summaryrefslogtreecommitdiff
path: root/test/parallel/test-tls-disable-renegotiation.js
Commit message (Collapse)AuthorAgeFilesLines
* test: remove unnecessary noop function args to `mustCall()`Antoine du Hamel2022-10-201-4/+2
| | | | | | | | | | RefsL https://github.com/nodejs/node/pull/45027 PR-URL: https://github.com/nodejs/node/pull/45047 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
* lib: replace validator and errorMohammed Keyvanzadeh2022-02-051-2/+2
| | | | | | | | | | Refs: https://github.com/nodejs/node/pull/41660 PR-URL: https://github.com/nodejs/node/pull/41678 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
* test: add common.mustSucceedTobias Nießen2020-10-171-2/+1
| | | | | | PR-URL: https://github.com/nodejs/node/pull/35086 Reviewed-By: Ruy Adorno <ruyadorno@github.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
* test: refactor common.expectsErrorRuben Bridgewater2019-12-311-9/+9
| | | | | | | | | | | | | | | | | | | | | | | This completely refactors the `expectsError` behavior: so far it's almost identical to `assert.throws(fn, object)` in case it was used with a function as first argument. It had a magical property check that allowed to verify a functions `type` in case `type` was passed used in the validation object. This pattern is now completely removed and `assert.throws()` should be used instead. The main intent for `common.expectsError()` is to verify error cases for callback based APIs. This is now more flexible by accepting all validation possibilites that `assert.throws()` accepts as well. No magical properties exist anymore. This reduces surprising behavior for developers who are not used to the Node.js core code base. This has the side effect that `common` is used significantly less frequent. PR-URL: https://github.com/nodejs/node/pull/31092 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
* tls: support TLSv1.3Sam Roberts2019-03-201-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces TLS1.3 support and makes it the default max protocol, but also supports CLI/NODE_OPTIONS switches to disable it if necessary. TLS1.3 is a major update to the TLS protocol, with many security enhancements. It should be preferred over TLS1.2 whenever possible. TLS1.3 is different enough that even though the OpenSSL APIs are technically API/ABI compatible, that when TLS1.3 is negotiated, the timing of protocol records and of callbacks broke assumptions hard-coded into the 'tls' module. This change introduces no API incompatibilities when TLS1.2 is negotiated. It is the intention that it be backported to current and LTS release lines with the default maximum TLS protocol reset to 'TLSv1.2'. This will allow users of those lines to explicitly enable TLS1.3 if they want. API incompatibilities between TLS1.2 and TLS1.3 are: - Renegotiation is not supported by TLS1.3 protocol, attempts to call `.renegotiate()` will always fail. - Compiling against a system OpenSSL lower than 1.1.1 is no longer supported (OpenSSL-1.1.0 used to be supported with configure flags). - Variations of `conn.write('data'); conn.destroy()` have undefined behaviour according to the streams API. They may or may not send the 'data', and may or may not cause a ERR_STREAM_DESTROYED error to be emitted. This has always been true, but conditions under which the write suceeds is slightly but observably different when TLS1.3 is negotiated vs when TLS1.2 or below is negotiated. - If TLS1.3 is negotiated, and a server calls `conn.end()` in its 'secureConnection' listener without any data being written, the client will not receive session tickets (no 'session' events will be emitted, and `conn.getSession()` will never return a resumable session). - The return value of `conn.getSession()` API may not return a resumable session if called right after the handshake. The effect will be that clients using the legacy `getSession()` API will resume sessions if TLS1.2 is negotiated, but will do full handshakes if TLS1.3 is negotiated. See https://github.com/nodejs/node/pull/25831 for more information. PR-URL: https://github.com/nodejs/node/pull/26209 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
* tls: renegotiate should take care of its own stateSam Roberts2019-02-131-2/+0
| | | | | | | | | | | | | | | | In the initial version of this test there were two zero-length writes to force tls state to cycle. The second is not necessary, at least not now, but the first was. The renegotiate() API should ensure that packet exchange takes place, not its users, so move the zero-length write into tls. See: https://github.com/nodejs/node/pull/14239 See: https://github.com/nodejs/node/commit/b1909d3a70f9 PR-URL: https://github.com/nodejs/node/pull/25997 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
* tls: null not valid as a renegotiate callbackSam Roberts2019-02-061-0/+6
| | | | | | | | | | | | Allow undefined as a callback, but do not allow null. PR-URL: https://github.com/nodejs/node/pull/25929 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <minwoo@nodesource.com> Reviewed-By: James M Snell <jasnell@gmail.com>
* tls: check arg types of renegotiate()Sam Roberts2019-02-041-0/+16
| | | | | | | | | | | Don't throw on invalid property access if options is not provided, and ensure callback is a function. PR-URL: https://github.com/nodejs/node/pull/25876 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
* test: check for tls renegotiation errorsSam Roberts2019-01-141-24/+22
| | | | | | | | | | | Check that the return value and callback error for tls.renegotiate() does not indicate a failure. Also, remove unnecessary line wrapping and indentation. PR-URL: https://github.com/nodejs/node/pull/25437 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
* tls: migrate errors in _tls_wrap.jsMir Mufaqam Ali2017-12-241-3/+5
| | | | | | | | | | | | This migrates the old style error in _tls_wrap.js to the new style error ERR_TLS_RENEGOTIATION_DISABLED. Refs: https://github.com/nodejs/node/issues/17709 PR-URL: https://github.com/nodejs/node/pull/17792 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
* test: replace fixturesDir with fixtures moduleJoel Dart2017-10-111-3/+3
| | | | | | | | | | | | PR-URL: https://github.com/nodejs/node/pull/15848 Reviewed-By: Ryan Graham <r.m.graham@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
* http2: add range support for respondWith{File|FD}James M Snell2017-08-041-3/+7
| | | | | | | | | | | | * respondWithFD now supports optional statCheck * respondWithFD and respondWithFile both support offset/length for range requests * Fix linting nits following most recent update PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
* http2: remove redundant return in testJames M Snell2017-08-041-3/+2
| | | | | | | PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
* http2: add tests and benchmarksJames M Snell2017-08-041-0/+0
| | | | | | | PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
* tls: add tlsSocket.disableRenegotiation()James M Snell2017-08-041-0/+67
Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
View Lorry Controller Status