-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls_wrap: migrate synchronous errors #18125
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -36,6 +36,9 @@ const { Timer } = process.binding('timer_wrap'); | |
const tls_wrap = process.binding('tls_wrap'); | ||
const { TCP, constants: TCPConstants } = process.binding('tcp_wrap'); | ||
const { Pipe, constants: PipeConstants } = process.binding('pipe_wrap'); | ||
const { | ||
SecureContext: NativeSecureContext | ||
} = process.binding('crypto'); | ||
const errors = require('internal/errors'); | ||
const kConnectOptions = Symbol('connect-options'); | ||
const kDisableRenegotiation = Symbol('disable-renegotiation'); | ||
|
@@ -407,7 +410,12 @@ TLSSocket.prototype._wrapHandle = function(wrap) { | |
const context = options.secureContext || | ||
options.credentials || | ||
tls.createSecureContext(options); | ||
const res = tls_wrap.wrap(handle._externalStream, | ||
const externalStream = handle._externalStream; | ||
assert(typeof externalStream === 'object', | ||
'handle must be a LibuvStreamWrap'); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It just needs to be a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @addaleax I thought about checking the type of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @joyeecheung Yeah, Ideally, what we could do is making the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @addaleax Yeah that should probably better be done in a dedicated PR IMO |
||
assert(context.context instanceof NativeSecureContext, | ||
'context.context must be a NativeSecureContext'); | ||
const res = tls_wrap.wrap(externalStream, | ||
context.context, | ||
!!options.isServer); | ||
res._parent = handle; | ||
|
@@ -548,8 +556,8 @@ TLSSocket.prototype.renegotiate = function(options, callback) { | |
if (this.destroyed) | ||
return; | ||
|
||
let requestCert = this._requestCert; | ||
let rejectUnauthorized = this._rejectUnauthorized; | ||
let requestCert = !!this._requestCert; | ||
let rejectUnauthorized = !!this._rejectUnauthorized; | ||
|
||
if (options.requestCert !== undefined) | ||
requestCert = !!options.requestCert; | ||
|
@@ -649,6 +657,14 @@ TLSSocket.prototype._start = function() { | |
}; | ||
|
||
TLSSocket.prototype.setServername = function(name) { | ||
if (typeof name !== 'string') { | ||
throw new errors.Error('ERR_INVALID_ARG_TYPE', 'name', 'string'); | ||
} | ||
|
||
if (this._tlsOptions.isServer) { | ||
throw new errors.Error('ERR_TLS_SNI_FROM_SERVER'); | ||
} | ||
|
||
this._handle.setServername(name); | ||
}; | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
'use strict'; | ||
|
||
// This tests the errors thrown from TLSSocket.prototype.setServername | ||
|
||
const common = require('../common'); | ||
const fixtures = require('../common/fixtures'); | ||
|
||
if (!common.hasCrypto) | ||
common.skip('missing crypto'); | ||
|
||
const { connect, TLSSocket } = require('tls'); | ||
const makeDuplexPair = require('../common/duplexpair'); | ||
const { clientSide, serverSide } = makeDuplexPair(); | ||
|
||
const key = fixtures.readKey('agent1-key.pem'); | ||
const cert = fixtures.readKey('agent1-cert.pem'); | ||
const ca = fixtures.readKey('ca1-cert.pem'); | ||
|
||
const client = connect({ | ||
socket: clientSide, | ||
ca, | ||
host: 'agent1' // Hostname from certificate | ||
}); | ||
|
||
[undefined, null, 1, true, {}].forEach((value) => { | ||
common.expectsError(() => { | ||
client.setServername(value); | ||
}, { | ||
code: 'ERR_INVALID_ARG_TYPE', | ||
message: 'The "name" argument must be of type string' | ||
}); | ||
}); | ||
|
||
const server = new TLSSocket(serverSide, { | ||
isServer: true, | ||
key, | ||
cert, | ||
ca | ||
}); | ||
|
||
common.expectsError(() => { | ||
server.setServername('localhost'); | ||
}, { | ||
code: 'ERR_TLS_SNI_FROM_SERVER', | ||
message: 'Cannot issue SNI from a TLS server-side socket' | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these be
throw errors.TypeError
s instead ofassert
s?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@maclover7 I tried that before and the test looked really dubious. These are not user-facing errors, whoever hits then either is using the underscored API or patching internals incorrectly, or is hitting a bug. Either way assertions seem to be more appropriate.