fix(client-certificates): errors during http2 TLS handshake

mxschmitt · mxschmitt · commit 4e3f764b0136 · 2024-08-22T09:37:54.000+02:00
diff --git a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts
@@ -211,7 +211,7 @@ class SocksProxyConnection {
           secureContext: this.socksProxy.secureContextMap.get(new URL(`https://${this.host}:${this.port}`).origin),
         });
 
-        targetTLS.once('secureConnect', () => {
+        targetTLS.once('session', () => {
           internalTLS.pipe(targetTLS);
           targetTLS.pipe(internalTLS);
         });
diff --git a/tests/library/client-certificates.spec.ts b/tests/library/client-certificates.spec.ts
@@ -461,7 +461,7 @@ test.describe('browser', () => {
     });
 
     await new Promise<void>(resolve => server.listen(0, 'localhost', resolve));
-    const port = (server.address() as import('net').AddressInfo).port;
+    const port = (server.address() as net.AddressInfo).port;
     const origin = 'https://' + (browserName === 'webkit' && platform === 'darwin' ? 'local.playwright' : 'localhost');
     const serverUrl = `${origin}:${port}`;
 
@@ -671,6 +671,43 @@ test.describe('browser', () => {
     await page.close();
   });
 
+  test.only('should handle TLS renegotiation error with HTTP/2 and TLS 1.2', async ({ browser, asset, browserName, platform }) => {
+    const server: http2.Http2SecureServer = createHttp2Server({
+      key: fs.readFileSync(asset('client-certificates/server/server_key.pem')),
+      cert: fs.readFileSync(asset('client-certificates/server/server_cert.pem')),
+      ca: [fs.readFileSync(asset('client-certificates/server/server_cert.pem'))],
+      requestCert: true,
+    }, async (req: http2.Http2ServerRequest, res: http2.Http2ServerResponse) => {
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end('Hello world');
+    });
+
+    await new Promise<void>(resolve => server.listen(0, 'localhost', resolve));
+    const port = (server.address() as net.AddressInfo).port;
+    const serverUrl = 'https://' + (browserName === 'webkit' && platform === 'darwin' ? 'local.playwright' : 'localhost') + ':' + port;
+
+    const context = await browser.newContext({
+      ignoreHTTPSErrors: true,
+      clientCertificates: [{
+        origin: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com',
+        certPath: asset('client-certificates/client/trusted/cert.pem'),
+        keyPath: asset('client-certificates/client/trusted/key.pem'),
+      }],
+    });
+
+    const page = await context.newPage();
+
+    const response = await page.goto(serverUrl);
+    expect(response.status()).toBe(503);
+
+    const responseText = await response.text();
+    expect(responseText).toContain('Playwright client-certificate error');
+    expect(responseText).toContain('alert certificate required');
+
+    await context.close();
+    await new Promise<void>(resolve => server.close(() => resolve()));
+  });
+
   test.describe('persistentContext', () => {
     test('validate input', async ({ launchPersistent }) => {
       test.slow();
