tls: TLSSocket emits 'error' on handshake failure

lekoder · mcollina · commit c7bc9bcfbf51 · 2016-10-10T09:59:31.000+02:00
Removes branch that would make TLSSocket emit '_tlsError' event if error occured on handshake and control was not released, as it was never happening. Addedd test for tls.Server to ensure it still emits 'tlsClientError' as expected. Fixes: #8803 PR-URL: #8805 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Fedor Indutny <fedor@indutny.com>
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -426,7 +426,9 @@ TLSSocket.prototype._init = function(socket, wrap){
 
 // Destroy socket if error happened before handshake's finish
 if (!self._secureEstablished){
- self.destroy(self._tlsError(err));
+ // When handshake fails control is not yet released,
+ // so self._tlsError will return null instead of actual error
+ self.destroy(err);
 } else if (options.isServer &&
 rejectUnauthorized &&
 /peer did not return a certificate/.test(err.message)){
diff --git a/test/parallel/test-tls-server-failed-handshake-emits-clienterror.js b/test/parallel/test-tls-server-failed-handshake-emits-clienterror.js
@@ -0,0 +1,37 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto){
+ common.skip('missing crypto');
+ return;
+}
+const tls = require('tls');
+const net = require('net');
+const assert = require('assert');
+
+const bonkers = Buffer.alloc(1024, 42);
+
+let tlsClientErrorEmited = false;
+
+const server = tls.createServer({})
+ .listen(0, function(){
+ const c = net.connect({port: this.address().port }, function(){
+ c.write(bonkers);
+ });
+
+ }).on('tlsClientError', function(e){
+ tlsClientErrorEmited = true;
+ assert.ok(e instanceof Error,
+ 'Instance of Error should be passed to error handler');
+ assert.ok(e.message.match(
+ /SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/),
+ 'Expecting SSL unknown protocol');
+ });
+
+setTimeout(function(){
+ server.close();
+
+ assert.ok(tlsClientErrorEmited,
+ 'tlsClientError should be emited');
+
+}, common.platformTimeout(200));
diff --git a/test/parallel/test-tls-socket-failed-handshake-emits-error.js b/test/parallel/test-tls-socket-failed-handshake-emits-error.js
@@ -0,0 +1,38 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto){
+ common.skip('missing crypto');
+ return;
+}
+const tls = require('tls');
+const net = require('net');
+const assert = require('assert');
+
+const bonkers = Buffer.alloc(1024, 42);
+
+const server = net.createServer(function(c){
+ setTimeout(function(){
+ const s = new tls.TLSSocket(c,{
+ isServer: true,
+ server: server
+ });
+
+ s.on('error', common.mustCall(function(e){
+ assert.ok(e instanceof Error,
+ 'Instance of Error should be passed to error handler');
+ assert.ok(e.message.match(
+ /SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/),
+ 'Expecting SSL unknown protocol');
+ }));
+
+ s.on('close', function(){
+ server.close();
+ s.destroy();
+ });
+ }, common.platformTimeout(200));
+}).listen(0, function(){
+ const c = net.connect({port: this.address().port}, function(){
+ c.write(bonkers);
+ });
+});

-Original file line number
+Diff line change
 // Destroy socket if error happened before handshake's finish
 if(!self._secureEstablished){
 -self.destroy(self._tlsError(err));
 +// When handshake fails control is not yet released,
 +// so self._tlsError will return null instead of actual error
 +self.destroy(err);
 }elseif(options.isServer&&
 rejectUnauthorized&&
 /peerdidnotreturnacertificate/.test(err.message)){
-Original file line number
+Diff line change
@@ @@ -0,0 +1,37 @@ @@
 +'use strict';
 +constcommon=require('../common');
++
 +if(!common.hasCrypto){
 +common.skip('missing crypto');
 +return;
 +}
 +consttls=require('tls');
 +constnet=require('net');
 +constassert=require('assert');
++
 +constbonkers=Buffer.alloc(1024,42);
++
 +lettlsClientErrorEmited=false;
++
 +constserver=tls.createServer({})
 +.listen(0,function(){
 +constc=net.connect({port: this.address().port},function(){
 +c.write(bonkers);
 +});
++
 +}).on('tlsClientError',function(e){
 +tlsClientErrorEmited=true;
 +assert.ok(einstanceofError,
 +'Instance of Error should be passed to error handler');
 +assert.ok(e.message.match(
 +/SSLroutines:SSL23_GET_CLIENT_HELLO:unknownprotocol/),
 +'Expecting SSL unknown protocol');
 +});
++
 +setTimeout(function(){
 +server.close();
++
 +assert.ok(tlsClientErrorEmited,
 +'tlsClientError should be emited');
++
 +},common.platformTimeout(200));