1// Copyright Joyent, Inc. and other Node contributors. 2// 3// Permission is hereby granted, free of charge, to any person obtaining a 4// copy of this software and associated documentation files (the 5// "Software"), to deal in the Software without restriction, including 6// without limitation the rights to use, copy, modify, merge, publish, 7// distribute, sublicense, and/or sell copies of the Software, and to permit 8// persons to whom the Software is furnished to do so, subject to the 9// following conditions: 10// 11// The above copyright notice and this permission notice shall be included 12// in all copies or substantial portions of the Software. 13// 14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 20// USE OR OTHER DEALINGS IN THE SOFTWARE. 21 22'use strict'; 23const common = require('../common'); 24if (!common.hasCrypto) 25 common.skip('missing crypto'); 26 27const assert = require('assert'); 28const tls = require('tls'); 29const fixtures = require('../common/fixtures'); 30 31const options = { 32 key: fixtures.readKey('rsa_private.pem'), 33 cert: fixtures.readKey('rsa_cert.crt') 34}; 35 36const server = tls.createServer(options, function(socket) { 37 socket.pipe(socket); 38 // Pipe already ends... but leaving this here tests .end() after .end(). 39 socket.on('end', () => socket.end()); 40}).listen(0, common.mustCall(function() { 41 unauthorized(); 42})); 43 44function unauthorized() { 45 console.log('connect unauthorized'); 46 const socket = tls.connect({ 47 port: server.address().port, 48 servername: 'localhost', 49 rejectUnauthorized: false 50 }, common.mustCall(function() { 51 let _data; 52 assert(!socket.authorized); 53 socket.on('data', common.mustCall((data) => { 54 assert.strictEqual(data.toString(), 'ok'); 55 _data = data; 56 })); 57 socket.on('end', common.mustCall(() => { 58 assert(_data, 'data failed to echo!'); 59 })); 60 socket.on('end', () => rejectUnauthorized()); 61 })); 62 socket.once('session', common.mustCall(() => { 63 })); 64 socket.on('error', common.mustNotCall()); 65 socket.end('ok'); 66} 67 68function rejectUnauthorized() { 69 console.log('reject unauthorized'); 70 const socket = tls.connect(server.address().port, { 71 servername: 'localhost' 72 }, common.mustNotCall()); 73 socket.on('data', common.mustNotCall()); 74 socket.on('error', common.mustCall(function(err) { 75 rejectUnauthorizedUndefined(); 76 })); 77 socket.end('ng'); 78} 79 80function rejectUnauthorizedUndefined() { 81 console.log('reject unauthorized undefined'); 82 const socket = tls.connect(server.address().port, { 83 servername: 'localhost', 84 rejectUnauthorized: undefined 85 }, common.mustNotCall()); 86 socket.on('data', common.mustNotCall()); 87 socket.on('error', common.mustCall(function(err) { 88 authorized(); 89 })); 90 socket.end('ng'); 91} 92 93function authorized() { 94 console.log('connect authorized'); 95 const socket = tls.connect(server.address().port, { 96 ca: [fixtures.readKey('rsa_cert.crt')], 97 servername: 'localhost' 98 }, common.mustCall(function() { 99 console.log('... authorized'); 100 assert(socket.authorized); 101 socket.on('data', common.mustCall((data) => { 102 assert.strictEqual(data.toString(), 'ok'); 103 })); 104 socket.on('end', () => server.close()); 105 })); 106 socket.on('error', common.mustNotCall()); 107 socket.end('ok'); 108} 109