tls: do not hang without newSession handler

indutny · indutny · commit 75697112e85b · 2015-07-20T11:47:06.000-07:00
When listening for client hello parser events (like OCSP requests), do not hang if `newSession` event handler is not present. Fix: nodejs/node-v0.x-archive#8660 Fix: nodejs/node-v0.x-archive#25735 Reviewed-By: Fedor Indutny <fedor@indutny.com> PR-URL: nodejs/node-v0.x-archive#25739
diff --git a/lib/_tls_legacy.js b/lib/_tls_legacy.js
@@ -662,14 +662,17 @@ function onnewsession(key, session){
 var self = this;
 var once = false;
 
- self.server.emit('newSession', key, session, function(){
+ if (!self.server.emit('newSession', key, session, done))
+ done();
+
+ function done(){
 if (once)
 return;
 once = true;
 
 if (self.ssl)
 self.ssl.newSessionDone();
- });
+ };
 }
 
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -201,7 +201,10 @@ function onnewsession(key, session){
 var once = false;
 
 this._newSessionPending = true;
- this.server.emit('newSession', key, session, function(){
+ if (!this.server.emit('newSession', key, session, done))
+ done();
+
+ function done(){
 if (once)
 return;
 once = true;
@@ -212,7 +215,7 @@ function onnewsession(key, session){
 if (self._securePending)
 self._finishInit();
 self._securePending = false;
- });
+ }
 }
 
 
diff --git a/test/simple/test-tls-ocsp-callback.js b/test/simple/test-tls-ocsp-callback.js
@@ -31,16 +31,19 @@ if (!common.opensslCli){
 process.exit(0);
 }
 
+var assert = require('assert');
+var tls = require('tls');
+var constants = require('constants');
+var fs = require('fs');
+var join = require('path').join;
+
 test({response: false }, function(){
- test({response: 'hello world' });
+ test({response: 'hello world' }, function(){
+ test({ocsp: false });
+ });
 });
 
 function test(testOptions, cb){
- var assert = require('assert');
- var tls = require('tls');
- var fs = require('fs');
- var join = require('path').join;
- var spawn = require('child_process').spawn;
 
 var keyFile = join(common.fixturesDir, 'keys', 'agent1-key.pem');
 var certFile = join(common.fixturesDir, 'keys', 'agent1-cert.pem');
@@ -54,6 +57,7 @@ function test(testOptions, cb){
 ca: [ca]
 };
 var requestCount = 0;
+ var clientSecure = 0;
 var ocspCount = 0;
 var ocspResponse;
 var session;
@@ -83,9 +87,12 @@ function test(testOptions, cb){
 server.listen(common.PORT, function(){
 var client = tls.connect({
 port: common.PORT,
- requestOCSP: true,
+ requestOCSP: testOptions.ocsp !== false,
+ secureOptions: testOptions.ocsp === false ?
+ constants.SSL_OP_NO_TICKET : 0,
 rejectUnauthorized: false
 }, function(){
+ clientSecure++;
 });
 client.on('OCSPResponse', function(resp){
 ocspResponse = resp;
@@ -98,12 +105,19 @@ function test(testOptions, cb){
 });
 
 process.on('exit', function(){
+ if (testOptions.ocsp === false){
+ assert.equal(requestCount, clientSecure);
+ assert.equal(requestCount, 1);
+ return;
+ }
+
 if (testOptions.response){
 assert.equal(ocspResponse.toString(), testOptions.response);
 } else{
 assert.ok(ocspResponse === null);
 }
 assert.equal(requestCount, testOptions.response ? 0 : 1);
+ assert.equal(clientSecure, requestCount);
 assert.equal(ocspCount, 1);
 });
 }

-Original file line number
+Diff line change
 varself=this;
 varonce=false;
 -self.server.emit('newSession',key,session,function(){
 +if(!self.server.emit('newSession',key,session,done))
 +done();
++
 +functiondone(){
 if(once)
 return;
 once=true;
 if(self.ssl)
 self.ssl.newSessionDone();
 -});
 +};
+}
-Original file line number
+Diff line change
 process.exit(0);
+}
 +varassert=require('assert');
 +vartls=require('tls');
 +varconstants=require('constants');
 +varfs=require('fs');
 +varjoin=require('path').join;
++
 test({response: false},function(){
 -test({response: 'hello world'});
 +test({response: 'hello world'},function(){
 +test({ocsp: false});
 +});
 });
 functiontest(testOptions,cb){
 -varassert=require('assert');
 -vartls=require('tls');
 -varfs=require('fs');
 -varjoin=require('path').join;
 -varspawn=require('child_process').spawn;
 varkeyFile=join(common.fixturesDir,'keys','agent1-key.pem');
 varcertFile=join(common.fixturesDir,'keys','agent1-cert.pem');
 ca: [ca]
 };
 varrequestCount=0;
 +varclientSecure=0;
 varocspCount=0;
 varocspResponse;
 varsession;
 server.listen(common.PORT,function(){
 varclient=tls.connect({
 port: common.PORT,
 -requestOCSP: true,
 +requestOCSP: testOptions.ocsp!==false,
 +secureOptions: testOptions.ocsp===false ?
 +constants.SSL_OP_NO_TICKET : 0,
 rejectUnauthorized: false
 },function(){
 +clientSecure++;
 });
 client.on('OCSPResponse',function(resp){
 ocspResponse=resp;
 });
 process.on('exit',function(){
 +if(testOptions.ocsp===false){
 +assert.equal(requestCount,clientSecure);
 +assert.equal(requestCount,1);
 +return;
 +}
++
 if(testOptions.response){
 assert.equal(ocspResponse.toString(),testOptions.response);
 }else{
 assert.ok(ocspResponse===null);
+}
 assert.equal(requestCount,testOptions.response ? 0 : 1);
 +assert.equal(clientSecure,requestCount);
 assert.equal(ocspCount,1);
 });
+}