Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

tls: Fix node swallows openssl error on request

Fixes #2308.
Fixes #2246.
  • Loading branch information...
commit 29b1fddf0df1ada615997fb7be5084bae4ee531b 1 parent c4d2244
@koichik koichik authored
View
8 doc/api/tls.markdown
@@ -237,6 +237,14 @@ server, you unauthorized connections may be accepted.
SNI.
+### Event: 'clientError'
+
+`function (exception) { }`
+
+When a client connection emits an 'error' event before secure connection is
+established - it will be forwarded here.
+
+
#### server.listen(port, [host], [callback])
Begin accepting connections on the specified `port` and `host`. If the
View
15 lib/tls.js
@@ -721,6 +721,7 @@ SecurePair.prototype.maybeInitFinished = function() {
SecurePair.prototype.destroy = function() {
var self = this;
+ var error = this.ssl.error;
if (!this._doneFlag) {
this._doneFlag = true;
@@ -736,6 +737,14 @@ SecurePair.prototype.destroy = function() {
self.encrypted.emit('close');
self.cleartext.emit('close');
});
+
+ if (!this._secureEstablished) {
+ if (!error) {
+ error = new Error('socket hang up');
+ error.code = 'ECONNRESET';
+ }
+ this.emit('error', error);
+ }
}
};
@@ -905,6 +914,9 @@ function Server(/* [options], listener */) {
}
}
});
+ pair.on('error', function(err) {
+ self.emit('clientError', err);
+ });
});
if (listener) {
@@ -1054,6 +1066,9 @@ exports.connect = function(port /* host, options, cb */) {
cleartext.emit('secureConnect');
});
+ pair.on('error', function(err) {
+ cleartext.emit('error', err);
+ });
cleartext._controlReleased = true;
return cleartext;
View
62 test/simple/test-https-invalid-key.js
@@ -0,0 +1,62 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if (!process.versions.openssl) {
+ console.error('Skipping because node compiled without OpenSSL.');
+ process.exit(0);
+}
+
+var common = require('../common');
+var assert = require('assert');
+var https = require('https');
+var fs = require('fs');
+var path = require('path');
+
+var options = {
+ key: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent1-key.pem')),
+ cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
+};
+var serverErrorHappened = false;
+var clientErrorHappened = false;
+
+var server = https.Server(options, function(req, res) {
+ assert(false);
+});
+server.on('clientError', function(err) {
+ serverErrorHappened = true;
+ common.debug('Server: ' + err);
+ server.close();
+});
+
+server.listen(common.PORT, function() {
+ var req = https.get({port: common.PORT}, function(res) {
+ assert(false);
+ });
+ req.on('error', function(err) {
+ clientErrorHappened = true;
+ common.debug('Client: ' + err);
+ });
+});
+
+process.on('exit', function() {
+ assert(serverErrorHappened);
+ assert(clientErrorHappened);
+});
View
62 test/simple/test-tls-invalid-key.js
@@ -0,0 +1,62 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if (!process.versions.openssl) {
+ console.error('Skipping because node compiled without OpenSSL.');
+ process.exit(0);
+}
+
+var common = require('../common');
+var assert = require('assert');
+var tls = require('tls');
+var fs = require('fs');
+var path = require('path');
+
+var options = {
+ key: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent1-key.pem')),
+ cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
+};
+var serverErrorHappened = false;
+var clientErrorHappened = false;
+
+var server = tls.Server(options, function(socket) {
+ assert(false);
+});
+server.on('clientError', function(err) {
+ serverErrorHappened = true;
+ common.debug('Server: ' + err);
+ server.close();
+});
+
+server.listen(common.PORT, function() {
+ var client = tls.connect(common.PORT, function() {
+ assert(false);
+ });
+ client.on('error', function(err) {
+ clientErrorHappened = true;
+ common.debug('Client: ' + err);
+ });
+});
+
+process.on('exit', function() {
+ assert(serverErrorHappened);
+ assert(clientErrorHappened);
+});
Please sign in to comment.
Something went wrong with that request. Please try again.