From fae020ef11d5a9bdaddba64fc34a2877951f274c Mon Sep 17 00:00:00 2001 From: Ankita Kulkarni Date: Fri, 25 Sep 2015 11:21:40 -0400 Subject: [PATCH] https: throw Error if required params missing Throw an error when required parameters are missing. Handles ciphers that requires no auth. Does not throw error If pfx option is provided. Additional tests added for the same. Fixes: https://github.com/nodejs/node/issues/3024 PR-URL: https://github.com/nodejs/node/pull/3064 --- lib/_tls_wrap.js | 20 ++++++++++++++++++-- test/parallel/test-https-pfx.js | 15 +++++++++++++++ test/parallel/test-https-server-options.js | 21 +++++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 test/parallel/test-https-server-options.js diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 887db012e78402..d2ee04e0e669c5 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -869,9 +869,25 @@ Server.prototype.setOptions = function(options) { } if (options.pfx) this.pfx = options.pfx; - if (options.key) this.key = options.key; + var defaultCiphers = options.ciphers === tls.DEFAULT_CIPHERS; + if (!options.key) { + if ((options.ciphers === undefined || defaultCiphers) && !options.pfx) { + throw new Error('key is a required parameter for Server.createServer'); + } + } else { + this.key = options.key; + } + if (options.passphrase) this.passphrase = options.passphrase; - if (options.cert) this.cert = options.cert; + + if (!options.cert) { + if ((options.ciphers === undefined || defaultCiphers) && !options.pfx) { + throw new Error('cert is a required parameter for Server.createServer'); + } + } else { + this.cert = options.cert; + } + if (options.ca) this.ca = options.ca; if (options.secureProtocol) this.secureProtocol = options.secureProtocol; if (options.crl) this.crl = options.crl; diff --git a/test/parallel/test-https-pfx.js b/test/parallel/test-https-pfx.js index 5e080b4e3ded12..122c29a957f830 100644 --- a/test/parallel/test-https-pfx.js +++ b/test/parallel/test-https-pfx.js @@ -21,6 +21,15 @@ var options = { rejectUnauthorized: false }; +var options1 = { + host: '127.0.0.1', + port: common.PORT, + path: '/', + pfx: pfx, + passphrase: 'sample', + requestCert: true +}; + var server = https.createServer(options, function(req, res) { assert.equal(req.socket.authorized, false); // not a client cert assert.equal(req.socket.authorizationError, 'DEPTH_ZERO_SELF_SIGNED_CERT'); @@ -28,6 +37,12 @@ var server = https.createServer(options, function(req, res) { res.end('OK'); }); +assert.doesNotThrow(() => https.createServer(options1, assert.fail), + 'cert is a required parameter for Server.createServer'); + +assert.doesNotThrow(() => https.createServer(options1, assert.fail), + 'key is a required parameter for Server.createServer'); + server.listen(options.port, options.host, function() { var data = ''; diff --git a/test/parallel/test-https-server-options.js b/test/parallel/test-https-server-options.js new file mode 100644 index 00000000000000..2c3854b6d8c147 --- /dev/null +++ b/test/parallel/test-https-server-options.js @@ -0,0 +1,21 @@ +'use strict'; +const common = require('../common'); +const assert = require('assert'); +const https = require('https'); +const fs = require('fs'); + +const options1 = { + key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem', 'ascii'), + crt: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem', 'ascii') +}; + +const options2 = { + ky: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem', 'ascii'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem', 'ascii') +}; + +assert.throws(() => https.createServer(options1, assert.fail), +'cert is a required parameter for Server.createServer'); + +assert.throws(() => https.createServer(options2, assert.fail), +'key is a required parameter for Server.createServer');