_CLOSE', 'process.stderr cannot be closed');
|
||||||
E('ERR_STDOUT_CLOSE', 'process.stdout cannot be closed');
|
E('ERR_STDOUT_CLOSE', 'process.stdout cannot be closed');
|
||||||
E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode');
|
E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode');
|
||||||
E('ERR_TLS_CERT_ALTNAME_INVALID',
|
E('ERR_TLS_CERT_ALTNAME_INVALID',
|
||||||
'Hostname/IP does not match certificate\'s altnames: %s');
|
'Hostname/IP does not match certificate\'s altnames: %s');
|
||||||
|
E('ERR_TLS_DH_PARAM_SIZE', (size) =>
|
||||||
|
`DH parameter size ${size} is less than 2048`);
|
||||||
|
E('ERR_TLS_HANDSHAKE_TIMEOUT', 'TLS handshake timeout');
|
||||||
|
E('ERR_TLS_RENEGOTIATION_FAILED', 'Failed to renegotiate');
|
||||||
|
E('ERR_TLS_REQUIRED_SERVER_NAME',
|
||||||
|
'"servername" is required parameter for Server.addContext');
|
||||||
|
E('ERR_TLS_SESSION_ATTACK', 'TSL session renegotiation attack detected');
|
||||||
E('ERR_TRANSFORM_ALREADY_TRANSFORMING',
|
E('ERR_TRANSFORM_ALREADY_TRANSFORMING',
|
||||||
'Calling transform done when still transforming');
|
'Calling transform done when still transforming');
|
||||||
E('ERR_TRANSFORM_WITH_LENGTH_0',
|
E('ERR_TRANSFORM_WITH_LENGTH_0',
|
||||||
|
|||||||
@ -23,7 +23,12 @@ assert.throws(() => tls.createServer({ecdhCurve: 1}),
|
|||||||
/TypeError: ECDH curve name must be a string/);
|
/TypeError: ECDH curve name must be a string/);
|
||||||
|
|
||||||
assert.throws(() => tls.createServer({handshakeTimeout: 'abcd'}),
|
assert.throws(() => tls.createServer({handshakeTimeout: 'abcd'}),
|
||||||
/TypeError: handshakeTimeout must be a number/);
|
common.expectsError({
|
||||||
|
code: 'ERR_INVALID_ARG_TYPE',
|
||||||
|
type: TypeError,
|
||||||
|
message: 'The "timeout" argument must be of type number'
|
||||||
|
})
|
||||||
|
);
|
||||||
|
|
||||||
assert.throws(() => tls.createServer({sessionTimeout: 'abcd'}),
|
assert.throws(() => tls.createServer({sessionTimeout: 'abcd'}),
|
||||||
/TypeError: Session timeout must be a 32-bit integer/);
|
/TypeError: Session timeout must be a 32-bit integer/);
|
||||||
|
|||||||
@ -51,8 +51,7 @@ function test(size, err, next) {
|
|||||||
if (err) {
|
if (err) {
|
||||||
client.on('error', function(e) {
|
client.on('error', function(e) {
|
||||||
nerror++;
|
nerror++;
|
||||||
assert.strictEqual(e.message,
|
assert.strictEqual(e.code, 'ERR_TLS_DH_PARAM_SIZE');
|
||||||
'DH parameter size 1024 is less than 2048');
|
|
||||||
server.close();
|
server.close();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -40,7 +40,12 @@ tls.createServer({})
|
|||||||
.listen(0, common.mustCall(close));
|
.listen(0, common.mustCall(close));
|
||||||
|
|
||||||
assert.throws(() => tls.createServer('this is not valid'),
|
assert.throws(() => tls.createServer('this is not valid'),
|
||||||
/^TypeError: options must be an object$/);
|
common.expectsError({
|
||||||
|
code: 'ERR_INVALID_ARG_TYPE',
|
||||||
|
type: TypeError,
|
||||||
|
message: 'The "options" argument must be of type object'
|
||||||
|
})
|
||||||
|
);
|
||||||
|
|
||||||
tls.createServer()
|
tls.createServer()
|
||||||
.listen(0, common.mustCall(close));
|
.listen(0, common.mustCall(close));
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user