From b3cf2df23425dfd363ecffa30cf7b792d5e4d2f2 Mon Sep 17 00:00:00 2001 From: pfg Date: Mon, 2 Jun 2025 16:01:43 -0700 Subject: [PATCH] . --- categories.txt | 3 +- .../test/parallel/test-tls-cnnic-whitelist.js | 56 +++++++++++++++++++ .../parallel/test-tls-wrap-econnreset-pipe.js | 48 ++++++++++++++++ 3 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 test/js/node/test/parallel/test-tls-cnnic-whitelist.js create mode 100644 test/js/node/test/parallel/test-tls-wrap-econnreset-pipe.js diff --git a/categories.txt b/categories.txt index edd08a1af5..f7d206520e 100644 --- a/categories.txt +++ b/categories.txt @@ -54,4 +54,5 @@ that to `localhost:${port}localhost:${port}` which is an invalid url passes on mac: - test-tls-junk-closes-server - test-tls-onread-static-buffer -- test-tls-lookup \ No newline at end of file +- test-tls-lookup +- test-tls-wrap-econnreset-pipe \ No newline at end of file diff --git a/test/js/node/test/parallel/test-tls-cnnic-whitelist.js b/test/js/node/test/parallel/test-tls-cnnic-whitelist.js new file mode 100644 index 0000000000..99ad02ee1c --- /dev/null +++ b/test/js/node/test/parallel/test-tls-cnnic-whitelist.js @@ -0,0 +1,56 @@ +// Flags: --use-bundled-ca +'use strict'; +const common = require('../common'); + +if (!common.hasCrypto) + common.skip('missing crypto'); + +const assert = require('assert'); +const tls = require('tls'); +const fixtures = require('../common/fixtures'); + +function loadPEM(n) { + return fixtures.readKey(`${n}.pem`); +} + +const testCases = [ + // Test 1: for the fix of node#2061 + // agent6-cert.pem is signed by intermediate cert of ca3. + // The server has a cert chain of agent6->ca3->ca1(root) but + // tls.connect should be failed with an error of + // UNABLE_TO_GET_ISSUER_CERT_LOCALLY since the root CA of ca1 is not + // installed locally. + { + serverOpts: { + ca: loadPEM('ca3-key'), + key: loadPEM('agent6-key'), + cert: loadPEM('agent6-cert') + }, + clientOpts: { + port: undefined, + rejectUnauthorized: true + }, + errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' + }, +]; + +function runTest(tindex) { + const tcase = testCases[tindex]; + + if (!tcase) return; + + const server = tls.createServer(tcase.serverOpts, (s) => { + s.resume(); + }).listen(0, common.mustCall(function() { + tcase.clientOpts.port = this.address().port; + const client = tls.connect(tcase.clientOpts); + client.on('error', common.mustCall((e) => { + assert.strictEqual(e.code, tcase.errorCode); + server.close(common.mustCall(() => { + runTest(tindex + 1); + })); + })); + })); +} + +runTest(0); diff --git a/test/js/node/test/parallel/test-tls-wrap-econnreset-pipe.js b/test/js/node/test/parallel/test-tls-wrap-econnreset-pipe.js new file mode 100644 index 0000000000..f294f23f1d --- /dev/null +++ b/test/js/node/test/parallel/test-tls-wrap-econnreset-pipe.js @@ -0,0 +1,48 @@ +'use strict'; + +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +const assert = require('assert'); +const tls = require('tls'); +const net = require('net'); +const { fork } = require('child_process'); + +const tmpdir = require('../common/tmpdir'); + +// Run in a child process because the PIPE file descriptor stays open until +// Node.js completes, blocking the tmpdir and preventing cleanup. + +if (process.argv[2] !== 'child') { + // Parent + tmpdir.refresh(); + + // Run test + const child = fork(__filename, ['child'], { stdio: 'inherit' }); + child.on('exit', common.mustCall(function(code) { + assert.strictEqual(code, 0); + })); + + return; +} + +// Child +const server = net.createServer((c) => { + c.end(); +}).listen(common.PIPE, common.mustCall(() => { + let errored = false; + tls.connect({ path: common.PIPE }) + .once('error', common.mustCall((e) => { + assert.strictEqual(e.code, 'ECONNRESET'); + assert.strictEqual(e.path, common.PIPE); + assert.strictEqual(e.port, undefined); + assert.strictEqual(e.host, undefined); + assert.strictEqual(e.localAddress, undefined); + server.close(); + errored = true; + })) + .on('close', common.mustCall(() => { + assert.strictEqual(errored, true); + })); +}));