mirror of https://github.com/lukechilds/node.git
Browse Source
Conflicts: AUTHORS ChangeLog Makefile doc/about/index.html doc/api/tls.markdown doc/community/index.html doc/index.html doc/logos/index.html doc/template.html lib/http.js lib/tls.js src/node_version.h src/platform_win32.cc test/simple/test-tls-connect-given-socket.jsv0.9.1-release
isaacs
13 years ago
28 changed files with 707 additions and 316 deletions
@ -0,0 +1,100 @@ |
|||
// Copyright Joyent, Inc. and other Node contributors.
|
|||
//
|
|||
// Permission is hereby granted, free of charge, to any person obtaining a
|
|||
// copy of this software and associated documentation files (the
|
|||
// "Software"), to deal in the Software without restriction, including
|
|||
// without limitation the rights to use, copy, modify, merge, publish,
|
|||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|||
// persons to whom the Software is furnished to do so, subject to the
|
|||
// following conditions:
|
|||
//
|
|||
// The above copyright notice and this permission notice shall be included
|
|||
// in all copies or substantial portions of the Software.
|
|||
//
|
|||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
var spawn = require('child_process').spawn; |
|||
var tls = require('tls'); |
|||
var fs = require('fs'); |
|||
|
|||
// renegotiation limits to test
|
|||
var LIMITS = [0, 1, 2, 3, 5, 10, 16]; |
|||
|
|||
if (process.platform === 'win32') { |
|||
console.log("Skipping test, you probably don't have openssl installed."); |
|||
process.exit(); |
|||
} |
|||
|
|||
(function() { |
|||
var n = 0; |
|||
function next() { |
|||
if (n >= LIMITS.length) return; |
|||
tls.CLIENT_RENEG_LIMIT = LIMITS[n++]; |
|||
test(next); |
|||
} |
|||
next(); |
|||
})(); |
|||
|
|||
function test(next) { |
|||
var options = { |
|||
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'), |
|||
key: fs.readFileSync(common.fixturesDir + '/test_key.pem') |
|||
}; |
|||
|
|||
var server = tls.createServer(options, function(conn) { |
|||
conn.on('error', function(err) { |
|||
console.error('Caught exception: ' + err); |
|||
assert(/TLS session renegotiation attack/.test(err)); |
|||
conn.destroy(); |
|||
}); |
|||
conn.pipe(conn); |
|||
}); |
|||
|
|||
server.listen(common.PORT, function() { |
|||
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' '); |
|||
var child = spawn('openssl', args); |
|||
|
|||
child.stdout.pipe(process.stdout); |
|||
child.stderr.pipe(process.stderr); |
|||
|
|||
// count handshakes, start the attack after the initial handshake is done
|
|||
var handshakes = 0; |
|||
child.stderr.on('data', function(data) { |
|||
handshakes += (('' + data).match(/verify return:1/g) || []).length; |
|||
if (handshakes === 2) spam(); |
|||
}); |
|||
|
|||
child.on('exit', function() { |
|||
// with a renegotiation limit <= 1, we always see 4 handshake markers:
|
|||
// two for the initial handshake and another two for the attempted
|
|||
// renegotiation
|
|||
assert.equal(handshakes, 2 * Math.max(2, tls.CLIENT_RENEG_LIMIT)); |
|||
server.close(); |
|||
process.nextTick(next); |
|||
}); |
|||
|
|||
var closed = false; |
|||
child.stdin.on('error', function(err) { |
|||
assert.equal(err.code, 'EPIPE'); |
|||
closed = true; |
|||
}); |
|||
child.stdin.on('close', function() { |
|||
closed = true; |
|||
}); |
|||
|
|||
// simulate renegotiation attack
|
|||
function spam() { |
|||
if (closed) return; |
|||
child.stdin.write("R\n"); |
|||
setTimeout(spam, 250); |
|||
} |
|||
}); |
|||
} |
@ -1,77 +0,0 @@ |
|||
// Copyright Joyent, Inc. and other Node contributors.
|
|||
//
|
|||
// Permission is hereby granted, free of charge, to any person obtaining a
|
|||
// copy of this software and associated documentation files (the
|
|||
// "Software"), to deal in the Software without restriction, including
|
|||
// without limitation the rights to use, copy, modify, merge, publish,
|
|||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|||
// persons to whom the Software is furnished to do so, subject to the
|
|||
// following conditions:
|
|||
//
|
|||
// The above copyright notice and this permission notice shall be included
|
|||
// in all copies or substantial portions of the Software.
|
|||
//
|
|||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
|
|||
// This test starts two clustered HTTP servers on the same port. It expects the
|
|||
// first cluster to succeed and the second cluster to fail with EADDRINUSE.
|
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
var cluster = require('cluster'); |
|||
var fork = require('child_process').fork; |
|||
var http = require('http'); |
|||
|
|||
var id = process.argv[2]; |
|||
|
|||
if (!id) { |
|||
var a = fork(__filename, ['one']); |
|||
var b = fork(__filename, ['two']); |
|||
|
|||
a.on('message', function(m) { |
|||
assert.equal(m, 'READY'); |
|||
b.send('START'); |
|||
}); |
|||
|
|||
var ok = false; |
|||
|
|||
b.on('message', function(m) { |
|||
assert.equal(m, 'EADDRINUSE'); |
|||
a.kill(); |
|||
b.kill(); |
|||
ok = true; |
|||
}); |
|||
|
|||
process.on('exit', function() { |
|||
a.kill(); |
|||
b.kill(); |
|||
assert(ok); |
|||
}); |
|||
} |
|||
else if (id === 'one') { |
|||
if (cluster.isMaster) cluster.fork(); |
|||
http.createServer(assert.fail).listen(common.PORT, function() { |
|||
process.send('READY'); |
|||
}); |
|||
} |
|||
else if (id === 'two') { |
|||
if (cluster.isMaster) cluster.fork(); |
|||
process.on('message', function(m) { |
|||
assert.equal(m, 'START'); |
|||
var server = http.createServer(assert.fail); |
|||
server.listen(common.PORT, assert.fail); |
|||
server.on('error', function(e) { |
|||
assert.equal(e.code, 'EADDRINUSE'); |
|||
process.send(e.code); |
|||
}); |
|||
}); |
|||
} |
|||
else { |
|||
assert(0); // bad command line argument
|
|||
} |
@ -0,0 +1,35 @@ |
|||
// Copyright Joyent, Inc. and other Node contributors.
|
|||
//
|
|||
// Permission is hereby granted, free of charge, to any person obtaining a
|
|||
// copy of this software and associated documentation files (the
|
|||
// "Software"), to deal in the Software without restriction, including
|
|||
// without limitation the rights to use, copy, modify, merge, publish,
|
|||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|||
// persons to whom the Software is furnished to do so, subject to the
|
|||
// following conditions:
|
|||
//
|
|||
// The above copyright notice and this permission notice shall be included
|
|||
// in all copies or substantial portions of the Software.
|
|||
//
|
|||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
|
|||
// Ensure that if a dgram socket is closed before the DNS lookup completes, it
|
|||
// won't crash.
|
|||
|
|||
var assert = require('assert'), |
|||
common = require('../common'), |
|||
dgram = require('dgram'); |
|||
|
|||
var buf = new Buffer(1024); |
|||
buf.fill(42); |
|||
|
|||
var socket = dgram.createSocket('udp4'); |
|||
|
|||
socket.send(buf, 0, buf.length, common.port, 'localhost'); |
|||
socket.close(); |
@ -0,0 +1,156 @@ |
|||
// Copyright Joyent, Inc. and other Node contributors.
|
|||
//
|
|||
// Permission is hereby granted, free of charge, to any person obtaining a
|
|||
// copy of this software and associated documentation files (the
|
|||
// "Software"), to deal in the Software without restriction, including
|
|||
// without limitation the rights to use, copy, modify, merge, publish,
|
|||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|||
// persons to whom the Software is furnished to do so, subject to the
|
|||
// following conditions:
|
|||
//
|
|||
// The above copyright notice and this permission notice shall be included
|
|||
// in all copies or substantial portions of the Software.
|
|||
//
|
|||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
|
|||
|
|||
|
|||
|
|||
if (!process.versions.openssl) { |
|||
console.error('Skipping because node compiled without OpenSSL.'); |
|||
process.exit(0); |
|||
} |
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
|
|||
var fs = require('fs'); |
|||
var net = require('net'); |
|||
var http = require('http'); |
|||
var https = require('https'); |
|||
|
|||
var proxyPort = common.PORT + 1; |
|||
var gotRequest = false; |
|||
|
|||
var key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'); |
|||
var cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'); |
|||
|
|||
var options = { |
|||
key: key, |
|||
cert: cert |
|||
}; |
|||
|
|||
var server = https.createServer(options, function(req, res) { |
|||
console.log('SERVER: got request'); |
|||
res.writeHead(200, { |
|||
'content-type': 'text/plain', |
|||
}); |
|||
console.log('SERVER: sending response'); |
|||
res.end('hello world\n'); |
|||
}); |
|||
|
|||
var proxy = net.createServer(function(clientSocket) { |
|||
console.log('PROXY: got a client connection'); |
|||
|
|||
var serverSocket = null; |
|||
|
|||
clientSocket.on('data', function(chunk) { |
|||
if (!serverSocket) { |
|||
// Verify the CONNECT request
|
|||
assert.equal('CONNECT localhost:' + common.PORT + ' HTTP/1.1\r\n' + |
|||
'Proxy-Connections: keep-alive\r\nContent-Length:' + |
|||
' 0\r\nHost: localhost:' + proxyPort + '\r\n\r\n', |
|||
chunk); |
|||
|
|||
console.log('PROXY: got CONNECT request'); |
|||
console.log('PROXY: creating a tunnel'); |
|||
|
|||
// create the tunnel
|
|||
serverSocket = net.connect(common.PORT, function() { |
|||
console.log('PROXY: replying to client CONNECT request'); |
|||
|
|||
// Send the response
|
|||
clientSocket.write('HTTP/1.1 200 OK\r\nProxy-Connections: keep' + |
|||
'-alive\r\nConnections: keep-alive\r\nVia: ' + |
|||
'localhost:' + proxyPort + '\r\n\r\n'); |
|||
}); |
|||
|
|||
serverSocket.on('data', function(chunk) { |
|||
clientSocket.write(chunk); |
|||
}); |
|||
|
|||
serverSocket.on('end', function() { |
|||
clientSocket.destroy(); |
|||
}); |
|||
} else { |
|||
serverSocket.write(chunk); |
|||
} |
|||
}); |
|||
|
|||
clientSocket.on('end', function() { |
|||
serverSocket.destroy(); |
|||
}); |
|||
}); |
|||
|
|||
server.listen(common.PORT); |
|||
|
|||
proxy.listen(proxyPort, function() { |
|||
console.log('CLIENT: Making CONNECT request'); |
|||
|
|||
http.request({ |
|||
port: proxyPort, |
|||
method: 'CONNECT', |
|||
path: 'localhost:' + common.PORT, |
|||
headers: { |
|||
'Proxy-Connections': 'keep-alive', |
|||
'Content-Length': 0 |
|||
} |
|||
}, function(res) { |
|||
assert.equal(200, res.statusCode); |
|||
console.log('CLIENT: got CONNECT response'); |
|||
|
|||
// detach the socket
|
|||
res.socket.emit('agentRemove'); |
|||
res.socket.removeAllListeners('data'); |
|||
res.socket.removeAllListeners('close'); |
|||
res.socket.removeAllListeners('error'); |
|||
res.socket.removeAllListeners('drain'); |
|||
res.socket.removeAllListeners('end'); |
|||
res.socket.ondata = null; |
|||
res.socket.onend = null; |
|||
res.socket.ondrain = null; |
|||
|
|||
console.log('CLIENT: Making HTTPS request'); |
|||
|
|||
https.get({ |
|||
path: '/foo', |
|||
key: key, |
|||
cert: cert, |
|||
socket: res.socket, // reuse the socket
|
|||
agent: false, |
|||
}, function(res) { |
|||
assert.equal(200, res.statusCode); |
|||
|
|||
res.on('data', function(chunk) { |
|||
assert.equal('hello world\n', chunk); |
|||
console.log('CLIENT: got HTTPS response'); |
|||
gotRequest = true; |
|||
}); |
|||
|
|||
res.on('end', function() { |
|||
proxy.close(); |
|||
server.close(); |
|||
}); |
|||
}).end(); |
|||
}).end(); |
|||
}); |
|||
|
|||
process.on('exit', function() { |
|||
assert.ok(gotRequest); |
|||
}); |
Loading…
Reference in new issue