Merge branch 'master' of github.com:luvit/luvit

luvit · May 2, 2012 · 3fad442 · 3fad442
2 parents d6af606 + d3b3953
commit 3fad442
Show file tree

Hide file tree

Showing 2 changed files with 111 additions and 1 deletion.
diff --git a/lib/luvit/tls.lua b/lib/luvit/tls.lua
@@ -421,6 +421,9 @@ end
 
 function CleartextStream:_pusher()
   dbg('CleartextStream:_pusher')
+  if not self.pair.ssl then
+    return -1
+  end
   return self.pair.ssl:clearOut()
 end
 
@@ -455,6 +458,9 @@ end
 
 function EncryptedStream:_pusher()
   dbg('EncryptedStream:_pusher')
+  if not self.pair.ssl then
+    return -1
+  end
   return self.pair.ssl:encOut()
 end
 
@@ -490,6 +496,9 @@ function SecurePair:initialize(credentials, isServer, requestCert, rejectUnautho
   if self._isServer == true then
     certOrServerName = self._requestCert
   else
+    if not options.servername then
+      error('servername is a required parameter')
+    end
     certOrServerName = options.servername
   end
 
@@ -818,8 +827,12 @@ function connect(...)
 
   socket:connect(options.port, options.host)
 
+  local servername = options.servername or options.host
+  if not servername then
+    error('host is a required parameter')
+  end
   local pair = SecurePair:new(sslcontext, false, true, options.rejectUnauthorized == true, {
-    servername = options.servername or options.host,
+    servername = servername
   })
 
   if options.session then

diff --git a/tests/test-tls-client-reject.lua b/tests/test-tls-client-reject.lua
@@ -0,0 +1,97 @@
+require('helper')
+local fixture = require('./fixture-tls')
+local tls = require('tls')
+
+local options = {
+  cert = fixture.certPem,
+  key = fixture.keyPem
+}
+local client_options = {
+  port = fixture.commonPort,
+  host = '127.0.0.1'
+}
+p(options)
+
+local connectCount = 0
+
+local server
+server = tls.createServer(options, function(socket)
+  connectCount = connectCount + 1
+  p(connectCount)
+  socket:on('data', function(data)
+    print(data)
+    assert(data == 'ok')
+  end)
+end)
+
+server:on('clientError', function(err)
+  print('got client error!')
+  p(err)
+  assert(false)
+end)
+
+local authorized = function()
+  local socket
+  local options = {
+    host = '127.0.0.1',
+    rejectUnauthorized = true,
+    ca = fixture.caPem,
+  }
+
+  socket = tls.connect(fixture.commonPort, options, function()
+    print("authorized() OK")
+    assert(socket.authorized == true)
+    socket:destroy()
+    server:close()
+  end)
+
+  socket:on('error', function(err)
+    print("authorized() error!\n")
+    print(err)
+    assert(false)
+  end)
+  socket:write('ok')
+end
+
+local rejectUnauthorized = function()
+  local socket
+  socket = tls.connect(fixture.commonPort, {
+    rejectUnauthorized = true,
+    host = '127.0.0.1'
+  }, function()
+    assert(false)
+  end)
+
+  socket:on('error', function(err)
+    assert(err == 'DEPTH_ZERO_SELF_SIGNED_CERT')
+    print('rejectUnauthorized() finished, now authorized()')
+    authorized()
+  end)
+
+  socket:write('ng')
+end
+
+local unauthorized = function()
+  local socket
+  socket = tls.connect(fixture.commonPort, { host = '127.0.0.1' }, function()
+    assert(socket.authorized == false)
+    socket:destroy()
+    print('unauthorized() finished, now rejectUnauthorized()')
+    rejectUnauthorized()
+  end)
+
+  socket:on('error', function(err)
+    print(err)
+    assert(false)
+  end)
+
+  socket:write('ok')
+end
+
+server:listen(fixture.commonPort, function()
+  unauthorized()
+end)
+
+process:on('exit', function()
+  assert(connectCount == 3)
+end)