From dc1bded7c41d61c378478d1ff3becf401f4f5c39 Mon Sep 17 00:00:00 2001 From: tanvipise Date: Tue, 17 Sep 2024 15:00:52 -0400 Subject: [PATCH] Added test for prefer tls mode and made it default --- .../test/integration/connection/tls-tests.js | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/packages/vertica-nodejs/test/integration/connection/tls-tests.js b/packages/vertica-nodejs/test/integration/connection/tls-tests.js index d3bbde0d..5d890ac7 100644 --- a/packages/vertica-nodejs/test/integration/connection/tls-tests.js +++ b/packages/vertica-nodejs/test/integration/connection/tls-tests.js @@ -37,8 +37,8 @@ const client_key_path = __dirname + '/../../tls/client_key.pem' // all connections from the client, the caveat being that for try_verify and verify_ca it's possible // for the connection to be plaintext if the client doesn't present valid credentials. suite.test('vertica tls - disable mode - all', function () { - var client = new vertica.Client() // 'disable' by default, so no need to pass in that option - assert.equal(client.tls_mode, vertica.defaults.tls_mode) + var client = new vertica.Client({tls_mode: 'disable'}) + assert.equal(client.tls_mode, 'disable') client.connect(err => { if (err) { // shouldn't fail to connect @@ -58,6 +58,35 @@ suite.test('vertica tls - disable mode - all', function () { }) }) +// Test case for tls_mode = 'prefer' as default +// The client will attempt to establish a TLS connection if the server supports it. +// If the server does not support TLS, the client will still connect using a plaintext connection. +// This test verifies that in 'prefer' mode, the client connects successfully. +suite.test('vertica tls - prefer mode', function () { + var client = new vertica.Client() // 'prefer' by default, so no need to pass in that option + assert.equal(client.tls_mode, vertica.defaults.tls_mode) + client.connect(err => { + if (err) { + console.log(err) + assert(false) + } + //Verify is client is using a TLS connection + client.query("SELECT mode FROM tls_configurations where name = 'server' LIMIT 1", (err, res) => { + if (err) { + console.log(err) + assert(false) + } + if (['ENABLE', 'TRY_VERIFY', 'VERIFY_CA', 'VERIFY_FULL'].includes(res.rows[0].mode)) { + assert.equal(client.connection.stream.constructor.name.toString(), "TLSSocket") + } + else { + assert.notEqual(client.connection.stream.constructor.name.toString(), "TLSSocket") + } + client.end() + }) + }) +}) + // Test case for tls_mode = 'require' // The server will not accept all connections from the client with the client in 'require' mode. The server // will reject a connection in DISABLE mode for obvious reasons (client requiring TLS + server disallowing TLS)