Skip to content

Commit

Permalink
test: do not assume server gets secure connection
Browse files Browse the repository at this point in the history
Test assumed that server got the the connection before the client
destroys it, but that is not guaranteed. Also, the test was closing the
TCP connection 3 times, effectively:

1. on the server side, right after TLS connection occurs (if it does)
2. on the client side, internal to tls, when the cert is rejected
3. again on the client side, in the error event which is emitted by
   the internal tls destroy from 2

This is too often, and the dependency on 1 occurring is fragile.

PR-URL: #25508
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
sam-github authored and addaleax committed Feb 7, 2019
1 parent c17a37d commit cc6b30f
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions test/parallel/test-tls-friendly-error-message.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,15 @@ const tls = require('tls');
const key = fixtures.readKey('agent1-key.pem');
const cert = fixtures.readKey('agent1-cert.pem');

tls.createServer({ key, cert }, common.mustCall(function(conn) {
conn.end();
tls.createServer({ key, cert }).on('connection', common.mustCall(function() {
// Server only receives one TCP connection, stop listening when that
// connection is destroyed by the client, which it should do after the cert is
// rejected as unauthorized.
this.close();
})).listen(0, common.mustCall(function() {
const options = { port: this.address().port, rejectUnauthorized: true };
tls.connect(options).on('error', common.mustCall(function(err) {
assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
assert.strictEqual(err.message, 'unable to verify the first certificate');
this.destroy();
}));
}));

0 comments on commit cc6b30f

Please sign in to comment.