diff --git a/lib/tls.js b/lib/tls.js index b0af617ccf..ddda9f727d 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -373,7 +373,7 @@ SecurePair.prototype._error = function(err) { // Not really an error. this._destroy(); } else { - this.emit('error', err); + this.cleartext.emit('error', err); } }; @@ -470,7 +470,7 @@ function Server(/* [options], listener */) { net.Server.call(this, function(socket) { var creds = crypto.createCredentials( { key: self.key, cert: self.cert, ca: self.ca }); - creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); + //creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); var pair = new SecurePair(creds, true, @@ -500,19 +500,6 @@ function Server(/* [options], listener */) { } } }); - - pair.on('error', function(e) { - console.error('pair got error: ' + e); - self.emit('error', e); - }); - - pair.cleartext.on('error', function(err) { - console.error('cleartext got error: ' + err); - }); - - pair.encrypted.on('error', function(err) { - console.log('encrypted got error: ' + err); - }); }); if (listener) { @@ -593,7 +580,7 @@ exports.connect = function(port /* host, options, cb */) { var socket = new net.Stream(); var sslcontext = crypto.createCredentials(options); - sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); + //sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); var pair = new SecurePair(sslcontext, false); diff --git a/test/simple/test-tls-client-verify.js b/test/simple/test-tls-client-verify.js new file mode 100644 index 0000000000..49eece10c5 --- /dev/null +++ b/test/simple/test-tls-client-verify.js @@ -0,0 +1,124 @@ +var testCases = + [ { ca: ['ca1-cert'], + key: 'agent2-key', + cert: 'agent2-cert', + servers: [ + { ok: true, key: 'agent1-key', cert: 'agent1-cert' }, + { ok: false, key: 'agent2-key', cert: 'agent2-cert' }, + { ok: false, key: 'agent3-key', cert: 'agent3-cert' }, + ] + }, + + { ca: [], + key: 'agent2-key', + cert: 'agent2-cert', + servers: [ + { ok: false, key: 'agent1-key', cert: 'agent1-cert' }, + { ok: false, key: 'agent2-key', cert: 'agent2-cert' }, + { ok: false, key: 'agent3-key', cert: 'agent3-cert' }, + ] + }, + + { ca: ['ca1-cert', 'ca2-cert'], + key: 'agent2-key', + cert: 'agent2-cert', + servers: [ + { ok: true, key: 'agent1-key', cert: 'agent1-cert' }, + { ok: false, key: 'agent2-key', cert: 'agent2-cert' }, + { ok: true, key: 'agent3-key', cert: 'agent3-cert' }, + ] + }, + ]; + + +var common = require('../common'); +var assert = require('assert'); +var fs = require('fs'); +var tls = require('tls'); + + +function filenamePEM(n) { + return require('path').join(common.fixturesDir, 'keys', n + ".pem"); +} + + +function loadPEM(n) { + return fs.readFileSync(filenamePEM(n)); +} + +var successfulTests = 0; + +function testServers(index, servers, clientOptions, cb) { + var serverOptions = servers[index]; + if (!serverOptions) { + cb(); + return; + } + + var ok = serverOptions.ok; + + if (serverOptions.key) { + serverOptions.key = loadPEM(serverOptions.key); + } + + if (serverOptions.cert) { + serverOptions.cert = loadPEM(serverOptions.cert); + } + + var server = tls.createServer(serverOptions, function(s) { + s.end("hello world\n"); + }); + + server.listen(common.PORT, function() { + var b = ''; + + console.error("connecting..."); + var client = tls.connect(common.PORT, clientOptions, function () { + + console.error("expected: " + ok + " authed: " + client.authorized); + + assert.equal(ok, client.authorized); + server.close(); + }); + + client.on('data', function(d) { + b += d.toString(); + }); + + client.on('end', function() { + // TODO: + //assert.equal('hello world\n', b); + }); + + client.on('close', function() { + testServers(index + 1, servers, clientOptions, cb); + }); + }); +} + + +function runTest (testIndex) { + var tcase = testCases[testIndex]; + if (!tcase) return; + + var clientOptions = { + ca: tcase.ca.map(loadPEM), + key: loadPEM(tcase.key), + cert: loadPEM(tcase.cert) + }; + + + testServers(0, tcase.servers, clientOptions, function () { + successfulTests++; + runTest(testIndex + 1); + }); +} + + +runTest(0); + + +process.on('exit', function() { + console.log("successful tests: %d", successfulTests); + assert.equal(successfulTests, testCases.length); +});