lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16397 Commits
131 Branches
446 Tags
325 MiB
Tree: 9dac165160
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9dac165160'
${ noResults }
node/test/parallel/test-tls-passphrase.js

275 lines
6.3 KiB
Raw Normal View History

test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
10 years ago
'use strict';
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const common = require('../common');
const assert = require('assert');
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
10 years ago
if (!common.hasCrypto) {
test: abstract skip functionality to common The tap skipping output is so prevalent yet obscure in nature that we ought to move it into it's own function in test/common.js PR-URL: https://github.com/nodejs/node/pull/6697 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
9 years ago
common.skip('missing crypto');
test: changing process.exit to return while skipping tests This patch uses `return` statement to skip the test instead of using `process.exit` call. PR-URL: https://github.com/nodejs/io.js/pull/2109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
9 years ago
return;
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
10 years ago
}
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const tls = require('tls');
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
10 years ago
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const fs = require('fs');
const path = require('path');
tls, https: add passphrase option Fixes #1925.
13 years ago
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const passKey = fs.readFileSync(path.join(common.fixturesDir, 'pass-key.pem'));
const rawKey = fs.readFileSync(path.join(common.fixturesDir, 'raw-key.pem'));
const cert = fs.readFileSync(path.join(common.fixturesDir, 'pass-cert.pem'));
tls, https: add passphrase option Fixes #1925.
13 years ago
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
assert(Buffer.isBuffer(passKey));
assert(Buffer.isBuffer(cert));
assert.strictEqual(typeof passKey.toString(), 'string');
assert.strictEqual(typeof cert.toString(), 'string');
const server = tls.Server({
key: passKey,
tls, https: add passphrase option Fixes #1925.
13 years ago
passphrase: 'passphrase',
cert: cert,
Tests: fix jslint issues
13 years ago
ca: [cert],
tls, https: add passphrase option Fixes #1925.
13 years ago
requestCert: true,
rejectUnauthorized: true
}, function(s) {
s.end();
});
test: use mustCall() for simple flow tracking Many of the tests use variables to track when callback functions are invoked or events are emitted. These variables are then asserted on process exit. This commit replaces this pattern in straightforward cases with common.mustCall(). This makes the tests easier to reason about, leads to a net reduction in lines of code, and uncovered a few bugs in tests. This commit also replaces some callbacks that should never be called with common.fail(). PR-URL: https://github.com/nodejs/node/pull/7753 Reviewed-By: Wyatt Preul <wpreul@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
server.listen(0, common.mustCall(function() {
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
// Buffer
tls.connect({
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
9 years ago
port: this.address().port,
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
key: passKey,
tls, https: add passphrase option Fixes #1925.
13 years ago
passphrase: 'passphrase',
test: set rejectUnauthorized in tls/https tests Update the tls and https tests to explicitly set rejectUnauthorized instead of relying on the NODE_TLS_REJECT_UNAUTHORIZED environment variable getting set.
12 years ago
cert: cert,
rejectUnauthorized: false
test: use mustCall() for simple flow tracking Many of the tests use variables to track when callback functions are invoked or events are emitted. These variables are then asserted on process exit. This commit replaces this pattern in straightforward cases with common.mustCall(). This makes the tests easier to reason about, leads to a net reduction in lines of code, and uncovered a few bugs in tests. This commit also replaces some callbacks that should never be called with common.fail(). PR-URL: https://github.com/nodejs/node/pull/7753 Reviewed-By: Wyatt Preul <wpreul@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
}, common.mustCall(function() {}));
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
tls.connect({
port: this.address().port,
key: rawKey,
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: rawKey,
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
passphrase: 'ignored',
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
// Buffer[]
tls.connect({
port: this.address().port,
key: [passKey],
passphrase: 'passphrase',
cert: [cert],
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [rawKey],
cert: [cert],
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [rawKey],
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
passphrase: 'ignored',
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: [cert],
rejectUnauthorized: false
}, common.mustCall(function() {}));
// string
tls.connect({
port: this.address().port,
key: passKey.toString(),
passphrase: 'passphrase',
cert: cert.toString(),
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: rawKey.toString(),
cert: cert.toString(),
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: rawKey.toString(),
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
passphrase: 'ignored',
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: cert.toString(),
rejectUnauthorized: false
}, common.mustCall(function() {}));
// String[]
tls.connect({
port: this.address().port,
key: [passKey.toString()],
passphrase: 'passphrase',
cert: [cert.toString()],
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [rawKey.toString()],
cert: [cert.toString()],
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [rawKey.toString()],
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
passphrase: 'ignored',
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: [cert.toString()],
rejectUnauthorized: false
}, common.mustCall(function() {}));
// Object[]
tls.connect({
port: this.address().port,
key: [{pem: passKey, passphrase: 'passphrase'}],
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
tls.connect({
port: this.address().port,
key: [{pem: passKey, passphrase: 'passphrase'}],
passphrase: 'ignored',
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [{pem: passKey}],
passphrase: 'passphrase',
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
tls.connect({
port: this.address().port,
key: [{pem: passKey.toString(), passphrase: 'passphrase'}],
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
key: [{pem: rawKey, passphrase: 'ignored'}],
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
key: [{pem: rawKey.toString(), passphrase: 'ignored'}],
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [{pem: rawKey}],
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
passphrase: 'ignored',
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [{pem: rawKey.toString()}],
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
passphrase: 'ignored',
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [{pem: rawKey}],
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
tls.connect({
port: this.address().port,
key: [{pem: rawKey.toString()}],
cert: cert,
rejectUnauthorized: false
}, common.mustCall(function() {}));
})).unref();
tls, https: add passphrase option Fixes #1925.
13 years ago
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
// Missing passphrase
assert.throws(function() {
tls.connect({
port: server.address().port,
key: passKey,
cert: cert,
rejectUnauthorized: false
});
}, /bad password read/);
assert.throws(function() {
tls.connect({
port: server.address().port,
key: [passKey],
cert: cert,
rejectUnauthorized: false
});
}, /bad password read/);
assert.throws(function() {
tls.connect({
port: server.address().port,
key: [{pem: passKey}],
cert: cert,
rejectUnauthorized: false
});
}, /bad password read/);
// Invalid passphrase
tls, https: add passphrase option Fixes #1925.
13 years ago
assert.throws(function() {
test tls: make tests use new `tls.connect` API Refs #1983.
13 years ago
tls.connect({
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
9 years ago
port: server.address().port,
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
key: passKey,
tls, https: add passphrase option Fixes #1925.
13 years ago
passphrase: 'invalid',
test: set rejectUnauthorized in tls/https tests Update the tls and https tests to explicitly set rejectUnauthorized instead of relying on the NODE_TLS_REJECT_UNAUTHORIZED environment variable getting set.
12 years ago
cert: cert,
rejectUnauthorized: false
tls, https: add passphrase option Fixes #1925.
13 years ago
});
doc: rework tls for accuracy and clarity Document all TLSSocket options: - All the secure context options are valid options to a secureContext - isServer modifies the default value of requestCert Describe all tls.connect() variants: - tls.connect(path) was undocumented - tls.connect(port) was underdocumented, and its relationship to tls.connect(options) was obscure Socket passed to tls.connect is user managed: - Replace https://github.com/nodejs/node/pull/8996 Add documentation to: - describe and add tests for the pfx and key variants, and describe how and when passphrase is used. - describe tls cert and ca options - describe buffer forms of tls crl option - describe tls cipher option and defaults - fix link to Crypto Constants - describe that honorCipherOrder sets SSL_OP_CIPHER_SERVER_PREFERENCE. - describe tls ecdhCurve/dhparam options - describe tls secureProtocol option - describe tls secureOptions - describe tls sessionIdContext De-deduplicate secure context docs: The secure context options were documented 4 times, making it difficult to understand where the options come from, where they are supported, and under what conditions they are used. The multiple copies were inconsistent and contradictory in their descriptions of the options, and also inconsistent in whether the options would be documented at all. Cut through this gordian knot by linking all APIs that use the secureContext options to the single source of truth about the options. PR-URL: https://github.com/nodejs/node/pull/9800 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /bad decrypt/);
tls: allow obvious key/passphrase combinations Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
8 years ago
assert.throws(function() {
tls.connect({
port: server.address().port,
key: [passKey],
passphrase: 'invalid',
cert: cert,
rejectUnauthorized: false
});
}, /bad decrypt/);
assert.throws(function() {
tls.connect({
port: server.address().port,
key: [{pem: passKey}],
passphrase: 'invalid',
cert: cert,
rejectUnauthorized: false
});
}, /bad decrypt/);
assert.throws(function() {
tls.connect({
port: server.address().port,
key: [{pem: passKey, passphrase: 'invalid'}],
passphrase: 'passphrase', // Valid but unused
cert: cert,
rejectUnauthorized: false
});
}, /bad decrypt/);