wip: tls handshake testing

Author: tegefaulkes

src/config.ts

@@ -15,6 +15,7 @@ export type TlsConfig = {
 
 type QUICConfig = {
   tlsConfig: TlsConfig | undefined;
+  verifyFromPemFile: string | undefined;
   supportedPrivateKeyAlgos: string | undefined;
   verifyPeer: boolean;
   logKeys: string | undefined;
@@ -34,9 +35,10 @@ type QUICConfig = {
 
 const clientDefault: QUICConfig = {
   tlsConfig: undefined,
+  verifyFromPemFile: undefined,
   supportedPrivateKeyAlgos: supportedPrivateKeyAlgosDefault,
   logKeys: undefined,
-  verifyPeer: false,
+  verifyPeer: true,
   grease: true,
   maxIdleTimeout: 5000,
   maxRecvUdpPayloadSize: quiche.MAX_DATAGRAM_SIZE,
@@ -59,6 +61,7 @@ const clientDefault: QUICConfig = {
 
 const serverDefault: QUICConfig = {
   tlsConfig: undefined,
+  verifyFromPemFile: undefined,
   supportedPrivateKeyAlgos: supportedPrivateKeyAlgosDefault,
   logKeys: undefined,
   verifyPeer: false,
@@ -102,6 +105,9 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig {
       quicheConfig.loadPrivKeyFromPemFile(config.tlsConfig.privKeyFromPemFile);
     }
   }
+  if (config.verifyFromPemFile != null) {
+    quicheConfig.loadVerifyLocationsFromFile(config.verifyFromPemFile);
+  }
   if (config.logKeys != null) {
     quicheConfig.logKeys();
   }

tests/QUICClient.test.ts

@@ -9,6 +9,7 @@ import * as errors from '@/errors';
 import { fc } from '@fast-check/jest';
 import * as tlsUtils from './tlsUtils';
 import * as certFixtures from './fixtures/certFixtures';
+import { promise } from "@/utils";
 
 const tlsArb = fc.oneof(
   certFixtures.tlsConfigExampleArb,
@@ -243,6 +244,43 @@ describe(QUICClient.name, () => {
       await server.stop();
     });
   })
+  describe('graceful tls handshake', () => {
+    test('handshake succeeds', async () => {
+      const server = new QUICServer({
+        crypto,
+        logger: logger.getChild(QUICServer.name),
+        config: {
+          tlsConfig: certFixtures.tlsConfigFileRSA1,
+          verifyPeer: true,
+          verifyFromPemFile: certFixtures.tlsConfigFileRSA2.certChainFromPemFile
+        }
+      });
+      const handleConnectionEventProm = promise<any>()
+      server.addEventListener('connection', handleConnectionEventProm.resolveP);
+      await server.start({
+        host: '127.0.0.1' as Host,
+      });
+      // Connection should succeed
+      const client = await QUICClient.createQUICClient({
+        host: '::ffff:127.0.0.1' as Host,
+        port: server.port,
+        localHost: '::' as Host,
+        crypto,
+        logger: logger.getChild(QUICClient.name),
+        config: {
+          verifyPeer: false,
+          tlsConfig: certFixtures.tlsConfigFileRSA2,
+          verifyFromPemFile: certFixtures.tlsConfigFileRSA2.certChainFromPemFile
+        }
+      });
+      await handleConnectionEventProm.p
+      await client.destroy();
+      await server.stop();
+    })
+    test.todo('handshake fails validation for server')
+    test.todo('handshake fails validation for client')
+    test.todo('handshake fails validation for both')
+  })
 
   // test('dual stack to dual stack', async () => {