Skip to content

Commit

Permalink
TLS/SSL: TLSSocket emits 'error' on handshake failure
Browse files Browse the repository at this point in the history
  • Loading branch information
lekoder committed Oct 7, 2016
1 parent b2534f1 commit f240da5
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -426,7 +426,13 @@ TLSSocket.prototype._init = function(socket, wrap) {

// Destroy socket if error happened before handshake's finish
if (!self._secureEstablished) {
self.destroy(self._tlsError(err));
if (!self._controlReleased) {
// When handshake fails control is not yet released,
// so self._tlsError will return null instead of actual error
self.destroy(err);
} else {
self.destroy(self._tlsError(err));
}
} else if (options.isServer &&
rejectUnauthorized &&
/peer did not return a certificate/.test(err.message)) {
Expand Down
38 changes: 38 additions & 0 deletions test/parallel/test-tls-failed-handshake-emits-error.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
'use strict';
const common = require('../common');

if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const tls = require('tls');
const net = require('net');
const assert = require('assert');

const bonkers = Buffer.alloc(1024, 42);

const server = net.createServer(function(c) {
setTimeout(function() {
const s = new tls.TLSSocket(c, {
isServer: true,
server: server
});

s.on('error', common.mustCall(function(e) {
assert.ok(e instanceof Error,
'Instance of Error should be passed to error handler');
assert.ok(e.message.match(
/SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/),
'Expecting SSL unknown protocol');
}));

s.on('close', function() {
server.close();
s.destroy();
});
}, common.platformTimeout(200));
}).listen(0, function() {
const c = net.connect({port: this.address().port}, function() {
c.write(bonkers);
});
});

0 comments on commit f240da5

Please sign in to comment.