This patch:
- Splits the validation tests into a separate file and keep the
test focus on functional test of the sessionTimeout option.
- Increase the testing timeout to 5 seconds in case it takes too
long for the first connection to complete and the session is
already expired when the second connection is started.
- Use a specific `sessionIdContext` to ensure stable session ID.
- Fix the s_client arguments by specifying CA file and server name.
- Do not use the serialized session ticket for the first connection.
That was genearted years ago and may not work in different OpenSSL
versions. Let the first fresh connection generate the ticket.
- Use random port instead of the common port.
- Add a timeout before the second connection to ensure session ticket
is properly written.
- Log information to faciliate debugging.
PR-URL: https://github.com/nodejs/node/pull/59423
Fixes: https://github.com/nodejs/node/issues/26839
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com>
Since `common/crypto` already exists, it makes sense to keep
crypto-related utilities there. The only exception being
common.hasCrypto which is needed up front to determine
if tests should be skipped.
Eliminate the redundant check in hasFipsCrypto and just
use crypto.getFips() directly where needed.
PR-URL: https://github.com/nodejs/node/pull/56714
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
For historical reasons, the second argument of SSL_CTX_set_timeout is a
signed integer, and Node.js has so far passed arbitrary (signed) int32_t
values. However, new versions of OpenSSL have changed the handling of
negative values inside SSL_CTX_set_timeout, and we should shield users
of Node.js from both the old and the new behavior. Hence, reject any
negative values by throwing an error from within createSecureContext.
Refs: https://github.com/openssl/openssl/pull/19082
PR-URL: https://github.com/nodejs/node/pull/53002
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Move test-tls-session-timeout from pummel to sequential. It isn't very
pummel-y and this will result in it being run on our CI more than once a
day. (It broke recently and it would have been caught if it was in
sequential rather than pummel.)
It must be in sequential rather than pummel because it uses
`common.PORT` which can result in test failures if more than one test
uses it at one time in parallel.
PR-URL: https://github.com/nodejs/node/pull/26865
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2019-03-22 13:57:24 -07:00
Renamed from test/pummel/test-tls-session-timeout.js (Browse further)
