1'use strict'; 2const common = require('../common'); 3const assert = require('assert'); 4const fixtures = require('../common/fixtures'); 5 6// Tests that calling disableRenegotiation on a TLSSocket stops renegotiation. 7 8if (!common.hasCrypto) 9 common.skip('missing crypto'); 10 11const tls = require('tls'); 12 13// Renegotiation as a protocol feature was dropped after TLS1.2. 14tls.DEFAULT_MAX_VERSION = 'TLSv1.2'; 15 16const options = { 17 key: fixtures.readKey('agent1-key.pem'), 18 cert: fixtures.readKey('agent1-cert.pem'), 19}; 20 21const server = tls.Server(options, common.mustCall((socket) => { 22 socket.on('error', common.mustCall((err) => { 23 common.expectsError({ 24 name: 'Error', 25 code: 'ERR_TLS_RENEGOTIATION_DISABLED', 26 message: 'TLS session renegotiation disabled for this socket' 27 })(err); 28 socket.destroy(); 29 server.close(); 30 })); 31 // Disable renegotiation after the first chunk of data received. 32 // Demonstrates that renegotiation works successfully up until 33 // disableRenegotiation is called. 34 socket.on('data', common.mustCall((chunk) => { 35 socket.write(chunk); 36 socket.disableRenegotiation(); 37 })); 38 socket.on('secure', common.mustCall(() => { 39 assert(socket._handle.handshakes < 2, 40 `Too many handshakes [${socket._handle.handshakes}]`); 41 })); 42})); 43 44 45server.listen(0, common.mustCall(() => { 46 const port = server.address().port; 47 const options = { 48 rejectUnauthorized: false, 49 port 50 }; 51 const client = tls.connect(options, common.mustCall(() => { 52 53 assert.throws(() => client.renegotiate(), { 54 code: 'ERR_INVALID_ARG_TYPE', 55 name: 'TypeError', 56 }); 57 58 assert.throws(() => client.renegotiate(common.mustNotCall()), { 59 code: 'ERR_INVALID_ARG_TYPE', 60 name: 'TypeError', 61 }); 62 63 assert.throws(() => client.renegotiate({}, false), { 64 code: 'ERR_INVALID_CALLBACK', 65 name: 'TypeError', 66 }); 67 68 assert.throws(() => client.renegotiate({}, null), { 69 code: 'ERR_INVALID_CALLBACK', 70 name: 'TypeError', 71 }); 72 73 74 // Negotiation is still permitted for this first 75 // attempt. This should succeed. 76 let ok = client.renegotiate(options, common.mustSucceed(() => { 77 // Once renegotiation completes, we write some 78 // data to the socket, which triggers the on 79 // data event on the server. After that data 80 // is received, disableRenegotiation is called. 81 client.write('data', common.mustCall(() => { 82 // This second renegotiation attempt should fail 83 // and the callback should never be invoked. The 84 // server will simply drop the connection after 85 // emitting the error. 86 ok = client.renegotiate(options, common.mustNotCall()); 87 assert.strictEqual(ok, true); 88 })); 89 })); 90 assert.strictEqual(ok, true); 91 client.on('secureConnect', common.mustCall(() => { 92 })); 93 client.on('secure', common.mustCall(() => { 94 })); 95 })); 96})); 97