lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

tls: migrate tls.js to use internal/errors.js 

Migrate tls.js to use internal/errors.js as per
https://github.com/nodejs/node/issues/11273

PR-URL: https://github.com/nodejs/node/pull/13994
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
v6
Michael Dawson 8 years ago
parent
f406a7ebae
commit
3ccfeb483d
7 changed files with 18 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      lib/internal/errors.js
  2. 4
      lib/tls.js
  3. 17
      test/parallel/test-https-strict.js
  4. 6
      test/parallel/test-internal-errors.js
  5. 3
      test/parallel/test-tls-client-verify.js
  6. 3
      test/parallel/test-tls-sni-option.js
  7. 2
      test/parallel/test-tls-sni-server-client.js

2
lib/internal/errors.js
View File

@ -174,6 +174,8 @@ E('ERR_SOCKET_DGRAM_NOT_RUNNING', 'Not running');
E('ERR_STDERR_CLOSE', 'process.stderr cannot be closed'); E('ERR_STDERR_CLOSE', 'process.stderr cannot be closed');
E('ERR_STDOUT_CLOSE', 'process.stdout cannot be closed'); E('ERR_STDOUT_CLOSE', 'process.stdout cannot be closed');
E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode'); E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode');
E('ERR_TLS_CERT_ALTNAME_INVALID',
'Hostname/IP does not match certificate\'s altnames: %s');
E('ERR_TRANSFORM_ALREADY_TRANSFORMING', E('ERR_TRANSFORM_ALREADY_TRANSFORMING',
'Calling transform done when still transforming'); 'Calling transform done when still transforming');
E('ERR_TRANSFORM_WITH_LENGTH_0', E('ERR_TRANSFORM_WITH_LENGTH_0',

4
lib/tls.js
View File

@ -21,6 +21,7 @@
'use strict'; 'use strict';
const errors = require('internal/errors');
const internalUtil = require('internal/util'); const internalUtil = require('internal/util');
internalUtil.assertCrypto(); internalUtil.assertCrypto();
@ -219,8 +220,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
} }
if (!valid) { if (!valid) {
const err = new Error( const err = new errors.Error('ERR_TLS_CERT_ALTNAME_INVALID', reason);
`Hostname/IP doesn't match certificate's altnames: "${reason}"`);
err.reason = reason; err.reason = reason;
err.host = host; err.host = host;
err.cert = cert; err.cert = cert;

17
test/parallel/test-https-strict.js
View File

@ -170,13 +170,9 @@ function allListening() {
// server1: host 'agent1', signed by ca1 // server1: host 'agent1', signed by ca1
makeReq('/inv1', port1, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'); makeReq('/inv1', port1, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
makeReq('/inv1-ca1', port1, makeReq('/inv1-ca1', port1, 'ERR_TLS_CERT_ALTNAME_INVALID',
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent1"',
null, ca1); null, ca1);
makeReq('/inv1-ca1ca2', port1, makeReq('/inv1-ca1ca2', port1, 'ERR_TLS_CERT_ALTNAME_INVALID',
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent1"',
null, [ca1, ca2]); null, [ca1, ca2]);
makeReq('/val1-ca1', port1, null, 'agent1', ca1); makeReq('/val1-ca1', port1, null, 'agent1', ca1);
makeReq('/val1-ca1ca2', port1, null, 'agent1', [ca1, ca2]); makeReq('/val1-ca1ca2', port1, null, 'agent1', [ca1, ca2]);
@ -193,13 +189,8 @@ function allListening() {
// server3: host 'agent3', signed by ca2 // server3: host 'agent3', signed by ca2
makeReq('/inv3', port3, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'); makeReq('/inv3', port3, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
makeReq('/inv3-ca2', port3, makeReq('/inv3-ca2', port3, 'ERR_TLS_CERT_ALTNAME_INVALID', null, ca2);
'Hostname/IP doesn\'t match certificate\'s altnames: ' + makeReq('/inv3-ca1ca2', port3, 'ERR_TLS_CERT_ALTNAME_INVALID',
'"Host: localhost. is not cert\'s CN: agent3"',
null, ca2);
makeReq('/inv3-ca1ca2', port3,
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent3"',
null, [ca1, ca2]); null, [ca1, ca2]);
makeReq('/val3-ca2', port3, null, 'agent3', ca2); makeReq('/val3-ca2', port3, null, 'agent3', ca2);
makeReq('/val3-ca1ca2', port3, null, 'agent3', [ca1, ca2]); makeReq('/val3-ca1ca2', port3, null, 'agent3', [ca1, ca2]);

6
test/parallel/test-internal-errors.js
View File

@ -229,3 +229,9 @@ assert.throws(
code: 'ERR_ASSERTION', code: 'ERR_ASSERTION',
message: /^At least one arg needs to be specified$/ message: /^At least one arg needs to be specified$/
})); }));
// Test ERR_TLS_CERT_ALTNAME_INVALID
assert.strictEqual(
errors.message('ERR_TLS_CERT_ALTNAME_INVALID', ['altname']),
'Hostname/IP does not match certificate\'s altnames: altname');

3
test/parallel/test-tls-client-verify.js
View File

@ -29,7 +29,6 @@ const fs = require('fs');
const path = require('path'); const path = require('path');
const tls = require('tls'); const tls = require('tls');
const hosterr = /Hostname\/IP doesn't match certificate's altnames/;
const testCases = const testCases =
[{ ca: ['ca1-cert'], [{ ca: ['ca1-cert'],
key: 'agent2-key', key: 'agent2-key',
@ -101,7 +100,7 @@ function testServers(index, servers, clientOptions, cb) {
clientOptions.port = this.address().port; clientOptions.port = this.address().port;
const client = tls.connect(clientOptions, common.mustCall(function() { const client = tls.connect(clientOptions, common.mustCall(function() {
const authorized = client.authorized || const authorized = client.authorized ||
hosterr.test(client.authorizationError); (client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID');
console.error(`expected: ${ok} authed: ${authorized}`); console.error(`expected: ${ok} authed: ${authorized}`);

3
test/parallel/test-tls-sni-option.js
View File

@ -141,7 +141,8 @@ function startTest() {
options.port = server.address().port; options.port = server.address().port;
const client = tls.connect(options, function() { const client = tls.connect(options, function() {
clientResults.push( clientResults.push(
/Hostname\/IP doesn't/.test(client.authorizationError || '')); client.authorizationError &&
(client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID'));
client.destroy(); client.destroy();
next(); next();

2
test/parallel/test-tls-sni-server-client.js
View File

@ -113,7 +113,7 @@ function startTest() {
const client = tls.connect(options, function() { const client = tls.connect(options, function() {
clientResults.push( clientResults.push(
client.authorizationError && client.authorizationError &&
/Hostname\/IP doesn't/.test(client.authorizationError)); (client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID'));
client.destroy(); client.destroy();
// Continue // Continue

Write Preview
Loading…
Cancel
Save