From b956635e41f96218a0a5fac6bc25738735f0e315 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Thu, 19 May 2016 20:25:05 -0400 Subject: [PATCH] tls: catch `certCbDone` exceptions Catch and emit `certCbDone` exceptions instead of throwing them as `uncaughtException` and crashing the whole process. Fix: https://github.com/nodejs/node/issues/6822 PR-URL: https://github.com/nodejs/node/pull/6887 Reviewed-By: Ben Noordhuis --- lib/_tls_wrap.js | 6 ++- test/parallel/test-tls-empty-sni-context.js | 42 +++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-empty-sni-context.js diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 5c5370e09c..6acf5e26a6 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -184,7 +184,11 @@ function oncertcb(info) { if (!self._handle) return self.destroy(new Error('Socket is closed')); - self._handle.certCbDone(); + try { + self._handle.certCbDone(); + } catch (e) { + self.destroy(e); + } }); }); } diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js new file mode 100644 index 0000000000..3a1934ba32 --- /dev/null +++ b/test/parallel/test-tls-empty-sni-context.js @@ -0,0 +1,42 @@ +'use strict'; + +if (!process.features.tls_sni) { + console.log('1..0 # Skipped: node compiled without OpenSSL or ' + + 'with old OpenSSL version.'); + return; +} + +const common = require('../common'); +const assert = require('assert'); + +if (!common.hasCrypto) { + console.log('1..0 # Skipped: missing crypto'); + return; +} + +const tls = require('tls'); + +const options = { + SNICallback: (name, callback) => { + callback(null, tls.createSecureContext()); + } +}; + +const server = tls.createServer(options, (c) => { + common.fail('Should not be called'); +}).on('clientError', common.mustCall((err, c) => { + assert(/SSL_use_certificate:passed a null parameter/i.test(err.message)); + server.close(); +})).listen(common.PORT, common.mustCall(() => { + const c = tls.connect({ + port: common.PORT, + rejectUnauthorized: false, + servername: 'any.name' + }, () => { + common.fail('Should not be called'); + }); + + c.on('error', common.mustCall((err) => { + assert(/socket hang up/.test(err.message)); + })); +}));