Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: handle timeouts during tls negotiation for strict encryption #1564

Merged
merged 10 commits into from
Sep 17, 2023
+73 −9
Merged

fix: handle timeouts during tls negotiation for strict encryption #1564

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4512cdb
chore: handle timeout for tlssocket
MichaelSun90 Jul 28, 2023
17ebfd8
chore: remove 7_1 check for 2022
MichaelSun90 Jul 28, 2023
6544afc
Revert "chore: remove 7_1 check for 2022"
MichaelSun90 Aug 2, 2023
155744d
Revert changes from connection-test.js
MichaelSun90 Aug 2, 2023
62c0b07
chore: new signal API and add test case
MichaelSun90 Aug 3, 2023
4bcd956
Merge branch 'master' into michael-TLStimeout
MichaelSun90 Aug 8, 2023
bdd32e3
chore: fix some minor issues
MichaelSun90 Sep 6, 2023
c349ba1
check if signal was aborted
arthurschreiber Sep 17, 2023
cd9e903
Move this test to be a unit test.
arthurschreiber Sep 17, 2023
33ab74b
cleanup unused reference.
arthurschreiber Sep 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 40 additions & 8 deletions src/connection.ts
View file
Original file line number Diff line number Diff line change
@@ -1931,7 +1931,8 @@ class Connection extends EventEmitter {
});
}, (err) => {
this.clearConnectTimer();
if (err.name === 'AbortError') {

if (signal.aborted) {
// Ignore the AbortError for now, this is still handled by the connectTimer firing
return;
}
@@ -2008,7 +2009,9 @@ class Connection extends EventEmitter {
this.transitionTo(this.STATE.SENT_PRELOGIN);
}

wrapWithTls(socket: net.Socket): Promise<tls.TLSSocket> {
wrapWithTls(socket: net.Socket, signal: AbortSignal): Promise<tls.TLSSocket> {
signal.throwIfAborted();

return new Promise((resolve, reject) => {
const secureContext = tls.createSecureContext(this.secureContextOptions);
// If connect to an ip address directly,
@@ -2023,12 +2026,41 @@ class Connection extends EventEmitter {
servername: this.config.options.serverName ? this.config.options.serverName : serverName,
};

const encryptsocket = tls.connect(encryptOptions, () => {
encryptsocket.removeListener('error', reject);
const encryptsocket = tls.connect(encryptOptions);

const onAbort = () => {
encryptsocket.removeListener('error', onError);
encryptsocket.removeListener('connect', onConnect);

encryptsocket.destroy();

reject(signal.reason);
};

const onError = (err: Error) => {
signal.removeEventListener('abort', onAbort);

encryptsocket.removeListener('error', onError);
encryptsocket.removeListener('connect', onConnect);

encryptsocket.destroy();

reject(err);
};

const onConnect = () => {
signal.removeEventListener('abort', onAbort);

encryptsocket.removeListener('error', onError);
encryptsocket.removeListener('connect', onConnect);

resolve(encryptsocket);
});
};

signal.addEventListener('abort', onAbort, { once: true });

encryptsocket.once('error', reject);
encryptsocket.on('error', onError);
encryptsocket.on('secureConnect', onConnect);
});
}

@@ -2047,7 +2079,7 @@ class Connection extends EventEmitter {
if (this.config.options.encrypt === 'strict') {
try {
// Wrap the socket with TLS for TDS 8.0
socket = await this.wrapWithTls(socket);
socket = await this.wrapWithTls(socket, signal);
} catch (err) {
socket.end();

@@ -2059,7 +2091,7 @@ class Connection extends EventEmitter {
})().catch((err) => {
this.clearConnectTimer();

if (err.name === 'AbortError') {
if (signal.aborted) {
return;
}

34 changes: 33 additions & 1 deletion test/unit/connection-test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import * as net from 'net';
import { Connection } from '../../src/tedious';
import { Connection, ConnectionError } from '../../src/tedious';
import { assert } from 'chai';

describe('Using `strict` encryption', function() {
@@ -42,4 +42,36 @@ describe('Using `strict` encryption', function() {
done();
});
});

it('handles connection timeout when performing tls handshake', function(done) {
server.on('connection', (connection) => {
setTimeout(() => {
connection.destroy();
}, 4000);
});

const addressInfo = server.address() as net.AddressInfo;

const connection = new Connection({
server: addressInfo?.address,
options: {
port: addressInfo?.port,
encrypt: 'strict',
connectTimeout: 3000
}
});

connection.connect((err) => {
assert.instanceOf(err, ConnectionError);

const message = `Failed to connect to ${addressInfo?.address}:${addressInfo?.port} in 3000ms`;
assert.equal(err!.message, message);

connection.close();
});

connection.on('end', () => {
done();
});
});
});