Skip to content

Commit

Permalink
tls: migrate tls.js to use internal/errors.js
Browse files Browse the repository at this point in the history
Migrate tls.js to use internal/errors.js as per
nodejs#11273

PR-URL: nodejs#13994
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
  • Loading branch information
mhdawson committed Jul 18, 2017
1 parent f406a7e commit 3ccfeb4
Show file tree
Hide file tree
Showing 7 changed files with 18 additions and 19 deletions.
2 changes: 2 additions & 0 deletions lib/internal/errors.js
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,8 @@ E('ERR_SOCKET_DGRAM_NOT_RUNNING', 'Not running');
E('ERR_STDERR_CLOSE', 'process.stderr cannot be closed');
E('ERR_STDOUT_CLOSE', 'process.stdout cannot be closed');
E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode');
E('ERR_TLS_CERT_ALTNAME_INVALID',
'Hostname/IP does not match certificate\'s altnames: %s');
E('ERR_TRANSFORM_ALREADY_TRANSFORMING',
'Calling transform done when still transforming');
E('ERR_TRANSFORM_WITH_LENGTH_0',
Expand Down
4 changes: 2 additions & 2 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

'use strict';

const errors = require('internal/errors');
const internalUtil = require('internal/util');
internalUtil.assertCrypto();

Expand Down Expand Up @@ -219,8 +220,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
}

if (!valid) {
const err = new Error(
`Hostname/IP doesn't match certificate's altnames: "${reason}"`);
const err = new errors.Error('ERR_TLS_CERT_ALTNAME_INVALID', reason);
err.reason = reason;
err.host = host;
err.cert = cert;
Expand Down
17 changes: 4 additions & 13 deletions test/parallel/test-https-strict.js
Original file line number Diff line number Diff line change
Expand Up @@ -170,13 +170,9 @@ function allListening() {

// server1: host 'agent1', signed by ca1
makeReq('/inv1', port1, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
makeReq('/inv1-ca1', port1,
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent1"',
makeReq('/inv1-ca1', port1, 'ERR_TLS_CERT_ALTNAME_INVALID',
null, ca1);
makeReq('/inv1-ca1ca2', port1,
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent1"',
makeReq('/inv1-ca1ca2', port1, 'ERR_TLS_CERT_ALTNAME_INVALID',
null, [ca1, ca2]);
makeReq('/val1-ca1', port1, null, 'agent1', ca1);
makeReq('/val1-ca1ca2', port1, null, 'agent1', [ca1, ca2]);
Expand All @@ -193,13 +189,8 @@ function allListening() {

// server3: host 'agent3', signed by ca2
makeReq('/inv3', port3, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
makeReq('/inv3-ca2', port3,
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent3"',
null, ca2);
makeReq('/inv3-ca1ca2', port3,
'Hostname/IP doesn\'t match certificate\'s altnames: ' +
'"Host: localhost. is not cert\'s CN: agent3"',
makeReq('/inv3-ca2', port3, 'ERR_TLS_CERT_ALTNAME_INVALID', null, ca2);
makeReq('/inv3-ca1ca2', port3, 'ERR_TLS_CERT_ALTNAME_INVALID',
null, [ca1, ca2]);
makeReq('/val3-ca2', port3, null, 'agent3', ca2);
makeReq('/val3-ca1ca2', port3, null, 'agent3', [ca1, ca2]);
Expand Down
6 changes: 6 additions & 0 deletions test/parallel/test-internal-errors.js
Original file line number Diff line number Diff line change
Expand Up @@ -229,3 +229,9 @@ assert.throws(
code: 'ERR_ASSERTION',
message: /^At least one arg needs to be specified$/
}));


// Test ERR_TLS_CERT_ALTNAME_INVALID
assert.strictEqual(
errors.message('ERR_TLS_CERT_ALTNAME_INVALID', ['altname']),
'Hostname/IP does not match certificate\'s altnames: altname');
3 changes: 1 addition & 2 deletions test/parallel/test-tls-client-verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ const fs = require('fs');
const path = require('path');
const tls = require('tls');

const hosterr = /Hostname\/IP doesn't match certificate's altnames/;
const testCases =
[{ ca: ['ca1-cert'],
key: 'agent2-key',
Expand Down Expand Up @@ -101,7 +100,7 @@ function testServers(index, servers, clientOptions, cb) {
clientOptions.port = this.address().port;
const client = tls.connect(clientOptions, common.mustCall(function() {
const authorized = client.authorized ||
hosterr.test(client.authorizationError);
(client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID');

console.error(`expected: ${ok} authed: ${authorized}`);

Expand Down
3 changes: 2 additions & 1 deletion test/parallel/test-tls-sni-option.js
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,8 @@ function startTest() {
options.port = server.address().port;
const client = tls.connect(options, function() {
clientResults.push(
/Hostname\/IP doesn't/.test(client.authorizationError || ''));
client.authorizationError &&
(client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID'));
client.destroy();

next();
Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-tls-sni-server-client.js
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ function startTest() {
const client = tls.connect(options, function() {
clientResults.push(
client.authorizationError &&
/Hostname\/IP doesn't/.test(client.authorizationError));
(client.authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID'));
client.destroy();

// Continue
Expand Down

0 comments on commit 3ccfeb4

Please sign in to comment.