1// Flags: --expose-internals 2'use strict'; 3const common = require('../common'); 4if (!common.hasCrypto) common.skip('missing crypto'); 5const fixtures = require('../common/fixtures'); 6 7// Test --trace-tls CLI flag. 8 9const assert = require('assert'); 10const { fork } = require('child_process'); 11 12if (process.argv[2] === 'test') 13 return test(); 14 15const binding = require('internal/test/binding').internalBinding; 16 17if (!binding('tls_wrap').HAVE_SSL_TRACE) 18 return common.skip('no SSL_trace() compiled into openssl'); 19 20const child = fork(__filename, ['test'], { 21 silent: true, 22 execArgv: ['--trace-tls'] 23}); 24 25let stdout = ''; 26let stderr = ''; 27child.stdout.setEncoding('utf8'); 28child.stderr.setEncoding('utf8'); 29child.stdout.on('data', (data) => stdout += data); 30child.stderr.on('data', (data) => stderr += data); 31child.on('close', common.mustCall((code, signal) => { 32 // For debugging and observation of actual trace output. 33 console.log(stderr); 34 35 assert.strictEqual(code, 0); 36 assert.strictEqual(signal, null); 37 assert.strictEqual(stdout.trim(), ''); 38 assert(/Warning: Enabling --trace-tls can expose sensitive/.test(stderr)); 39 assert(/Sent Record/.test(stderr)); 40})); 41 42function test() { 43 const { 44 connect, keys 45 } = require(fixtures.path('tls-connect')); 46 47 connect({ 48 client: { 49 checkServerIdentity: (servername, cert) => { }, 50 ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, 51 }, 52 server: { 53 cert: keys.agent6.cert, 54 key: keys.agent6.key 55 }, 56 }, common.mustCall((err, pair, cleanup) => { 57 if (pair.server.err) { 58 console.trace('server', pair.server.err); 59 } 60 if (pair.client.err) { 61 console.trace('client', pair.client.err); 62 } 63 assert.ifError(pair.server.err); 64 assert.ifError(pair.client.err); 65 66 return cleanup(); 67 })); 68} 69