Skip to content

Commit 08ac214

Browse files
davidbenevanlucas
davidben
authored and
evanlucas
committed
test: revise test-tls-econnreset for OpenSSL 1.1.0
This test is testing what happens to the server if the client shuts off the connection (so the server sees ECONNRESET), but the way it does it is convoluted. It uses a static RSA key exchange with a tiny (384-bit) RSA key. The server doesn't notice (since it is static RSA, the client acts on the key first), so the client tries to encrypt a premaster and fails: rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size SSL routines:ssl3_send_client_key_exchange:bad rsa encrypt OpenSSL happens not to send an alert in this case, so we get ECONNRESET with no alert. This is quite fragile and, notably, breaks in OpenSSL 1.1.0 now that small RSA keys are rejected by libssl. Instead, test by just connecting a TCP socket and immediately closing it. PR-URL: #16130 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
1 parent d95b608 commit 08ac214

File tree

1 file changed

+10
-54
lines changed

1 file changed

+10
-54
lines changed

test/parallel/test-tls-econnreset.js

+10-54
Original file line numberDiff line numberDiff line change
@@ -25,72 +25,28 @@ if (!common.hasCrypto)
2525
common.skip('missing crypto');
2626

2727
const assert = require('assert');
28+
const fixtures = require('../common/fixtures');
29+
const net = require('net');
2830
const tls = require('tls');
2931

30-
const cacert =
31-
`-----BEGIN CERTIFICATE-----
32-
MIIBxTCCAX8CAnXnMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
33-
VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQU3Ryb25n
34-
TG9vcCwgSW5jLjESMBAGA1UECxMJU3Ryb25nT3BzMRowGAYDVQQDExFjYS5zdHJv
35-
bmdsb29wLmNvbTAeFw0xNDAxMTcyMjE1MDdaFw00MTA2MDMyMjE1MDdaMH0xCzAJ
36-
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZ
37-
MBcGA1UEChMQU3Ryb25nTG9vcCwgSW5jLjESMBAGA1UECxMJU3Ryb25nT3BzMRow
38-
GAYDVQQDExFjYS5zdHJvbmdsb29wLmNvbTBMMA0GCSqGSIb3DQEBAQUAAzsAMDgC
39-
MQDKbQ6rIR5t1q1v4Ha36jrq0IkyUohy9EYNvLnXUly1PGqxby0ILlAVJ8JawpY9
40-
AVkCAwEAATANBgkqhkiG9w0BAQUFAAMxALA1uS4CqQXRSAyYTfio5oyLGz71a+NM
41-
+0AFLBwh5AQjhGd0FcenU4OfHxyDEOJT/Q==
42-
-----END CERTIFICATE-----`;
43-
44-
const cert =
45-
`-----BEGIN CERTIFICATE-----
46-
MIIBfDCCATYCAgQaMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
47-
VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQU3Ryb25n
48-
TG9vcCwgSW5jLjESMBAGA1UECxMJU3Ryb25nT3BzMRowGAYDVQQDExFjYS5zdHJv
49-
bmdsb29wLmNvbTAeFw0xNDAxMTcyMjE1MDdaFw00MTA2MDMyMjE1MDdaMBkxFzAV
50-
BgNVBAMTDnN0cm9uZ2xvb3AuY29tMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMfk
51-
I0LWU15pPUwIQNMnRVhhOibi0TQmAau8FBtgwEfGK01WpfGUaJr1a41K8Uq7xwID
52-
AQABoxkwFzAVBgNVHREEDjAMhwQAAAAAhwR/AAABMA0GCSqGSIb3DQEBBQUAAzEA
53-
cGpYrhkrb7mIh9DNhV0qp7pGjqBzlHqB7KQXw2luLDp//6dyHBMexDCQznkhZKRU
54-
-----END CERTIFICATE-----`;
55-
56-
const key =
57-
`-----BEGIN RSA PRIVATE KEY-----
58-
MIH0AgEAAjEAx+QjQtZTXmk9TAhA0ydFWGE6JuLRNCYBq7wUG2DAR8YrTVal8ZRo
59-
mvVrjUrxSrvHAgMBAAECMBCGccvSwC2r8Z9Zh1JtirQVxaL1WWpAQfmVwLe0bAgg
60-
/JWMU/6hS36TsYyZMxwswQIZAPTAfht/zDLb7Hwgu2twsS1Ra9w/yyvtlwIZANET
61-
26votwJAHK1yUrZGA5nnp5qcmQ/JUQIZAII5YV/UUZvF9D/fUplJ7puENPWNY9bN
62-
pQIZAMMwxuS3XiO7two2sQF6W+JTYyX1DPCwAQIZAOYg1TvEGT38k8e8jygv8E8w
63-
YqrWTeQFNQ==
64-
-----END RSA PRIVATE KEY-----`;
65-
66-
const ca = [ cert, cacert ];
67-
6832
let clientError = null;
69-
let connectError = null;
7033

71-
const server = tls.createServer({ ca: ca, cert: cert, key: key }, () => {
72-
assert.fail('should be unreachable');
73-
}).on('tlsClientError', function(err, conn) {
34+
const server = tls.createServer({
35+
cert: fixtures.readKey('agent1-cert.pem'),
36+
key: fixtures.readKey('agent1-key.pem'),
37+
}, common.mustNotCall()).on('tlsClientError', function(err, conn) {
7438
assert(!clientError && conn);
7539
clientError = err;
40+
server.close();
7641
}).listen(0, function() {
77-
const options = {
78-
ciphers: 'AES128-GCM-SHA256',
79-
port: this.address().port,
80-
ca: ca
81-
};
82-
tls.connect(options).on('error', function(err) {
83-
assert(!connectError);
84-
85-
connectError = err;
42+
net.connect(this.address().port, function() {
43+
// Destroy the socket once it is connected, so the server sees ECONNRESET.
8644
this.destroy();
87-
server.close();
88-
}).write('123');
45+
}).on('error', common.mustNotCall());
8946
});
9047

9148
process.on('exit', function() {
9249
assert(clientError);
93-
assert(connectError);
9450
assert(/socket hang up/.test(clientError.message));
9551
assert(/ECONNRESET/.test(clientError.code));
9652
});

0 commit comments

Comments
 (0)