node/test/parallel/test-tls-friendly-error-mes...

var common = require('../common');
var assert = require('assert');

if (!common.hasCrypto) {
  console.log('1..0 # Skipped: missing crypto');
  process.exit();
}
var tls = require('tls');

var fs = require('fs');

var key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');
var cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');

tls.createServer({ key: key, cert: cert }, function(conn) {
  conn.end();
  this.close();
}).listen(common.PORT, function() {
  var options = { port: this.address().port, rejectUnauthorized: true };
  tls.connect(options).on('error', common.mustCall(function(err) {
    assert.equal(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
    assert.equal(err.message, 'unable to verify the first certificate');
    this.destroy();
  }));
});
tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people. 2014-01-18 01:15:36 +08:00			`var common = require('../common');`
			`var assert = require('assert');`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 09:11:21 +08:00
			`if (!common.hasCrypto) {`
			`console.log('1..0 # Skipped: missing crypto');`
			`process.exit();`
			`}`
tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people. 2014-01-18 01:15:36 +08:00			`var tls = require('tls');`

test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 09:11:21 +08:00			`var fs = require('fs');`

tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people. 2014-01-18 01:15:36 +08:00			`var key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');`
			`var cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');`

			`tls.createServer({ key: key, cert: cert }, function(conn) {`
			`conn.end();`
			`this.close();`
test: split test in parallel/sequential Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> PR-URL: https://github.com/iojs/io.js/pull/172 Fix: iojs/io.js#139 2014-12-17 21:30:04 +08:00			`}).listen(common.PORT, function() {`
tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people. 2014-01-18 01:15:36 +08:00			`var options = { port: this.address().port, rejectUnauthorized: true };`
			`tls.connect(options).on('error', common.mustCall(function(err) {`
			`assert.equal(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');`
			`assert.equal(err.message, 'unable to verify the first certificate');`
			`this.destroy();`
			`}));`
			`});`