From c33d1616cdbd60587ca2eb326c48b8a87ac56092 Mon Sep 17 00:00:00 2001 From: Jeremy Judeaux Date: Thu, 2 Apr 2015 14:11:45 +0200 Subject: [PATCH 1/3] force cipher AES128-GCM-SHA256 in https tests --- test/lib-https-proxy-test.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/lib-https-proxy-test.js b/test/lib-https-proxy-test.js index 7a966f491..fbfabc94b 100644 --- a/test/lib-https-proxy-test.js +++ b/test/lib-https-proxy-test.js @@ -35,6 +35,7 @@ describe('lib/http-proxy.js', function() { ssl: { key: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-key.pem')), cert: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-cert.pem')), + ciphers: 'AES128-GCM-SHA256', } }).listen(ports.proxy); @@ -65,6 +66,7 @@ describe('lib/http-proxy.js', function() { var source = https.createServer({ key: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-key.pem')), cert: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-cert.pem')), + ciphers: 'AES128-GCM-SHA256', }, function (req, res) { expect(req.method).to.eql('GET'); expect(req.headers.host.split(':')[1]).to.eql(ports.proxy); @@ -105,6 +107,7 @@ describe('lib/http-proxy.js', function() { var source = https.createServer({ key: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-key.pem')), cert: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-cert.pem')), + ciphers: 'AES128-GCM-SHA256', }, function(req, res) { expect(req.method).to.eql('GET'); expect(req.headers.host.split(':')[1]).to.eql(ports.proxy); @@ -119,6 +122,7 @@ describe('lib/http-proxy.js', function() { ssl: { key: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-key.pem')), cert: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-cert.pem')), + ciphers: 'AES128-GCM-SHA256', }, secure: false }).listen(ports.proxy); @@ -150,6 +154,7 @@ describe('lib/http-proxy.js', function() { var source = https.createServer({ key: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-key.pem')), cert: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-cert.pem')), + ciphers: 'AES128-GCM-SHA256', }).listen(ports.source); var proxy = httpProxy.createProxyServer({ @@ -191,6 +196,7 @@ describe('lib/http-proxy.js', function() { var ownServer = https.createServer({ key: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-key.pem')), cert: fs.readFileSync(path.join(__dirname, 'fixtures', 'agent2-cert.pem')), + ciphers: 'AES128-GCM-SHA256', }, function (req, res) { proxy.web(req, res, { target: 'http://127.0.0.1:' + ports.source From 0ee314c436226391318b9a1b623cb3f7e8bf4df7 Mon Sep 17 00:00:00 2001 From: Jeremy Judeaux Date: Thu, 2 Apr 2015 14:22:26 +0200 Subject: [PATCH 2/3] fix expected error message when node 0.12.x --- test/lib-https-proxy-test.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/lib-https-proxy-test.js b/test/lib-https-proxy-test.js index fbfabc94b..643c726a3 100644 --- a/test/lib-https-proxy-test.js +++ b/test/lib-https-proxy-test.js @@ -166,7 +166,11 @@ describe('lib/http-proxy.js', function() { proxy.on('error', function (err, req, res) { expect(err).to.be.an(Error); - expect(err.toString()).to.be('Error: DEPTH_ZERO_SELF_SIGNED_CERT') + if (process.versions.node.indexOf('0.12.') == 0) { + expect(err.toString()).to.be('Error: self signed certificate') + } else { + expect(err.toString()).to.be('Error: DEPTH_ZERO_SELF_SIGNED_CERT') + } done(); }) From 5f14bcaa704fe8a5e6f59d3a89722f22958cade9 Mon Sep 17 00:00:00 2001 From: Jeremy Judeaux Date: Thu, 2 Apr 2015 14:23:58 +0200 Subject: [PATCH 3/3] fix protocol and default port detection on node 0.12.x, compatible with 0.10.x --- lib/http-proxy/common.js | 15 ++++++++++++++- lib/http-proxy/passes/web-incoming.js | 2 +- lib/http-proxy/passes/ws-incoming.js | 2 +- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/lib/http-proxy/common.js b/lib/http-proxy/common.js index 225324ebf..a169aafab 100644 --- a/lib/http-proxy/common.js +++ b/lib/http-proxy/common.js @@ -134,7 +134,20 @@ common.getPort = function(req) { return res ? res[1] : - req.connection.pair ? '443' : '80'; + common.hasEncryptedConnection(req) ? '443' : '80'; +}; + +/** + * Check if the request has an encrypted connection. + * + * @param {Request} req Incoming HTTP request. + * + * @return {Boolean} Whether the connection is encrypted or not. + * + * @api private + */ +common.hasEncryptedConnection = function(req) { + return Boolean(req.connection.encrypted || req.connection.pair); }; /** diff --git a/lib/http-proxy/passes/web-incoming.js b/lib/http-proxy/passes/web-incoming.js index 9f5ec20e0..4070eb316 100644 --- a/lib/http-proxy/passes/web-incoming.js +++ b/lib/http-proxy/passes/web-incoming.js @@ -64,7 +64,7 @@ web_o = Object.keys(web_o).map(function(pass) { function XHeaders(req, res, options) { if(!options.xfwd) return; - var encrypted = req.isSpdy || req.connection.encrypted || req.connection.pair; + var encrypted = req.isSpdy || common.hasEncryptedConnection(req); var values = { for : req.connection.remoteAddress || req.socket.remoteAddress, port : common.getPort(req), diff --git a/lib/http-proxy/passes/ws-incoming.js b/lib/http-proxy/passes/ws-incoming.js index b72e55702..8264be669 100644 --- a/lib/http-proxy/passes/ws-incoming.js +++ b/lib/http-proxy/passes/ws-incoming.js @@ -57,7 +57,7 @@ var passes = exports; var values = { for : req.connection.remoteAddress || req.socket.remoteAddress, port : common.getPort(req), - proto: req.connection.pair ? 'wss' : 'ws' + proto: common.hasEncryptedConnection(req) ? 'wss' : 'ws' }; ['for', 'port', 'proto'].forEach(function(header) {