(next)
| 52 | } |
| 53 | |
| 54 | function test(next) { |
| 55 | const options = { |
| 56 | cert: fixtures.readKey('rsa_cert.crt'), |
| 57 | key: fixtures.readKey('rsa_private.pem'), |
| 58 | }; |
| 59 | |
| 60 | const server = https.createServer(options, common.mustCallAtLeast((req, res) => { |
| 61 | const conn = req.connection; |
| 62 | conn.on('error', common.mustCallAtLeast((err) => { |
| 63 | console.error(`Caught exception: ${err}`); |
| 64 | assert.match(err.message, /TLS session renegotiation attack/); |
| 65 | conn.destroy(); |
| 66 | })); |
| 67 | res.end('ok'); |
| 68 | })); |
| 69 | |
| 70 | server.listen(0, common.mustCall(() => { |
| 71 | const agent = https.Agent({ |
| 72 | keepAlive: true, |
| 73 | }); |
| 74 | |
| 75 | let client; |
| 76 | let renegs = 0; |
| 77 | |
| 78 | const options = { |
| 79 | rejectUnauthorized: false, |
| 80 | agent, |
| 81 | }; |
| 82 | |
| 83 | const { port } = server.address(); |
| 84 | |
| 85 | https.get(`https://localhost:${port}/`, options, common.mustCall((res) => { |
| 86 | client = res.socket; |
| 87 | |
| 88 | client.on('close', common.mustCall((hadErr) => { |
| 89 | assert.strictEqual(hadErr, false); |
| 90 | assert.strictEqual(renegs, tls.CLIENT_RENEG_LIMIT + 1); |
| 91 | server.close(); |
| 92 | process.nextTick(next); |
| 93 | })); |
| 94 | |
| 95 | client.on('error', (err) => { |
| 96 | console.log('CLIENT ERR', err); |
| 97 | throw err; |
| 98 | }); |
| 99 | |
| 100 | spam(); |
| 101 | |
| 102 | // Simulate renegotiation attack |
| 103 | function spam() { |
| 104 | client.renegotiate({}, common.mustCallAtLeast((err) => { |
| 105 | assert.ifError(err); |
| 106 | assert.ok(renegs <= tls.CLIENT_RENEG_LIMIT); |
| 107 | setImmediate(spam); |
| 108 | }, 0)); |
| 109 | renegs++; |
| 110 | } |
| 111 | })); |
no test coverage detected
searching dependent graphs…