test/parallel/test-tls-alert-handling.js - external/github.com/v8/node - Git at Google

 'use strict';
 const common = require('../common');

 if (!common.hasCrypto)
   common.skip('missing crypto');

 if (!common.opensslCli)
   common.skip('node compiled without OpenSSL CLI');

 const assert = require('assert');
 const net = require('net');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');

 let clientClosed = false;
 let errorReceived = false;
 function canCloseServer() {
   return clientClosed && errorReceived;
 }

 function loadPEM(n) {
   return fixtures.readKey(`${n}.pem`, 'utf-8');
 }

 const opts = {
   key: loadPEM('agent2-key'),
   cert: loadPEM('agent2-cert')
 };

 const max_iter = 20;
 let iter = 0;

 const errorHandler = common.mustCall((err) => {
   assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
   assert.strictEqual(err.library, 'SSL routines');
   assert.strictEqual(err.function, 'ssl3_get_record');
   assert.strictEqual(err.reason, 'wrong version number');
   errorReceived = true;
   if (canCloseServer())
     server.close();
 });
 const server = tls.createServer(opts, common.mustCall(function(s) {
   s.pipe(s);
   s.on('error', errorHandler);
 }, 2));

 server.listen(0, common.mustCall(function() {
   sendClient();
 }));

 server.on('tlsClientError', common.mustNotCall());

 server.on('error', common.mustNotCall());

 function sendClient() {
   const client = tls.connect(server.address().port, {
     rejectUnauthorized: false
   });
   client.on('data', common.mustCall(function() {
     if (iter++ === 2) sendBADTLSRecord();
     if (iter < max_iter) {
       client.write('a');
       return;
     }
     client.end();
   }, max_iter));
   client.write('a', common.mustCall());
   client.on('error', common.mustNotCall());
   client.on('close', common.mustCall(function() {
     clientClosed = true;
     if (canCloseServer())
       server.close();
   }));
 }


 function sendBADTLSRecord() {
   const BAD_RECORD = Buffer.from([0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
   const socket = net.connect(server.address().port);
   const client = tls.connect({
     socket: socket,
     rejectUnauthorized: false
   }, common.mustCall(function() {
     client.write('x');
     client.on('data', (data) => {
       socket.end(BAD_RECORD);
     });
   }));
   client.on('error', common.mustCall((err) => {
     assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
     assert.strictEqual(err.library, 'SSL routines');
     assert.strictEqual(err.function, 'ssl3_read_bytes');
     assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
   }));
 }
	'use strict';
	const common = require('../common');

	if (!common.hasCrypto)
	common.skip('missing crypto');

	if (!common.opensslCli)
	common.skip('node compiled without OpenSSL CLI');

	const assert = require('assert');
	const net = require('net');
	const tls = require('tls');
	const fixtures = require('../common/fixtures');

	let clientClosed = false;
	let errorReceived = false;
	function canCloseServer() {
	return clientClosed && errorReceived;
	}

	function loadPEM(n) {
	return fixtures.readKey(`${n}.pem`, 'utf-8');
	}

	const opts = {
	key: loadPEM('agent2-key'),
	cert: loadPEM('agent2-cert')
	};

	const max_iter = 20;
	let iter = 0;

	const errorHandler = common.mustCall((err) => {
	assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
	assert.strictEqual(err.library, 'SSL routines');
	assert.strictEqual(err.function, 'ssl3_get_record');
	assert.strictEqual(err.reason, 'wrong version number');
	errorReceived = true;
	if (canCloseServer())
	server.close();
	});
	const server = tls.createServer(opts, common.mustCall(function(s) {
	s.pipe(s);
	s.on('error', errorHandler);
	}, 2));

	server.listen(0, common.mustCall(function() {
	sendClient();
	}));

	server.on('tlsClientError', common.mustNotCall());

	server.on('error', common.mustNotCall());

	function sendClient() {
	const client = tls.connect(server.address().port, {
	rejectUnauthorized: false
	});
	client.on('data', common.mustCall(function() {
	if (iter++ === 2) sendBADTLSRecord();
	if (iter < max_iter) {
	client.write('a');
	return;
	}
	client.end();
	}, max_iter));
	client.write('a', common.mustCall());
	client.on('error', common.mustNotCall());
	client.on('close', common.mustCall(function() {
	clientClosed = true;
	if (canCloseServer())
	server.close();
	}));
	}


	function sendBADTLSRecord() {
	const BAD_RECORD = Buffer.from([0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
	const socket = net.connect(server.address().port);
	const client = tls.connect({
	socket: socket,
	rejectUnauthorized: false
	}, common.mustCall(function() {
	client.write('x');
	client.on('data', (data) => {
	socket.end(BAD_RECORD);
	});
	}));
	client.on('error', common.mustCall((err) => {
	assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
	assert.strictEqual(err.library, 'SSL routines');
	assert.strictEqual(err.function, 'ssl3_read_bytes');
	assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
	}));
	}