mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-09 10:28:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

notes

Browse Source
This commit is contained in:
pfg
2025-06-09 15:43:07 -07:00
parent 7e97cd447e
commit ebbbba0fa6
11 changed files with 139 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
categories.txt
View File

@@ -19,17 +19,22 @@ t.style.color = "black";
# TODO CHECK:
# max version env vars
# max version env vars, not investigated.
parallel/test-tls-client-reject-12.js
parallel/test-tls-ticket-12.js
parallel/test-tls-client-resume-12.js
parallel/test-tls-destroy-stream-12.js
parallel/test-tls-net-socket-keepalive-12.js
parallel/test-tls-keylog-tlsv13.js
parallel/test-tls-cli-min-max-conflict.js
# trivial
parallel/test-tls-external-accessor.js
- we don't support `_external`, but we pass the spirit of the test. trivial 'fix'
parallel/test-tls-destroy-stream.js
parallel/test-double-tls-client.js (this one maybe not as easy, but it is somewhat related)
- the test calls `.emit("connection")` on the tlsServer. In node, this calls the connection
handler but in bun it does not. Switch tls to use emit("connection") rather than
calling the connection listener directly, and add .on('connection') in the constructor
@@ -70,13 +75,15 @@ parallel/test-tls-basic-validations.js
- 12 mismatched errors
parallel/test-tls-error-servername.js
- 2 mismatched errors
# categorize
parallel/test-tls-client-allow-partial-trust-chain.js
- support allowPartialTrustChain
parallel/test-tls-env-bad-extra-ca.js
- emit a warning when the value in NODE_EXTRA_CA_CERTS is ignored because it fails to load
- this is a little bit hard to do because currently we handle that in us_internal_init_root_certs with getenv,
but we can't emit a warning from there. we would have to have it call out to bun code to emit the warning
# categorize
parallel/test-tls-connect-allow-half-open-option.js
- with allowHalfOpen, if the server ends its socket, it should still be able to receive a message
parallel/test-tls-server-parent-constructor-options.js
@@ -85,6 +92,11 @@ parallel/test-tls-get-ca-certificates-system.js
parallel/test-tls-get-ca-certificates-default.js
parallel/test-tls-get-ca-certificates-error.js
parallel/test-tls-get-ca-certificates-extra-empty.js
parallel/test-tls-get-ca-certificates-bundled.js
parallel/test-tls-get-ca-certificates-extra-subset.js
parallel/test-tls-get-ca-certificates-system-without-flag.js
parallel/test-tls-get-ca-certificates-bundled-subset.js
parallel/test-tls-get-ca-certificates-extra.js
- tls.getCACertificates is not implemented
parallel/test-tls-server-setkeycert.js
- some kind of problem with getPeerX509Certificate?
@@ -94,28 +106,19 @@ parallel/test-tls-cert-chains-concat.js
- issuerCertificate is not defined?
parallel/test-tls-streamwrap-buffersize.js
- bufferSize is wrong. also it is deprecated.
parallel/test-tls-pause.js
parallel/test-tls-connect-memleak.js
parallel/test-tls-get-ca-certificates-bundled.js
parallel/test-tls-clientcertengine-invalid-arg-type.js
parallel/test-tls-timeout-server.js
parallel/test-tls-destroy-stream-12.js
parallel/test-tls-net-socket-keepalive-12.js
parallel/test-tls-socket-default-options.js
parallel/test-tls-get-ca-certificates-extra-subset.js
parallel/test-double-tls-client.js
- createSecureContext (kai)
parallel/test-tls-timeout-server.js
- handshakeTimeout is not implemented
parallel/test-tls-retain-handle-no-abort.js
parallel/test-tls-keylog-tlsv13.js
- unable to verify the first certificate? UNABLE_TO_VERIFY_LEAF_SIGNATURE
parallel/test-tls-client-resume.js
parallel/test-tls-no-sslv23.js
- done https://github.com/oven-sh/bun/pull/20197
parallel/test-tls-connect-timeout-option.js
parallel/test-tls-client-allow-partial-trust-chain.js
parallel/test-tls-cli-min-max-conflict.js
parallel/test-tls-get-ca-certificates-system-without-flag.js
parallel/test-tls-get-ca-certificates-bundled-subset.js
- support tls connect timeout option
parallel/test-tls-getcertificate-x509.js
parallel/test-tls-get-ca-certificates-extra.js
- error: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
parallel/test-tls-env-extra-ca.js
parallel/test-tls-socket-destroy.js
parallel/test-tls-socket-close.js
@@ -131,6 +134,11 @@ parallel/test-tls-client-default-ciphers.js
parallel/test-tls-socket-constructor-alpn-options-parsing.js
sequential/test-tls-session-timeout.js
# skipped (wontfix)
parallel/test-tls-no-sslv23.js
- skipped
# Key
[ES] = skipped by electron
@@ -194,6 +202,8 @@ These tests are removed in new node versions: (createSecurePair is deprecated)
- test-tls-onread-static-buffer
- test-tls-lookup
- test-tls-wrap-econnreset-pipe
- parallel/test-tls-pause.js
- parallel/test-tls-connect-memleak.js
# Attempted

17
test/js/node/test/fixtures/tls-check-extra-ca-certificates.js vendored Normal file
View File

@@ -0,0 +1,17 @@
'use strict';
const tls = require('tls');
const assert = require('assert');
const defaultSet = new Set(tls.getCACertificates('default'));
const extraSet = new Set(tls.getCACertificates('extra'));
console.log(defaultSet.size, 'default certificates');
console.log(extraSet.size, 'extra certificates')
// Parent process is supposed to call this with
// NODE_EXTRA_CA_CERTS set to test/fixtures/keys/ca1-cert.pem.
assert.strictEqual(extraSet.size, 1);
// Check that default set is a super set of extra set.
assert.deepStrictEqual(defaultSet.intersection(extraSet),
extraSet);

9
test/js/node/test/parallel/test-tls-client-allow-partial-trust-chain.js
View File

@@ -18,6 +18,7 @@ describe('allowPartialTrustChain', { skip: !common.hasCrypto }, function() {
let opts;
beforeEach(async function() {
console.log('Setting up server and options...');
server = tls.createServer({
ca: fixtures.readKey('ca3-cert.pem'),
key: fixtures.readKey('agent6-key.pem'),
@@ -25,29 +26,37 @@ describe('allowPartialTrustChain', { skip: !common.hasCrypto }, function() {
}, (socket) => socket.resume());
server.listen(0);
await once(server, 'listening');
console.log('Server listening on port:', server.address().port);
opts = {
port: server.address().port,
ca: fixtures.readKey('ca3-cert.pem'),
checkServerIdentity() {}
};
console.log('Options configured:', opts);
});
afterEach(async function() {
console.log('Cleaning up client and server...');
client?.destroy();
server?.close();
});
it('can connect successfully with allowPartialTrustChain: true', async function() {
console.log('Testing connection with allowPartialTrustChain: true');
client = tls.connect({ ...opts, allowPartialTrustChain: true });
await once(client, 'secureConnect'); // Should not throw
console.log('Successfully connected with allowPartialTrustChain: true');
});
it('fails without with allowPartialTrustChain: true for an intermediate cert in the CA', async function() {
console.log('Testing connection without allowPartialTrustChain');
// Consistency check: Connecting fails without allowPartialTrustChain: true
await assert.rejects(async () => {
console.log('Attempting connection without allowPartialTrustChain...');
const client = tls.connect(opts);
await once(client, 'secureConnect');
}, { code: 'UNABLE_TO_GET_ISSUER_CERT' });
console.log('Connection failed as expected without allowPartialTrustChain');
});
});

33
test/js/node/test/parallel/test-tls-client-resume.js
View File

@@ -32,18 +32,24 @@ const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
console.log('Starting TLS client resume test');
const options = {
key: fixtures.readKey('agent2-key.pem'),
cert: fixtures.readKey('agent2-cert.pem')
};
console.log('Server options:', options);
// create server
const server = tls.Server(options, common.mustCall((socket) => {
console.log('Server received connection');
socket.end('Goodbye');
}, 2));
// start listening
server.listen(0, common.mustCall(function() {
console.log('Server listening on port:', this.address().port);
let sessionx = null; // From right after connect, invalid for TLS1.3
let session1 = null; // Delivered by the session event, always valid.
let sessions = 0;
@@ -52,45 +58,55 @@ server.listen(0, common.mustCall(function() {
port: this.address().port,
rejectUnauthorized: false
}, common.mustCall(() => {
console.log('Client1 connected');
tls13 = client1.getProtocol() === 'TLSv1.3';
console.log('TLS version:', client1.getProtocol());
assert.strictEqual(client1.isSessionReused(), false);
sessionx = client1.getSession();
console.log('SessionX obtained:', !!sessionx);
assert(sessionx);
if (session1)
reconnect();
}));
client1.on('data', common.mustCall());
client1.on('data', common.mustCall((data) => {
console.log('Client1 received data:', data.toString());
}));
client1.once('session', common.mustCall((session) => {
console.log('session1');
console.log('Session1 event received');
session1 = session;
console.log('Session1 obtained:', !!session1);
assert(session1);
if (sessionx)
reconnect();
}));
client1.on('session', () => {
console.log('client1 session#', ++sessions);
console.log('Client1 session event #', ++sessions);
});
client1.on('close', () => {
console.log('client1 close');
console.log('Client1 closed');
assert.strictEqual(sessions, tls13 ? 2 : 1);
});
function reconnect() {
console.log('Starting reconnect');
assert(sessionx);
assert(session1);
if (tls13)
if (tls13) {
console.log('TLS1.3 session comparison');
// For TLS1.3, the session immediately after handshake is a dummy,
// unresumable session. The one delivered later in session event is
// resumable.
assert.notStrictEqual(sessionx.compare(session1), 0);
else
} else {
console.log('TLS1.2 session comparison');
// For TLS1.2, they are identical.
assert.strictEqual(sessionx.compare(session1), 0);
}
const opts = {
port: server.address().port,
@@ -98,13 +114,14 @@ server.listen(0, common.mustCall(function() {
session: session1,
};
console.log('Connecting client2 with session');
const client2 = tls.connect(opts, common.mustCall(() => {
console.log('connect2');
console.log('Client2 connected');
assert.strictEqual(client2.isSessionReused(), true);
}));
client2.on('close', common.mustCall(() => {
console.log('close2');
console.log('Client2 closed');
server.close();
}));

3
test/js/node/test/parallel/test-tls-connect-timeout-option.js
View File

@@ -11,10 +11,13 @@ if (!common.hasCrypto)
const assert = require('assert');
const tls = require('tls');
console.log('Creating TLS socket with timeout option...');
const socket = tls.connect({
port: 42,
lookup: () => {},
timeout: 1000
});
console.log('Socket timeout value:', socket.timeout);
assert.strictEqual(socket.timeout, 1000);
console.log('Timeout assertion passed');

8
test/js/node/test/parallel/test-tls-env-extra-ca.js
View File

@@ -13,11 +13,14 @@ const fixtures = require('../common/fixtures');
const { fork } = require('child_process');
if (process.env.CHILD) {
console.log('Child process started');
const copts = {
port: process.env.PORT,
checkServerIdentity: common.mustCall(),
};
console.log('Client options:', copts);
const client = tls.connect(copts, common.mustCall(function() {
console.log('Client connected successfully');
client.end('hi');
}));
return;
@@ -27,19 +30,24 @@ const options = {
key: fixtures.readKey('agent1-key.pem'),
cert: fixtures.readKey('agent1-cert.pem'),
};
console.log('Server options:', options);
const server = tls.createServer(options, common.mustCall(function(s) {
console.log('Server received connection');
s.end('bye');
server.close();
})).listen(0, common.mustCall(function() {
console.log('Server listening on port:', this.address().port);
const env = {
...process.env,
CHILD: 'yes',
PORT: this.address().port,
NODE_EXTRA_CA_CERTS: fixtures.path('keys', 'ca1-cert.pem')
};
console.log('Environment variables:', env);
fork(__filename, { env }).on('exit', common.mustCall(function(status) {
console.log('Child process exited with status:', status);
// Client did not succeed in connecting
assert.strictEqual(status, 0);
}));

1
test/js/node/test/parallel/test-tls-getcertificate-x509.js
View File

@@ -8,6 +8,7 @@ const tls = require('tls');
const fixtures = require('../common/fixtures');
const { X509Certificate } = require('crypto');
console.log(fixtures.readKey('agent6-key.pem'));
const options = {
key: fixtures.readKey('agent6-key.pem'),
cert: fixtures.readKey('agent6-cert.pem')

8
test/js/node/test/parallel/test-tls-no-sslv23.js
View File

@@ -6,6 +6,7 @@ if (!common.hasCrypto)
const assert = require('assert');
const tls = require('tls');
console.log('Testing invalid protocol method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'blargh' });
}, {
@@ -15,28 +16,34 @@ assert.throws(function() {
const errMessageSSLv2 = /SSLv2 methods disabled/;
console.log('Testing SSLv2 method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'SSLv2_method' });
}, errMessageSSLv2);
console.log('Testing SSLv2 client method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'SSLv2_client_method' });
}, errMessageSSLv2);
console.log('Testing SSLv2 server method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'SSLv2_server_method' });
}, errMessageSSLv2);
const errMessageSSLv3 = /SSLv3 methods disabled/;
console.log('Testing SSLv3 method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'SSLv3_method' });
}, errMessageSSLv3);
console.log('Testing SSLv3 client method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'SSLv3_client_method' });
}, errMessageSSLv3);
console.log('Testing SSLv3 server method');
assert.throws(function() {
tls.createSecureContext({ secureProtocol: 'SSLv3_server_method' });
}, errMessageSSLv3);
@@ -44,6 +51,7 @@ assert.throws(function() {
// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends are
// still accepted. They are OpenSSL's way of saying that all known protocols
// are supported unless explicitly disabled (which we do for SSLv2 and SSLv3.)
console.log('Testing allowed protocol methods');
tls.createSecureContext({ secureProtocol: 'SSLv23_method' });
tls.createSecureContext({ secureProtocol: 'SSLv23_client_method' });
tls.createSecureContext({ secureProtocol: 'SSLv23_server_method' });

11
test/js/node/test/parallel/test-tls-retain-handle-no-abort.js
View File

@@ -19,22 +19,31 @@ const serverOptions = {
let ssl = null;
process.on('exit', function() {
console.log('Exit handler called');
assert.ok(ssl !== null);
// If the internal pointer to stream_ isn't cleared properly then this
// will abort.
console.log('About to inspect ssl');
util.inspect(ssl);
});
const server = tls.createServer(serverOptions, function(s) {
s.on('data', function() { });
console.log('Server connection received');
s.on('data', function() {
console.log('Server received data');
});
s.on('end', function() {
console.log('Server connection ended');
server.close();
s.destroy();
});
}).listen(0, function() {
console.log('Server listening on port:', this.address().port);
const c = new tls.TLSSocket();
ssl = c.ssl;
console.log('Created TLSSocket with ssl');
c.connect(this.address().port, function() {
console.log('Client connected');
c.end(sent);
});
});

28
test/js/node/test/parallel/test-tls-socket-default-options.js
View File

@@ -10,31 +10,41 @@ const {
} = require(fixtures.path('tls-connect'));
test(undefined, (err) => {
console.log('Test 1 - Error code:', err.code);
assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
});
test({}, (err) => {
console.log('Test 2 - Error code:', err.code);
assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
});
test(
{ secureContext: tls.createSecureContext({ ca: keys.agent1.ca }) },
(err) => { assert.ifError(err); });
(err) => {
console.log('Test 3 - Error:', err);
assert.ifError(err);
});
test(
{ ca: keys.agent1.ca },
(err) => { assert.ifError(err); });
(err) => {
console.log('Test 4 - Error:', err);
assert.ifError(err);
});
// Secure context options, like ca, are ignored if a sec ctx is explicitly
// provided.
test(
{ secureContext: tls.createSecureContext(), ca: keys.agent1.ca },
(err) => {
console.log('Test 5 - Error code:', err.code);
assert.strictEqual(err.code,
'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
});
function test(client, callback) {
console.log('Starting test with client options:', client);
callback = common.mustCall(callback);
connect({
server: {
@@ -42,11 +52,17 @@ function test(client, callback) {
cert: keys.agent1.cert,
},
}, function(err, pair, cleanup) {
console.log('Connection error:', err);
assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
let recv = '';
pair.server.server.once('secureConnection', common.mustCall((conn) => {
conn.on('data', (data) => recv += data);
console.log('Secure connection established');
conn.on('data', (data) => {
console.log('Received data:', data.toString());
recv += data;
});
conn.on('end', common.mustCall(() => {
console.log('Connection ended, received:', recv);
// Server sees nothing wrong with connection, even though the client's
// authentication of the server cert failed.
assert.strictEqual(recv, 'hello');
@@ -57,11 +73,15 @@ function test(client, callback) {
// `new TLSSocket` doesn't support the 'secureConnect' event on client side,
// and doesn't error if authentication failed. Caller must explicitly check
// for failure.
(new tls.TLSSocket(null, client)).connect(pair.server.server.address().port)
const socket = new tls.TLSSocket(null, client);
console.log('Created new TLSSocket');
socket.connect(pair.server.server.address().port)
.on('connect', common.mustCall(function() {
console.log('Socket connected');
this.end('hello');
}))
.on('secure', common.mustCall(function() {
console.log('Socket secure, verify error:', this.ssl.verifyError());
callback(this.ssl.verifyError());
}));
});

4
test/js/node/test/parallel/test-tls-timeout-server.js
View File

@@ -35,13 +35,17 @@ const options = {
handshakeTimeout: 50
};
console.log('Creating TLS server with options:', options);
const server = tls.createServer(options, common.mustNotCall());
server.on('tlsClientError', common.mustCall(function(err, conn) {
console.log('TLS client error occurred:', err.message);
conn.destroy();
server.close();
}));
server.listen(0, common.mustCall(function() {
console.log('Server listening on port:', this.address().port);
net.connect({ host: '127.0.0.1', port: this.address().port });
}));