()
| 1751 | } |
| 1752 | |
| 1753 | function onConnectSecure() { |
| 1754 | const options = this[kConnectOptions]; |
| 1755 | |
| 1756 | // Check the size of DHE parameter above minimum requirement |
| 1757 | // specified in options. |
| 1758 | const ekeyinfo = this.getEphemeralKeyInfo(); |
| 1759 | if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) { |
| 1760 | const err = new ERR_TLS_DH_PARAM_SIZE(ekeyinfo.size); |
| 1761 | debug('client emit:', err); |
| 1762 | this.emit('error', err); |
| 1763 | this.destroy(); |
| 1764 | return; |
| 1765 | } |
| 1766 | |
| 1767 | let verifyError = this._handle.verifyError(); |
| 1768 | |
| 1769 | // Verify that server's identity matches it's certificate's names |
| 1770 | // Unless server has resumed our existing session |
| 1771 | if (!verifyError && !this.isSessionReused()) { |
| 1772 | const cert = this.getPeerCertificate(true); |
| 1773 | verifyError = options.checkServerIdentity( |
| 1774 | getSessionServerIdentity(options), |
| 1775 | cert, |
| 1776 | ); |
| 1777 | } |
| 1778 | |
| 1779 | if (verifyError) { |
| 1780 | this.authorized = false; |
| 1781 | this.authorizationError = verifyError.code || verifyError.message; |
| 1782 | |
| 1783 | // rejectUnauthorized property can be explicitly defined as `undefined` |
| 1784 | // causing the assignment to default value (`true`) fail. Before assigning |
| 1785 | // it to the tlssock connection options, explicitly check if it is false |
| 1786 | // and update rejectUnauthorized property. The property gets used by |
| 1787 | // TLSSocket connection handler to allow or reject connection if |
| 1788 | // unauthorized. |
| 1789 | // This check is potentially redundant, however it is better to keep it |
| 1790 | // in case the option object gets modified somewhere. |
| 1791 | if (options.rejectUnauthorized !== false) { |
| 1792 | this.destroy(verifyError); |
| 1793 | return; |
| 1794 | } |
| 1795 | debug('client emit secureConnect. rejectUnauthorized: %s, ' + |
| 1796 | 'authorizationError: %s', options.rejectUnauthorized, |
| 1797 | this.authorizationError); |
| 1798 | } else { |
| 1799 | this.authorized = true; |
| 1800 | debug('client emit secureConnect. authorized:', this.authorized); |
| 1801 | } |
| 1802 | this.secureConnecting = false; |
| 1803 | this.emit('secureConnect'); |
| 1804 | |
| 1805 | this[kIsVerified] = true; |
| 1806 | const session = this[kPendingSession]; |
| 1807 | this[kPendingSession] = null; |
| 1808 | if (session) |
| 1809 | this.emit('session', session); |
| 1810 |
nothing calls this directly
no test coverage detected