Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 4b2a1ea

Browse filesBrowse files
Trottaddaleax
Trott
authored and
addaleax
committed
test: replace s_client in test-https-ci-reneg-attack
Replace `s_client` in test-https-ci-reneg-attack with built-in client calling `tls.renegotiate()`. This also fixes the currently-broken test. (It is broken due to a change in behavior in a recently-updated-in-core version of `s_client`.) PR-URL: #25720 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
1 parent bc81a68 commit 4b2a1ea
Copy full SHA for 4b2a1ea

File tree

Expand file treeCollapse file tree

1 file changed

+34
-38
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+34
-38
lines changed
Open diff view settings
Collapse file

‎test/pummel/test-https-ci-reneg-attack.js‎

Copy file name to clipboardExpand all lines: test/pummel/test-https-ci-reneg-attack.js
+34-38Lines changed: 34 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ if (!common.opensslCli)
2828
common.skip('node compiled without OpenSSL CLI.');
2929

3030
const assert = require('assert');
31-
const spawn = require('child_process').spawn;
3231
const tls = require('tls');
3332
const https = require('https');
3433
const fixtures = require('../common/fixtures');
@@ -63,50 +62,47 @@ function test(next) {
6362
});
6463

6564
server.listen(0, function() {
66-
const cmd = `s_client -connect 127.0.0.1:${server.address().port}`;
67-
const args = cmd.split(' ');
68-
const child = spawn(common.opensslCli, args);
69-
70-
child.stdout.resume();
71-
child.stderr.resume();
65+
const agent = https.Agent({
66+
keepAlive: true,
67+
});
7268

73-
// Count handshakes, start the attack after the initial handshake is done
74-
let handshakes = 0;
69+
let client;
7570
let renegs = 0;
7671

77-
child.stderr.on('data', function(data) {
78-
handshakes += ((String(data)).match(/verify return:1/g) || []).length;
79-
if (handshakes === 2) spam();
80-
renegs += ((String(data)).match(/RENEGOTIATING/g) || []).length;
81-
});
72+
const options = {
73+
rejectUnauthorized: false,
74+
agent
75+
};
8276

83-
child.on('exit', function() {
84-
assert.strictEqual(renegs, tls.CLIENT_RENEG_LIMIT + 1);
85-
server.close();
86-
process.nextTick(next);
87-
});
77+
const { port } = server.address();
78+
79+
https.get(`https://localhost:${port}/`, options, (res) => {
80+
client = res.socket;
8881

89-
let closed = false;
90-
child.stdin.on('error', function(err) {
91-
switch (err.code) {
92-
case 'ECONNRESET':
93-
case 'EPIPE':
94-
break;
95-
default:
96-
assert.strictEqual(err.code, 'ECONNRESET');
97-
break;
82+
client.on('close', function(hadErr) {
83+
assert.strictEqual(hadErr, false);
84+
assert.strictEqual(renegs, tls.CLIENT_RENEG_LIMIT + 1);
85+
server.close();
86+
process.nextTick(next);
87+
});
88+
89+
client.on('error', function(err) {
90+
console.log('CLIENT ERR', err);
91+
throw err;
92+
});
93+
94+
spam();
95+
96+
// simulate renegotiation attack
97+
function spam() {
98+
client.renegotiate({}, (err) => {
99+
assert.ifError(err);
100+
assert.ok(renegs <= tls.CLIENT_RENEG_LIMIT);
101+
setImmediate(spam);
102+
});
103+
renegs++;
98104
}
99-
closed = true;
100-
});
101-
child.stdin.on('close', function() {
102-
closed = true;
103105
});
104106

105-
// simulate renegotiation attack
106-
function spam() {
107-
if (closed) return;
108-
child.stdin.write('R\n');
109-
setTimeout(spam, 50);
110-
}
111107
});
112108
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.