Browse Source

Start a simple TLS client verification test

v0.7.4-release
Ryan Dahl 14 years ago
parent
commit
c444293be9
  1. 19
      lib/tls.js
  2. 124
      test/simple/test-tls-client-verify.js

19
lib/tls.js

@ -373,7 +373,7 @@ SecurePair.prototype._error = function(err) {
// Not really an error.
this._destroy();
} else {
this.emit('error', err);
this.cleartext.emit('error', err);
}
};
@ -470,7 +470,7 @@ function Server(/* [options], listener */) {
net.Server.call(this, function(socket) {
var creds = crypto.createCredentials(
{ key: self.key, cert: self.cert, ca: self.ca });
creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
//creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
var pair = new SecurePair(creds,
true,
@ -500,19 +500,6 @@ function Server(/* [options], listener */) {
}
}
});
pair.on('error', function(e) {
console.error('pair got error: ' + e);
self.emit('error', e);
});
pair.cleartext.on('error', function(err) {
console.error('cleartext got error: ' + err);
});
pair.encrypted.on('error', function(err) {
console.log('encrypted got error: ' + err);
});
});
if (listener) {
@ -593,7 +580,7 @@ exports.connect = function(port /* host, options, cb */) {
var socket = new net.Stream();
var sslcontext = crypto.createCredentials(options);
sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
//sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
var pair = new SecurePair(sslcontext, false);

124
test/simple/test-tls-client-verify.js

@ -0,0 +1,124 @@
var testCases =
[ { ca: ['ca1-cert'],
key: 'agent2-key',
cert: 'agent2-cert',
servers: [
{ ok: true, key: 'agent1-key', cert: 'agent1-cert' },
{ ok: false, key: 'agent2-key', cert: 'agent2-cert' },
{ ok: false, key: 'agent3-key', cert: 'agent3-cert' },
]
},
{ ca: [],
key: 'agent2-key',
cert: 'agent2-cert',
servers: [
{ ok: false, key: 'agent1-key', cert: 'agent1-cert' },
{ ok: false, key: 'agent2-key', cert: 'agent2-cert' },
{ ok: false, key: 'agent3-key', cert: 'agent3-cert' },
]
},
{ ca: ['ca1-cert', 'ca2-cert'],
key: 'agent2-key',
cert: 'agent2-cert',
servers: [
{ ok: true, key: 'agent1-key', cert: 'agent1-cert' },
{ ok: false, key: 'agent2-key', cert: 'agent2-cert' },
{ ok: true, key: 'agent3-key', cert: 'agent3-cert' },
]
},
];
var common = require('../common');
var assert = require('assert');
var fs = require('fs');
var tls = require('tls');
function filenamePEM(n) {
return require('path').join(common.fixturesDir, 'keys', n + ".pem");
}
function loadPEM(n) {
return fs.readFileSync(filenamePEM(n));
}
var successfulTests = 0;
function testServers(index, servers, clientOptions, cb) {
var serverOptions = servers[index];
if (!serverOptions) {
cb();
return;
}
var ok = serverOptions.ok;
if (serverOptions.key) {
serverOptions.key = loadPEM(serverOptions.key);
}
if (serverOptions.cert) {
serverOptions.cert = loadPEM(serverOptions.cert);
}
var server = tls.createServer(serverOptions, function(s) {
s.end("hello world\n");
});
server.listen(common.PORT, function() {
var b = '';
console.error("connecting...");
var client = tls.connect(common.PORT, clientOptions, function () {
console.error("expected: " + ok + " authed: " + client.authorized);
assert.equal(ok, client.authorized);
server.close();
});
client.on('data', function(d) {
b += d.toString();
});
client.on('end', function() {
// TODO:
//assert.equal('hello world\n', b);
});
client.on('close', function() {
testServers(index + 1, servers, clientOptions, cb);
});
});
}
function runTest (testIndex) {
var tcase = testCases[testIndex];
if (!tcase) return;
var clientOptions = {
ca: tcase.ca.map(loadPEM),
key: loadPEM(tcase.key),
cert: loadPEM(tcase.cert)
};
testServers(0, tcase.servers, clientOptions, function () {
successfulTests++;
runTest(testIndex + 1);
});
}
runTest(0);
process.on('exit', function() {
console.log("successful tests: %d", successfulTests);
assert.equal(successfulTests, testCases.length);
});
Loading…
Cancel
Save