Skip to content

Commit

Permalink
test: improve control flow in test-tls-dhe
Browse files Browse the repository at this point in the history
If this test fails, e.g., if the s_client output does not match the
expectation, the previous implementation would not produce any helpful
error messages. Rework the control flow to be more idiomatic. Avoid
callback chaining and stream operations.

Also, the TLS server 'close' event does not pass an error to the event
handler, so remove the respective assertion.

PR-URL: #46751
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
tniessen authored and danielleadams committed Apr 5, 2023
1 parent 5353110 commit 25cab7e
Showing 1 changed file with 21 additions and 54 deletions.
75 changes: 21 additions & 54 deletions test/parallel/test-tls-dhe.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,13 @@ if (!common.opensslCli)
common.skip('missing openssl-cli');

const assert = require('assert');
const { once } = require('events');
const tls = require('tls');
const spawn = require('child_process').spawn;
const { execFile } = require('child_process');
const fixtures = require('../common/fixtures');

const key = fixtures.readKey('agent2-key.pem');
const cert = fixtures.readKey('agent2-cert.pem');
let nsuccess = 0;
let ntests = 0;
const ciphers = 'DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

// Test will emit a warning because the DH parameter size is < 2048 bits
Expand All @@ -48,7 +47,7 @@ function loadDHParam(n) {
return fixtures.readKey(keyname);
}

function test(keylen, expectedCipher, cb) {
function test(keylen, expectedCipher) {
const options = {
key: key,
cert: cert,
Expand All @@ -57,61 +56,29 @@ function test(keylen, expectedCipher, cb) {
maxVersion: 'TLSv1.2',
};

const server = tls.createServer(options, function(conn) {
conn.end();
});
const server = tls.createServer(options, (conn) => conn.end());

server.on('close', function(err) {
assert.ifError(err);
if (cb) cb();
});

server.listen(0, '127.0.0.1', function() {
const args = ['s_client', '-connect', `127.0.0.1:${this.address().port}`,
server.listen(0, '127.0.0.1', common.mustCall(() => {
const args = ['s_client', '-connect', `127.0.0.1:${server.address().port}`,
'-cipher', ciphers];

const client = spawn(common.opensslCli, args);
let out = '';
client.stdout.setEncoding('utf8');
client.stdout.on('data', function(d) {
out += d;
});
client.stdout.on('end', function() {
execFile(common.opensslCli, args, common.mustSucceed((stdout) => {
assert(keylen === 'error' ||
out.includes(`Server Temp Key: DH, ${keylen} bits`));
const reg = new RegExp(`Cipher : ${expectedCipher}`);
if (reg.test(out)) {
nsuccess++;
server.close();
}
});
});
}

function test512() {
assert.throws(function() {
test(512, 'DHE-RSA-AES128-SHA256', null);
}, /DH parameter is less than 1024 bits/);
}
stdout.includes(`Server Temp Key: DH, ${keylen} bits`));
assert(stdout.includes(`Cipher : ${expectedCipher}`));
server.close();
}));
}));

function test1024() {
test(1024, 'DHE-RSA-AES128-SHA256', test2048);
ntests++;
return once(server, 'close');
}

function test2048() {
test(2048, 'DHE-RSA-AES128-SHA256', testError);
ntests++;
}

function testError() {
test('error', 'ECDHE-RSA-AES128-SHA256', test512);
ntests++;
}

test1024();
(async () => {
assert.throws(() => {
test(512, 'DHE-RSA-AES128-SHA256');
}, /DH parameter is less than 1024 bits/);

process.on('exit', function() {
assert.strictEqual(ntests, nsuccess);
assert.strictEqual(ntests, 3);
});
await test(1024, 'DHE-RSA-AES128-SHA256');
await test(2048, 'DHE-RSA-AES128-SHA256');
await test('error', 'ECDHE-RSA-AES128-SHA256');
})().then(common.mustCall());

0 comments on commit 25cab7e

Please sign in to comment.