mirror of
https://github.com/zebrajr/node.git
synced 2026-01-15 12:15:26 +00:00
TLS: Forward errors to cleartext
But only after control has been inverted.
This commit is contained in:
Ryan Dahl
44
lib/tls.js
44
lib/tls.js
@@ -551,14 +551,14 @@ function Server(/* [options], listener */) {
|
||||
true,
|
||||
self.requestCert,
|
||||
self.rejectUnauthorized);
|
||||
pair.encrypted.pipe(socket);
|
||||
socket.pipe(pair.encrypted);
|
||||
|
||||
pair.cleartext.socket = socket;
|
||||
var cleartext = pipe(pair, socket);
|
||||
cleartext._controlReleased = false;
|
||||
|
||||
pair.on('secure', function() {
|
||||
pair.cleartext.authorized = false;
|
||||
if (!self.requestCert) {
|
||||
cleartext._controlReleased = true;
|
||||
self.emit('secureConnection', pair.cleartext, pair.encrypted);
|
||||
} else {
|
||||
var verifyError = pair._ssl.verifyError();
|
||||
@@ -569,10 +569,12 @@ function Server(/* [options], listener */) {
|
||||
socket.destroy();
|
||||
pair._destroy();
|
||||
} else {
|
||||
cleartext._controlReleased = true;
|
||||
self.emit('secureConnection', pair.cleartext, pair.encrypted);
|
||||
}
|
||||
} else {
|
||||
pair.cleartext.authorized = true;
|
||||
cleartext._controlReleased = true;
|
||||
self.emit('secureConnection', pair.cleartext, pair.encrypted);
|
||||
}
|
||||
}
|
||||
@@ -661,13 +663,7 @@ exports.connect = function(port /* host, options, cb */) {
|
||||
|
||||
var pair = new SecurePair(sslcontext, false);
|
||||
|
||||
pair.encrypted.pipe(socket);
|
||||
socket.pipe(pair.encrypted);
|
||||
|
||||
var cleartext = pair.cleartext;
|
||||
cleartext.socket = socket;
|
||||
cleartext.encrypted = pair.encrypted;
|
||||
cleartext.authorized = false;
|
||||
var cleartext = pipe(pair, socket);
|
||||
|
||||
socket.connect(port, host);
|
||||
|
||||
@@ -684,5 +680,33 @@ exports.connect = function(port /* host, options, cb */) {
|
||||
if (cb) cb();
|
||||
});
|
||||
|
||||
cleartext._controlReleased = true;
|
||||
return cleartext;
|
||||
};
|
||||
|
||||
|
||||
function pipe(pair, socket) {
|
||||
pair.encrypted.pipe(socket);
|
||||
socket.pipe(pair.encrypted);
|
||||
|
||||
var cleartext = pair.cleartext;
|
||||
cleartext.socket = socket;
|
||||
cleartext.encrypted = pair.encrypted;
|
||||
cleartext.authorized = false;
|
||||
|
||||
function onerror(e) {
|
||||
if (cleartext._controlReleased) {
|
||||
cleartext.emit('error', e);
|
||||
}
|
||||
}
|
||||
|
||||
function onclose() {
|
||||
socket.removeListener('error', onerror);
|
||||
socket.removeListener('close', onclose);
|
||||
}
|
||||
|
||||
socket.on('error', onerror);
|
||||
socket.on('close', onclose);
|
||||
|
||||
return cleartext;
|
||||
}
|
||||
|
||||
@@ -26,17 +26,24 @@ var server = https.createServer(options, function (req, res) {
|
||||
res.end(body);
|
||||
})
|
||||
|
||||
function afterCurl (err, stdout, stderr) {
|
||||
if (err) throw err;
|
||||
server.close();
|
||||
common.error(common.inspect(stdout));
|
||||
assert.equal(body, stdout);
|
||||
};
|
||||
|
||||
server.listen(common.PORT, function () {
|
||||
var cmd = 'curl --insecure https://127.0.0.1:' + common.PORT + '/';
|
||||
console.error("executing %j", cmd);
|
||||
exec(cmd, afterCurl);
|
||||
exec(cmd, function(err, stdout, stderr) {
|
||||
if (err) throw err;
|
||||
common.error(common.inspect(stdout));
|
||||
assert.equal(body, stdout);
|
||||
|
||||
// Do the same thing now without --insecure
|
||||
// The connection should not be accepted.
|
||||
var cmd = 'curl https://127.0.0.1:' + common.PORT + '/';
|
||||
console.error("executing %j", cmd);
|
||||
exec(cmd, function(err, stdout, stderr) {
|
||||
assert.ok(err);
|
||||
server.close();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
process.on('exit', function () {
|
||||
|
||||
Reference in New Issue
Block a user