mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-17 22:32:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

debug

Browse Source
This commit is contained in:
Alistair Smith
2025-05-15 15:21:39 -07:00
parent ceca54e1fe
commit f5047e92b5
3 changed files with 101 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
packages/bun-usockets/src/crypto/openssl.c
View File

@@ -364,11 +364,34 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
verify_error.error = -1;
if (SSL_is_server(s->ssl)) {
verify_error.reason = "Unsupported protocol on server";
verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
int min = SSL_CTX_get_min_proto_version(ctx);
int max = SSL_CTX_get_max_proto_version(ctx);
int is_legacy = (min == max) && (min == TLS1_1_VERSION || min == TLS1_VERSION);
printf("[usockets] SERVER mapping: min=%d, max=%d, is_legacy=%d\n", min, max, is_legacy);
if (is_legacy) {
verify_error.reason = "Wrong version number on server";
verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
} else {
verify_error.reason = "Unsupported protocol on server";
verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
}
printf("[usockets] SERVER mapped to code=%s, reason=%s\n", verify_error.code, verify_error.reason);
} else {
verify_error.reason = "TLSv1 alert protocol version";
verify_error.code = "ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION";
SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
int min = SSL_CTX_get_min_proto_version(ctx);
int max = SSL_CTX_get_max_proto_version(ctx);
int is_tlsv1_1_method = (min == TLS1_1_VERSION && max == TLS1_1_VERSION);
int is_tlsv1_method = (min == TLS1_VERSION && max == TLS1_VERSION);
printf("[usockets] CLIENT mapping: min=%d, max=%d, is_tlsv1_1=%d, is_tlsv1=%d\n", min, max, is_tlsv1_1_method, is_tlsv1_method);
if (is_tlsv1_1_method || is_tlsv1_method) {
verify_error.reason = "TLSv1 alert protocol version";
verify_error.code = "ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION";
} else {
verify_error.reason = unsupported_proto_reason_client;
verify_error.code = unsupported_proto_client;
}
printf("[usockets] CLIENT mapped to code=%s, reason=%s\n", verify_error.code, verify_error.reason);
}
} else if (
verify_error.code && (
@@ -379,10 +402,8 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
int min = SSL_CTX_get_min_proto_version(ctx);
int max = SSL_CTX_get_max_proto_version(ctx);
int is_tlsv1_1_method = (min == TLS1_1_VERSION && max == TLS1_1_VERSION);
int is_tlsv1_method = (min == TLS1_VERSION && max == TLS1_VERSION);
// printf("[usockets] CLIENT handshake debug: min=%d, max=%d, is_tlsv1_1_method=%d, is_tlsv1_method=%d\n", min, max, is_tlsv1_1_method, is_tlsv1_method);
if (is_tlsv1_1_method || is_tlsv1_method) {
printf("[usockets] CLIENT handshake debug: min=%d, max=%d\n", min, max);
if (min == max && (min == TLS1_1_VERSION || min == TLS1_VERSION)) {
verify_error.reason = "TLSv1 alert protocol version";
verify_error.code = "ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION";
} else {

5
src/js/node/net.ts
View File

@@ -260,6 +260,7 @@ const SocketHandlers: SocketHandler = {
SocketHandlers.drain(socket);
},
handshake(socket, success, verifyError) {
console.log("[buntls] CLIENT handshake callback:", "success=", success, "verifyError=", verifyError);
const { data: self } = socket;
if (!self) return;
if (!success && verifyError?.code === "ECONNRESET") {
@@ -413,6 +414,7 @@ const ServerHandlers: SocketHandler = {
},
handshake(socket, success, verifyError) {
console.log("[buntls] SERVER handshake callback:", "success=", success, "verifyError=", verifyError);
const { data: self } = socket;
if (!success && verifyError?.code === "ECONNRESET") {
@@ -429,8 +431,7 @@ const ServerHandlers: SocketHandler = {
if (!success) {
const err = verifyError || $ERR_SSL_UNSUPPORTED_PROTOCOL("TLS handshake failed");
console.log("ERRRRR", err);
console.log("[buntls] SERVER handshake error:", err);
self._hadError = true;
self.emit("_tlsError", err);

138
test/js/node/test/parallel/test-tls-min-max-version.js
View File

@@ -96,42 +96,42 @@ const U = undefined;
// Default protocol is the max version.
// test(U, U, U, U, U, U, DEFAULT_MAX_VERSION);
// Insecure or invalid protocols cannot be enabled.
test(U, U, U, U, U, 'SSLv2_method',
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
test(U, U, U, U, U, 'SSLv3_method',
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
test(U, U, 'SSLv2_method', U, U, U,
U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
test(U, U, 'SSLv3_method', U, U, U,
U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
test(U, U, 'hokey-pokey', U, U, U,
U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
test(U, U, U, U, U, 'hokey-pokey',
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// // Insecure or invalid protocols cannot be enabled.
// test(U, U, U, U, U, 'SSLv2_method',
// U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// test(U, U, U, U, U, 'SSLv3_method',
// U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// test(U, U, 'SSLv2_method', U, U, U,
// U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// test(U, U, 'SSLv3_method', U, U, U,
// U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// test(U, U, 'hokey-pokey', U, U, U,
// U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// test(U, U, U, U, U, 'hokey-pokey',
// U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// Regression test: this should not crash because node should not pass the error
// message (including unsanitized user input) to a printf-like function.
test(U, U, U, U, U, '%s_method',
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// // Regression test: this should not crash because node should not pass the error
// // message (including unsanitized user input) to a printf-like function.
// test(U, U, U, U, U, '%s_method',
// U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
// Cannot use secureProtocol and min/max versions simultaneously.
test(U, U, U, U, 'TLSv1.2', 'TLS1_2_method',
U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
test(U, U, U, 'TLSv1.2', U, 'TLS1_2_method',
U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
test(U, 'TLSv1.2', 'TLS1_2_method', U, U, U,
U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
test('TLSv1.2', U, 'TLS1_2_method', U, U, U,
U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
// // Cannot use secureProtocol and min/max versions simultaneously.
// test(U, U, U, U, 'TLSv1.2', 'TLS1_2_method',
// U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
// test(U, U, U, 'TLSv1.2', U, 'TLS1_2_method',
// U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
// test(U, 'TLSv1.2', 'TLS1_2_method', U, U, U,
// U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
// test('TLSv1.2', U, 'TLS1_2_method', U, U, U,
// U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
// TLS_method means "any supported protocol".
test(U, U, 'TLSv1_2_method', U, U, 'TLS_method', 'TLSv1.2');
test(U, U, 'TLSv1_1_method', U, U, 'TLS_method', 'TLSv1.1');
test(U, U, 'TLSv1_method', U, U, 'TLS_method', 'TLSv1');
test(U, U, 'TLS_method', U, U, 'TLSv1_2_method', 'TLSv1.2');
test(U, U, 'TLS_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
test(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1');
// // TLS_method means "any supported protocol".
// test(U, U, 'TLSv1_2_method', U, U, 'TLS_method', 'TLSv1.2');
// test(U, U, 'TLSv1_1_method', U, U, 'TLS_method', 'TLSv1.1');
// test(U, U, 'TLSv1_method', U, U, 'TLS_method', 'TLSv1');
// test(U, U, 'TLS_method', U, U, 'TLSv1_2_method', 'TLSv1.2');
// test(U, U, 'TLS_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
// test(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1');
// OpenSSL 1.1.1 and 3.0 use a different error code and alert (sent to the
// client) when no protocols are enabled on the server.
@@ -164,13 +164,13 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
// test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
// U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
// 'ERR_SSL_UNSUPPORTED_PROTOCOL');
// test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
// U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
// test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
// U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
}
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
@@ -248,36 +248,36 @@ if (DEFAULT_MIN_VERSION === 'TLSv1') {
// test(U, U, U, U, U, 'TLSv1_method', 'TLSv1');
}
// TLS min/max are respected when set with no secureProtocol.
test('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_method', 'TLSv1');
test('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_1_method', 'TLSv1.1');
test('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_2_method', 'TLSv1.2');
test('TLSv1', 'TLSv1.2', U, U, U, 'TLS_method', 'TLSv1.2');
// // TLS min/max are respected when set with no secureProtocol.
// test('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_method', 'TLSv1');
// test('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_1_method', 'TLSv1.1');
// test('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_2_method', 'TLSv1.2');
// test('TLSv1', 'TLSv1.2', U, U, U, 'TLS_method', 'TLSv1.2');
test(U, U, 'TLSv1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1');
test(U, U, 'TLSv1_1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
test(U, U, 'TLSv1_2_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.2');
// test(U, U, 'TLSv1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1');
// test(U, U, 'TLSv1_1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
// test(U, U, 'TLSv1_2_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.2');
test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1');
test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
test('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
// test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1');
// test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
// test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
// test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
// v-any client can connect to v-specific server
test('TLSv1', 'TLSv1.3', U, 'TLSv1.3', 'TLSv1.3', U, 'TLSv1.3');
test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.3', U, 'TLSv1.3');
test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2');
test('TLSv1', 'TLSv1.3', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
// // v-any client can connect to v-specific server
// test('TLSv1', 'TLSv1.3', U, 'TLSv1.3', 'TLSv1.3', U, 'TLSv1.3');
// test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.3', U, 'TLSv1.3');
// test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2');
// test('TLSv1', 'TLSv1.3', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
// v-specific client can connect to v-any server
test('TLSv1.3', 'TLSv1.3', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.3');
test('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1');
// // v-specific client can connect to v-any server
// test('TLSv1.3', 'TLSv1.3', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.3');
// test('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
// test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
// test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1');