• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright Joyent, Inc. and other Node contributors.
2//
3// Permission is hereby granted, free of charge, to any person obtaining a
4// copy of this software and associated documentation files (the
5// "Software"), to deal in the Software without restriction, including
6// without limitation the rights to use, copy, modify, merge, publish,
7// distribute, sublicense, and/or sell copies of the Software, and to permit
8// persons to whom the Software is furnished to do so, subject to the
9// following conditions:
10//
11// The above copyright notice and this permission notice shall be included
12// in all copies or substantial portions of the Software.
13//
14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20// USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22'use strict';
23const common = require('../common');
24if (!common.hasCrypto)
25  common.skip('missing crypto');
26const fixtures = require('../common/fixtures');
27const assert = require('assert');
28const tls = require('tls');
29const { spawn } = require('child_process');
30
31if (!common.opensslCli)
32  common.skip('node compiled without OpenSSL CLI.');
33
34
35doTest({ tickets: false }, function() {
36  doTest({ tickets: true }, function() {
37    doTest({ tickets: false, invalidSession: true }, function() {
38      console.error('all done');
39    });
40  });
41});
42
43function doTest(testOptions, callback) {
44  const key = fixtures.readKey('rsa_private.pem');
45  const cert = fixtures.readKey('rsa_cert.crt');
46  const options = {
47    key,
48    cert,
49    ca: [cert],
50    requestCert: true,
51    rejectUnauthorized: false,
52    secureProtocol: 'TLS_method',
53  };
54  let requestCount = 0;
55  let resumeCount = 0;
56  let newSessionCount = 0;
57  let session;
58
59  const server = tls.createServer(options, function(cleartext) {
60    cleartext.on('error', function(er) {
61      // We're ok with getting ECONNRESET in this test, but it's
62      // timing-dependent, and thus unreliable. Any other errors
63      // are just failures, though.
64      if (er.code !== 'ECONNRESET')
65        throw er;
66    });
67    ++requestCount;
68    cleartext.end('');
69  });
70  server.on('newSession', function(id, data, cb) {
71    ++newSessionCount;
72    // Emulate asynchronous store
73    setImmediate(() => {
74      assert.ok(!session);
75      session = { id, data };
76      cb();
77    });
78  });
79  server.on('resumeSession', function(id, callback) {
80    ++resumeCount;
81    assert.ok(session);
82    assert.strictEqual(session.id.toString('hex'), id.toString('hex'));
83
84    let data = session.data;
85
86    // Return an invalid session to test Node does not crash.
87    if (testOptions.invalidSession) {
88      data = Buffer.from('INVALID SESSION');
89      session = null;
90    }
91
92    // Just to check that async really works there
93    setImmediate(() => {
94      callback(null, data);
95    });
96  });
97
98  server.listen(0, function() {
99    const args = [
100      's_client',
101      '-tls1',
102      '-connect', `localhost:${this.address().port}`,
103      '-servername', 'ohgod',
104      '-key', fixtures.path('keys/rsa_private.pem'),
105      '-cert', fixtures.path('keys/rsa_cert.crt'),
106      '-reconnect',
107    ].concat(testOptions.tickets ? [] : '-no_ticket');
108
109    function spawnClient() {
110      const client = spawn(common.opensslCli, args, {
111        stdio: [ 0, 1, 'pipe' ]
112      });
113      let err = '';
114      client.stderr.setEncoding('utf8');
115      client.stderr.on('data', function(chunk) {
116        err += chunk;
117      });
118
119      client.on('exit', common.mustCall(function(code, signal) {
120        if (code !== 0) {
121          // If SmartOS and connection refused, then retry. See
122          // https://github.com/nodejs/node/issues/2663.
123          if (common.isSunOS && err.includes('Connection refused')) {
124            requestCount = 0;
125            spawnClient();
126            return;
127          }
128          assert.fail(`code: ${code}, signal: ${signal}, output: ${err}`);
129        }
130        assert.strictEqual(code, 0);
131        server.close(common.mustCall(function() {
132          setImmediate(callback);
133        }));
134      }));
135    }
136
137    spawnClient();
138  });
139
140  process.on('exit', function() {
141    // Each test run connects 6 times: an initial request and 5 reconnect
142    // requests.
143    assert.strictEqual(requestCount, 6);
144
145    if (testOptions.tickets) {
146      // No session cache callbacks are called.
147      assert.strictEqual(resumeCount, 0);
148      assert.strictEqual(newSessionCount, 0);
149    } else if (testOptions.invalidSession) {
150      // The resume callback was called, but each connection established a
151      // fresh session.
152      assert.strictEqual(resumeCount, 5);
153      assert.strictEqual(newSessionCount, 6);
154    } else {
155      // The resume callback was called, and only the initial connection
156      // establishes a fresh session.
157      assert.ok(session);
158      assert.strictEqual(resumeCount, 5);
159      assert.strictEqual(newSessionCount, 1);
160    }
161  });
162}
163