function runTest (testIndex) { var tcase = testCases[testIndex]; if (!tcase) return; console.error("Running '%s'", tcase.title); var cas = tcase.CAs.map(loadPEM); var crl = tcase.crl ? loadPEM(tcase.crl) : null; var serverOptions = { key: serverKey, cert: serverCert, ca: cas, crl: crl, requestCert: tcase.requestCert, rejectUnauthorized: tcase.rejectUnauthorized }; var connections = 0; var server = tls.Server(serverOptions, function (c) { connections++; if (c.authorized) { console.error('- authed connection: ' + c.getPeerCertificate().subject.CN); c.write('\n_authed\n'); } else { console.error('- unauthed connection: %s', c.authorizationError); c.write('\n_unauthed\n'); } }); function runNextClient(clientIndex) { var options = tcase.clients[clientIndex]; if (options) { runClient(options, function () { runNextClient(clientIndex + 1); }); } else { server.close(); successfulTests++; runTest(testIndex + 1); } } server.listen(common.PORT, function() { if (tcase.debug) { console.error("TLS server running on port " + common.PORT); } else { runNextClient(0); } }); }
var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var path = require('path'); var options = { key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')), cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem')) }; var bufSize = 1024 * 1024; var sent = 0; var received = 0; var server = tls.Server(options, function(socket) { socket.pipe(socket); }); server.listen(common.PORT, function() { var resumed = false; var client = tls.connect({port: common.PORT}, function() { client.pause(); common.debug('paused'); send(); function send() { if (client.write(new Buffer(bufSize))) { sent += bufSize; assert.ok(sent < 100 * 1024 * 1024); // max 100MB return process.nextTick(send); } sent += bufSize;
for (var i = 0; i < 1024 * 1024; i++) { body += 'hello world\n'; } process.stdout.write('done\n'); var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem') }; var connections = 0; var server = tls.Server(options, function(socket) { socket.end(body); connections++; }); var recvCount = 0; server.listen(common.PORT, function() { var client = tls.connect({ port: common.PORT, rejectUnauthorized: false }); client.on('data', function(d) { process.stdout.write('.'); recvCount += d.length; client.pause();
function runTest(port, testIndex) { const prefix = `${testIndex} `; const tcase = testCases[testIndex]; if (!tcase) return; console.error(`${prefix}Running '${tcase.title}'`); const cas = tcase.CAs.map(loadPEM); const crl = tcase.crl ? loadPEM(tcase.crl) : null; const serverOptions = { key: serverKey, cert: serverCert, ca: cas, crl: crl, requestCert: tcase.requestCert, rejectUnauthorized: tcase.rejectUnauthorized }; /* * If renegotiating - session might be resumed and openssl won't request * client's certificate (probably because of bug in the openssl) */ if (tcase.renegotiate) { serverOptions.secureOptions = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION; // Renegotiation as a protocol feature was dropped after TLS1.2. serverOptions.maxVersion = 'TLSv1.2'; } let renegotiated = false; const server = tls.Server(serverOptions, function handleConnection(c) { c.on('error', function(e) { // child.kill() leads ECONNRESET error in the TLS connection of // openssl s_client via spawn(). A test result is already // checked by the data of client.stdout before child.kill() so // these tls errors can be ignored. }); if (tcase.renegotiate && !renegotiated) { renegotiated = true; setTimeout(function() { console.error(`${prefix}- connected, renegotiating`); c.write('\n_renegotiating\n'); return c.renegotiate({ requestCert: true, rejectUnauthorized: false }, function(err) { assert.ifError(err); c.write('\n_renegotiated\n'); handleConnection(c); }); }, 200); return; } if (c.authorized) { console.error(`${prefix}- authed connection: ${ c.getPeerCertificate().subject.CN}`); c.write('\n_authed\n'); } else { console.error(`${prefix}- unauthed connection: %s`, c.authorizationError); c.write('\n_unauthed\n'); } }); function runNextClient(clientIndex) { const options = tcase.clients[clientIndex]; if (options) { runClient(`${prefix}${clientIndex} `, port, options, function() { runNextClient(clientIndex + 1); }); } else { server.close(); successfulTests++; runTest(0, nextTest++); } } server.listen(port, function() { port = server.address().port; if (tcase.debug) { console.error(`${prefix}TLS server running on port ${port}`); } else if (tcase.renegotiate) { runNextClient(0); } else { let clientsCompleted = 0; for (let i = 0; i < tcase.clients.length; i++) { runClient(`${prefix}${i} `, port, tcase.clients[i], function() { clientsCompleted++; if (clientsCompleted === tcase.clients.length) { server.close(); successfulTests++; runTest(0, nextTest++); } }); } } }); }
process.exit(); } var tls = require('tls'); var fs = require('fs'); var clientConnected = 0; var serverConnected = 0; var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') }; var server = tls.Server(options, function(socket) { ++serverConnected; server.close(); }); server.listen(common.PIPE, function() { var options = { rejectUnauthorized: false }; var client = tls.connect(common.PIPE, options, function() { ++clientConnected; client.end(); }); }); process.on('exit', function() { assert.equal(clientConnected, 1); assert.equal(serverConnected, 1); });
const fixtures = require('../common/fixtures'); const passKey = fixtures.readSync('pass-key.pem'); const rawKey = fixtures.readSync('raw-key.pem'); const cert = fixtures.readSync('pass-cert.pem'); assert(Buffer.isBuffer(passKey)); assert(Buffer.isBuffer(cert)); assert.strictEqual(typeof passKey.toString(), 'string'); assert.strictEqual(typeof cert.toString(), 'string'); const server = tls.Server({ key: passKey, passphrase: 'passphrase', cert: cert, ca: [cert], requestCert: true, rejectUnauthorized: true }, function(s) { s.end(); }); server.listen(0, common.mustCall(function() { // Buffer tls.connect({ port: this.address().port, key: passKey, passphrase: 'passphrase', cert: cert, rejectUnauthorized: false }, common.mustCall());
const options = { key: fixtures.readKey('agent1-key.pem'), cert: fixtures.readKey('agent1-cert.pem') }; const server = tls.Server(options, common.mustCall((socket) => { socket.on('error', common.mustCall((err) => { assert.strictEqual( err.message, 'TLS session renegotiation disabled for this socket'); socket.destroy(); server.close(); })); // Disable renegotiation after the first chunk of data received. // Demonstrates that renegotiation works successfully up until // disableRenegotiation is called. socket.on('data', common.mustCall((chunk) => { socket.write(chunk); socket.disableRenegotiation(); })); socket.on('secure', common.mustCall(() => { assert(socket._handle.handshakes < 2, `Too many handshakes [${socket._handle.handshakes}]`); })); })); server.listen(0, common.mustCall(() => { const port = server.address().port; const options = { rejectUnauthorized: false,
const tls = require('tls'); const fixtures = require('../common/fixtures'); const options = { key: fixtures.readKey('agent2-key.pem'), cert: fixtures.readKey('agent2-cert.pem') }; // Contains a UTF8 only character const messageUtf8 = 'x√ab c'; // The same string above represented with ASCII const messageAscii = 'xb\b\u001aab c'; const server = tls.Server(options, common.mustCall(function(socket) { socket.end(messageUtf8); })); server.listen(0, function() { const client = tls.connect({ port: this.address().port, rejectUnauthorized: false }); let buffer = ''; client.setEncoding('ascii'); client.on('data', function(d) { assert.ok(typeof d === 'string');
var common = require('../common'); var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var path = require('path'); var options = { key: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent1-key.pem')), cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem')) }; var serverErrorHappened = false; var clientErrorHappened = false; var server = tls.Server(options, function(socket) { assert(false); }); server.on('clientError', function(err) { serverErrorHappened = true; common.debug('Server: ' + err); server.close(); }); server.listen(common.PORT, function() { var client = tls.connect(common.PORT, function() { assert(false); }); client.on('error', function(err) { clientErrorHappened = true; common.debug('Client: ' + err); });
var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var hadTimeout = false; var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') }; var server = tls.Server(options, function(socket) { socket.setTimeout(100); socket.on('timeout', function(err) { hadTimeout = true; socket.end(); server.close(); }); }); server.listen(common.PORT, function() { var socket = tls.connect({ port: common.PORT, rejectUnauthorized: false }); }); process.on('exit', function() { assert.ok(hadTimeout); });
util.inherits(Mediator, stream.Writable); Mediator.prototype._write = function write(data, enc, cb) { this.buf += data; setTimeout(cb, 0); if (this.buf.length >= request.length) { assert.equal(this.buf, request.toString()); server.close(); } }; var mediator = new Mediator(); var server = tls.Server(options, function(socket) { socket.pipe(mediator); serverConnected++; }); server.listen(common.PORT, function() { var client1 = tls.connect({ port: common.PORT, rejectUnauthorized: false }, function() { ++clientConnected; client1.end(request); }); }); process.on('exit', function() { assert.equal(clientConnected, 1); assert.equal(serverConnected, 1);
var tls = require('tls'); var fs = require('fs'); var hadTimeout = false; var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') }; var server = tls.Server(options, function(socket) { var s = socket.setTimeout(100); assert.ok(s instanceof tls.TLSSocket); socket.on('timeout', function(err) { hadTimeout = true; socket.end(); server.close(); }); }); server.listen(common.PORT, function() { var socket = tls.connect({ port: common.PORT, rejectUnauthorized: false }); }); process.on('exit', function() { assert.ok(hadTimeout); });
const assert = require('assert'); const tls = require('tls'); const fixtures = require('../common/fixtures'); process.stdout.write('build body...'); const body = 'hello world\n'.repeat(1024 * 1024); process.stdout.write('done\n'); const options = { key: fixtures.readKey('agent2-key.pem'), cert: fixtures.readKey('agent2-cert.pem') }; const server = tls.Server(options, common.mustCall(function(socket) { socket.end(body); })); let recvCount = 0; server.listen(common.PORT, function() { const client = tls.connect({ port: common.PORT, rejectUnauthorized: false }); client.on('data', function(d) { process.stdout.write('.'); recvCount += d.length; client.pause();
var common = require('../common'); var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var path = require('path'); var options = { key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')), cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem')) }; var server = tls.Server(options, function(s) { assert.equal(s.address().address, s.socket.address().address); assert.equal(s.address().port, s.socket.address().port); assert.equal(s.remoteAddress, s.socket.remoteAddress); assert.equal(s.remotePort, s.socket.remotePort); s.end(); }); server.listen(common.PORT, '127.0.0.1', function() { assert.equal(server.address().address, '127.0.0.1'); assert.equal(server.address().port, common.PORT); var c = tls.connect(common.PORT, '127.0.0.1', function() { assert.equal(c.address().address, c.socket.address().address); assert.equal(c.address().port, c.socket.address().port); assert.equal(c.remoteAddress, '127.0.0.1'); assert.equal(c.remotePort, common.PORT); });
const options = { key: fixtures.readKey('agent1-key.pem'), cert: fixtures.readKey('agent1-cert.pem') }; const server = tls.Server(options, common.mustCall((socket) => { socket.on('error', common.mustCall((err) => { common.expectsError({ type: Error, code: 'ERR_TLS_RENEGOTIATION_DISABLED', message: 'TLS session renegotiation disabled for this socket' })(err); socket.destroy(); server.close(); })); // Disable renegotiation after the first chunk of data received. // Demonstrates that renegotiation works successfully up until // disableRenegotiation is called. socket.on('data', common.mustCall((chunk) => { socket.write(chunk); socket.disableRenegotiation(); })); socket.on('secure', common.mustCall(() => { assert(socket._handle.handshakes < 2, `Too many handshakes [${socket._handle.handshakes}]`); })); })); server.listen(0, common.mustCall(() => { const port = server.address().port; const options = {
const tls = require('tls'); const fixtures = require('../common/fixtures'); crypto.DEFAULT_ENCODING = 'buffer'; const certPem = fixtures.readSync('test_cert.pem', 'ascii'); const options = { key: fixtures.readKey('agent1-key.pem'), cert: fixtures.readKey('agent1-cert.pem') }; const server = tls.Server(options, (socket) => { setImmediate(() => { verify(); setImmediate(() => { socket.destroy(); }); }); }); function verify() { crypto.createVerify('SHA1') .update('Test') .verify(certPem, 'asdfasdfas', 'base64'); } server.listen(0, common.mustCall(() => { tls.connect({ port: server.address().port, rejectUnauthorized: false }, common.mustCall(() => {
const common = require('../common'); if (!common.hasCrypto) common.skip('missing crypto'); const assert = require('assert'); const tls = require('tls'); const fixtures = require('../common/fixtures'); const options = { key: fixtures.readKey('agent2-key.pem'), cert: fixtures.readKey('agent2-cert.pem') }; // create server const server = tls.Server(options, common.mustCall((socket) => { socket.end('Goodbye'); }, 2)); // start listening server.listen(0, function() { let session1 = null; const client1 = tls.connect({ port: this.address().port, rejectUnauthorized: false }, () => { console.log('connect1'); assert.ok(!client1.isSessionReused(), 'Session *should not* be reused.'); session1 = client1.getSession(); });
var common = require('../common'); var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem') }; var connections = 0; // create server var server = tls.Server(options, function(socket) { socket.end('Goodbye'); connections++; }); // start listening server.listen(common.PORT, function() { var session1 = null; var client1 = tls.connect({port: common.PORT}, function() { console.log('connect1'); assert.ok(!client1.isSessionReused(), 'Session *should not* be reused.'); session1 = client1.getSession(); }); client1.on('close', function() { console.log('close1');
const assert = require('assert'); const tls = require('tls'); const fixtures = require('../common/fixtures'); const options = { key: fixtures.readSync('test_key.pem'), cert: fixtures.readSync('test_cert.pem') }; const bufSize = 1024 * 1024; let sent = 0; let received = 0; const server = tls.Server(options, function(socket) { socket.pipe(socket); socket.on('data', function(c) { console.error('data', c.length); }); }); server.listen(0, function() { let resumed = false; const client = tls.connect({ port: this.address().port, rejectUnauthorized: false }, function() { console.error('connected'); client.pause(); console.error('paused'); send(); function send() { console.error('sending');
// Copyright & License details are available under JXCORE_LICENSE file var common = require('../common'); var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') }; var server = tls.Server(options, function(socket) { socket.end('hello world'); }); server.listen(common.PORT, function() { var client = tls.connect({ port: common.PORT, rejectUnauthorized: false }); // test that setting the `ondata` function *prevents* data from // being pushed to the streams2 interface of the socket client.ondata = function (buf, start, length) { var b = buf.slice(start, length); process.nextTick(function () { var b2 = client.read(); if (b2) { assert.notEqual(b.toString(), b2.toString()); }
// $> openssl s_client -connect localhost:12346 \ // -key test/fixtures/agent.key -cert test/fixtures/agent.crt // // $> openssl s_client -connect localhost:12346 // var common = require('../common'); var tls = require('tls'); var fs = require('fs'); var join = require('path').join; var key = fs.readFileSync(join(common.fixturesDir, 'agent.key')).toString(); var cert = fs.readFileSync(join(common.fixturesDir, 'agent.crt')).toString(); s = tls.Server({ key: key, cert: cert, ca: [], requestCert: true, rejectUnauthorized: true }); s.listen(common.PORT, function() { console.log('TLS server on 127.0.0.1:%d', common.PORT); }); s.on('authorized', function(c) { console.log('authed connection'); c.end('bye authorized friend.\n'); }); s.on('unauthorized', function(c, e) { console.log('unauthed connection: %s', e);
common.skip('node compiled without OpenSSL CLI.'); const assert = require('assert'); const { spawn } = require('child_process'); const tls = require('tls'); const fixtures = require('../common/fixtures'); let success = false; function loadPEM(n) { return fixtures.readKey(`${n}.pem`); } const server = tls.Server({ secureProtocol: 'TLSv1_2_server_method', key: loadPEM('agent2-key'), cert: loadPEM('agent2-cert') }, null).listen(0, function() { const args = ['s_client', '-quiet', '-tls1_1', '-connect', `127.0.0.1:${this.address().port}`]; // for the performance and stability issue in s_client on Windows if (common.isWindows) args.push('-no_rand_screen'); const client = spawn(common.opensslCli, args); let out = ''; client.stderr.setEncoding('utf8'); client.stderr.on('data', function(d) { out += d; if (/SSL alert number 70/.test(out)) {
var assert = require('assert'); var tls = require('tls'); var fs = require('fs'); var options = { key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem') }; var connections = 0; var message = "hello world\n"; var server = tls.Server(options, function(socket) { socket.end(message); connections++; }); server.listen(common.PORT, function() { var client = tls.connect(common.PORT); var buffer = ''; client.setEncoding('utf8'); client.on('data', function(d) { assert.ok(typeof d === 'string'); buffer += d; });
const options = { key: fixtures.readKey('agent1-key.pem'), cert: fixtures.readKey('agent1-cert.pem') }; const server = tls.Server(options, function(socket) { console.log('2) Server got request'); socket.write('HTTP/1.1 200 OK\r\n' + 'Date: Tue, 15 Feb 2011 22:14:54 GMT\r\n' + 'Expires: -1\r\n' + 'Cache-Control: private, max-age=0\r\n' + 'Set-Cookie: xyz\r\n' + 'Set-Cookie: abc\r\n' + 'Server: gws\r\n' + 'X-XSS-Protection: 1; mode=block\r\n' + 'Connection: close\r\n' + '\r\n'); socket.write('hello world\n'); setTimeout(function() { socket.end('hello world\n'); console.log('4) Server finished response'); }, 100); }); server.listen(0, common.mustCall(function() { console.log('1) Making Request'); https.get({ port: this.address().port, rejectUnauthorized: false