...

Author: jasnell

src/node_quic_crypto.cc

@@ -890,8 +890,8 @@ void InitializeTLS(QuicSession* session, SSL* ssl) {
   SSL_set_verify(ssl, SSL_VERIFY_NONE, crypto::VerifyCallback);
   SSL_set_quic_early_data_enabled(ssl, 1);
 
-  if (session->env()->options()->trace_tls)
-    session->EnableTrace();
+  // if (session->env()->options()->trace_tls)
+  //   session->EnableTrace();
 
   switch (session->Side()) {
     case NGTCP2_CRYPTO_SIDE_CLIENT: {
@@ -903,6 +903,8 @@ void InitializeTLS(QuicSession* session, SSL* ssl) {
       break;
     }
     case NGTCP2_CRYPTO_SIDE_SERVER: {
+  if (session->env()->options()->trace_tls)
+    session->EnableTrace();
       SSL_set_accept_state(ssl);
       if (session->IsOptionSet(QUICSERVERSESSION_OPTION_REQUEST_CERT)) {
         int verify_mode = SSL_VERIFY_PEER;

src/node_quic_session.cc

@@ -593,6 +593,7 @@ void QuicSession::HandleError() {
 // determines that the TLS Handshake is done. The only thing we
 // need to do at this point is let the javascript side know.
 void QuicSession::HandshakeCompleted() {
+  Debug(this, "Handshake is completed");
   session_stats_.handshake_completed_at = uv_hrtime();
 
   HandleScope scope(env()->isolate());
@@ -1433,12 +1434,6 @@ void QuicSession::SendPendingData() {
   }
 }
 
-// Notifies the ngtcp2_conn that the TLS handshake is completed.
-void QuicSession::SetHandshakeCompleted() {
-  DCHECK(!IsFlagSet(QUICSESSION_FLAG_DESTROYED));
-  ngtcp2_conn_handshake_completed(Connection());
-}
-
 void QuicSession::SetLocalAddress(const ngtcp2_addr* addr) {
   DCHECK(!IsFlagSet(QUICSESSION_FLAG_DESTROYED));
   ngtcp2_conn_set_local_addr(Connection(), addr);

src/node_quic_session.h

@@ -476,7 +476,6 @@ class QuicSession : public AsyncWrap,
   void RemoveConnectionID(const ngtcp2_cid* cid);
   void ScheduleRetransmit();
   bool SendPacket(const char* diagnostic_label = nullptr);
-  void SetHandshakeCompleted();
   void SetLocalAddress(const ngtcp2_addr* addr);
   void StreamClose(int64_t stream_id, uint64_t app_error_code);
   void StreamOpen(int64_t stream_id);

test/parallel/test-quic-client-server.js

@@ -142,8 +142,8 @@ server.on('session', common.mustCall((session) => {
   session.on('secure', common.mustCall((servername, alpn, cipher) => {
     // Should not error and should return true... also shouldn't
     // cause anything else to fail.
-setImmediate(() => {
-  assert(session.updateKey());
+
+    assert(session.updateKey());
 
     debug('QuicServerSession TLS Handshake Complete');
     debug('  Server name: %s', servername);
@@ -153,8 +153,11 @@ setImmediate(() => {
     assert.strictEqual(servername, kServerName);
     assert.strictEqual(session.alpnProtocol, alpn);
 
-    console.log(session.getPeerCertificate());
-//    assert.strictEqual(session.getPeerCertificate().subject.CN, 'agent1');
+    // TODO(@jasnell): Temporarily disable. Accessing the client
+    // certificate is currently broken with ngtcp2 and ngtcp2_crypto.
+    // See: https://github.com/ngtcp2/ngtcp2/issues/156
+    //
+    // assert.strictEqual(session.getPeerCertificate().subject.CN, 'agent1');
 
     // debug('QuicServerSession client is %sauthenticated',
     //       session.authenticated ? '' : 'not ');
@@ -169,7 +172,6 @@ setImmediate(() => {
     uni.on('finish', common.mustCall());
     uni.on('close', common.mustCall());
     uni.on('end', common.mustCall());
-})
   }));
 
   session.on('stream', common.mustCall((stream) => {
@@ -253,6 +255,8 @@ server.on('ready', common.mustCall(() => {
     assert.strictEqual(response.toString(), 'hello');
   }));
 
+  // TODO(@jasnell): Temporarily disabled while being fixed
+  //
   // req.on('sessionTicket', common.mustCall((id, ticket, params) => {
   //   debug('Session ticket received');
   //   assert(id instanceof Buffer);
@@ -273,7 +277,7 @@ server.on('ready', common.mustCall(() => {
     assert.strictEqual(alpn, kALPN);
     assert.strictEqual(req.alpnProtocol, kALPN);
     assert(req.ephemeralKeyInfo);
-    assert(req.getPeerCertificate());
+    assert.strictEqual(req.getPeerCertificate().subject.CN, 'agent1');
 
     debug('Client, min handshake ack: %f',
           req.handshakeAckHistogram.min);