testing

vertica · Oct 10, 2024 · 274a03e · 274a03e
1 parent 7542304
commit 274a03e
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 26 deletions.
diff --git a/packages/vertica-nodejs/lib/connection.js b/packages/vertica-nodejs/lib/connection.js
@@ -100,8 +100,16 @@ class Connection extends EventEmitter {
         case 'S': // Server supports TLS connections, continue with a secure connection
           break
         case 'N': // Server does not support TLS connections
-          self.stream.end()
-          return self.emit('error', new Error('The server does not support TLS connections'))
+          if (self.tls_mode == 'prefer') {
+            self.attachListeners(self.stream)
+
+            self.emit('sslconnect')
+            return
+          }
+          else {
+            self.stream.end()
+            return self.emit('error', new Error('The server does not support TLS connections'))
+          }
         default:
           // Any other response byte, including 'E' (ErrorResponse) indicating a server error
           self.stream.end()
@@ -128,25 +136,7 @@ class Connection extends EventEmitter {
         // With an undefined checkServerIdentity function, we are still checking to see that the server
         // certificate is signed by the CA (default or provided).
 
-        if (self.tls_mode === 'require') { // basic TLS connection, does not verify CA certificate
-          tls_options.rejectUnauthorized = false
-          tls_options.checkServerIdentity = (host , cert) => undefined
-          if (self.tls_trusted_certs) {
-            tls_options.ca = fs.readFileSync(self.tls_trusted_certs).toString()
-          }
-          /*if (self.tls_client_cert) {// the client won't know whether or not this is required, depends on server mode
-            tls_options.cert = fs.readFileSync(self.tls_client_cert).toString()
-          }
-          if (self.tls_client_key) {
-            tls_options.key = fs.readFileSync(self.tls_client_key).toString()
-          }*/
-          try {
-            self.stream = tls.connect(tls_options);
-          } catch (err) {
-            return self.emit('error', err)
-          }
-        }
-        else if (self.tls_mode === 'prefer') { // basic TLS connection, does not verify CA certificate
+        if (self.tls_mode === 'require' || self.tls_mode === 'prefer') { // basic TLS connection, does not verify CA certificate
           tls_options.rejectUnauthorized = false
           tls_options.checkServerIdentity = (host , cert) => undefined
           if (self.tls_trusted_certs) {
@@ -164,6 +154,24 @@ class Connection extends EventEmitter {
             return self.emit('error', err)
           }
         }
+        // else if (self.tls_mode === 'prefer') { // basic TLS connection, does not verify CA certificate
+        //   tls_options.rejectUnauthorized = false
+        //   tls_options.checkServerIdentity = (host , cert) => undefined
+        //   if (self.tls_trusted_certs) {
+        //     tls_options.ca = fs.readFileSync(self.tls_trusted_certs).toString()
+        //   }
+        //   /*if (self.tls_client_cert) {// the client won't know whether or not this is required, depends on server mode
+        //     tls_options.cert = fs.readFileSync(self.tls_client_cert).toString()
+        //   }
+        //   if (self.tls_client_key) {
+        //     tls_options.key = fs.readFileSync(self.tls_client_key).toString()
+        //   }*/
+        //   try {
+        //     self.stream = tls.connect(tls_options);
+        //   } catch (err) {
+        //     return self.emit('error', err)
+        //   }
+        // }
         else if (self.tls_mode === 'verify-ca') { //verify that the server certificate is signed by a trusted CA
           try {
             tls_options.rejectUnauthorized = true

diff --git a/packages/vertica-nodejs/test/integration/connection/tls-tests.js b/packages/vertica-nodejs/test/integration/connection/tls-tests.js
@@ -66,15 +66,15 @@ suite.test('vertica tls - prefer mode', function () {
   var client = new vertica.Client() // 'prefer' by default, so no need to pass in that option
   assert.equal(client.tls_mode, vertica.defaults.tls_mode)
   client.connect(err => {
-    if (err) {
-      // shouldn't fail to connect
-      assert(err.message.includes("The server does not support TLS connections")) // DISABLE mode, this is ok
-      return
-    }
+    // if (err) {
+    //   // shouldn't fail to connect
+    //   assert(false)      
+    // }
     // If connection succeeds, check for TLS connection
     client.query("SELECT mode FROM tls_configurations where name = 'server' LIMIT 1", (err, res) => {
       if (err) {
         console.log(err)
+        assert(false)
       }
       // Assert only if server supports TLS
       if (['ENABLE', 'TRY_VERIFY', 'VERIFY_CA', 'VERIFY_FULL'].includes(res.rows[0].mode)) {
@@ -85,6 +85,7 @@ suite.test('vertica tls - prefer mode', function () {
       }
       client.end()
     })
+    client.end()
   })
 })