tls: add `getTicketKeys()`/`setTicketKeys()`

Introduce two new APIs for getting/settings the TLS Server Ticket Keys. Fix: #1465 PR-URL: https://github.com/nodejs/io.js/pull/2227 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
author: Fedor Indutny <fedor@indutny.com> 2015-07-22 13:52:23 -0700
committer: Fedor Indutny <fedor@indutny.com> 2015-07-23 11:13:26 -0700
commit: e11fc67225821c76d35a483690b952b01f1f7c67 (patch)
tree: e0125d54f9e0b46ef22f1ff2ab69ef0f23bcebe2 /test/parallel/test-tls-ticket.js
parent: 4ef2b5fbfbdb2bcabd7791c4143f57c2bced5b0d (diff)
download: node-new-e11fc67225821c76d35a483690b952b01f1f7c67.tar.gz
1 files changed, 29 insertions, 5 deletions
diff --git a/test/parallel/test-tls-ticket.js b/test/parallel/test-tls-ticket.js
index 6c3ad01fa1..ed77610002 100644
--- a/test/parallel/test-tls-ticket.js
+++ b/test/parallel/test-tls-ticket.js
@@ -20,6 +20,9 @@ var serverCount = 0;
 function createServer() {
   var id = serverCount++;
 
+  var counter = 0;
+  var previousKey = null;
+
   var server = tls.createServer({
     key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
     cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'),
@@ -27,14 +30,29 @@ function createServer() {
   }, function(c) {
     serverLog.push(id);
     c.end();
+
+    counter++;
+
+    // Rotate ticket keys
+    if (counter === 1) {
+      previousKey = server.getTicketKeys();
+      server.setTicketKeys(crypto.randomBytes(48));
+    } else if (counter === 2) {
+      server.setTicketKeys(previousKey);
+    } else if (counter === 3) {
+      // Use keys from counter=2
+    } else {
+      throw new Error('UNREACHABLE');
+    }
   });
 
   return server;
 }
 
-var servers = [ createServer(), createServer(),
-                createServer(), createServer(),
-                createServer(), createServer() ];
+var naturalServers = [ createServer(), createServer(), createServer() ];
+
+// 3x servers
+var servers = naturalServers.concat(naturalServers).concat(naturalServers);
 
 // Create one TCP server and balance sockets to multiple TLS server instances
 var shared = net.createServer(function(c) {
@@ -54,7 +72,7 @@ function start(callback) {
       session: sess,
       rejectUnauthorized: false
     }, function() {
-      sess = s.getSession() || sess;
+      sess = sess || s.getSession();
       ticketLog.push(s.getTLSTicket().toString('hex'));
     });
     s.on('close', function() {
@@ -70,8 +88,14 @@ function start(callback) {
 
 process.on('exit', function() {
   assert.equal(ticketLog.length, serverLog.length);
-  for (var i = 0; i < serverLog.length - 1; i++) {
+  for (var i = 0; i < naturalServers.length - 1; i++) {
     assert.notEqual(serverLog[i], serverLog[i + 1]);
     assert.equal(ticketLog[i], ticketLog[i + 1]);
+
+    // 2nd connection should have different ticket
+    assert.notEqual(ticketLog[i], ticketLog[i + naturalServers.length]);
+
+    // 3rd connection should have the same ticket
+    assert.equal(ticketLog[i], ticketLog[i + naturalServers.length * 2]);
   }
 });
author	Fedor Indutny <fedor@indutny.com>	2015-07-22 13:52:23 -0700
committer	Fedor Indutny <fedor@indutny.com>	2015-07-23 11:13:26 -0700
commit	e11fc67225821c76d35a483690b952b01f1f7c67 (patch)
tree	e0125d54f9e0b46ef22f1ff2ab69ef0f23bcebe2 /test/parallel/test-tls-ticket.js
parent	4ef2b5fbfbdb2bcabd7791c4143f57c2bced5b0d (diff)
download	node-new-e11fc67225821c76d35a483690b952b01f1f7c67.tar.gz