Skip to content

Commit

Permalink
test: update tests for OpenSSL 3.0.14
Browse files Browse the repository at this point in the history
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed
to return an error reason string for bad/unknown application protocols.

Update tests to handle both the old `ECONNRESET` error on older versions
of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on
newer versions of OpenSSL.

Refs: openssl/openssl#24338
PR-URL: #53373
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
  • Loading branch information
richardlau authored and marco-ippolito committed Jul 19, 2024
1 parent 06374ef commit 059e47c
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 6 deletions.
3 changes: 2 additions & 1 deletion test/parallel/test-http2-https-fallback.js
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,8 @@ function onSession(session, next) {
// Incompatible ALPN TLS client
tls(Object.assign({ port, ALPNProtocols: ['fake'] }, clientOptions))
.on('error', common.mustCall((err) => {
strictEqual(err.code, 'ECONNRESET');
const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);
cleanup();
testNoALPN();
}));
Expand Down
3 changes: 2 additions & 1 deletion test/parallel/test-http2-server-unknown-protocol.js
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ server.listen(0, function() {
rejectUnauthorized: false,
ALPNProtocols: ['bogus']
}).on('error', common.mustCall((err) => {
assert.strictEqual(err.code, 'ECONNRESET');
const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);
}));
});
12 changes: 8 additions & 4 deletions test/parallel/test-tls-alpn-server-client.js
Original file line number Diff line number Diff line change
Expand Up @@ -184,15 +184,17 @@ function TestFatalAlert() {
server.listen(0, serverIP, common.mustCall(() => {
const { port } = server.address();

// The Node.js client will just report ECONNRESET because the connection
// The Node.js client will just report ECONNRESET (older OpenSSL) or
// ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL because the connection
// is severed before the TLS handshake completes.
tls.connect({
host: serverIP,
port,
rejectUnauthorized: false,
ALPNProtocols: ['bar']
}, common.mustNotCall()).on('error', common.mustCall((err) => {
assert.strictEqual(err.code, 'ECONNRESET');
const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);

// OpenSSL's s_client should output the TLS alert number, which is 120
// for the 'no_application_protocol' alert.
Expand Down Expand Up @@ -240,7 +242,8 @@ function TestALPNCallback() {

// Callback picks 2nd preference => undefined => ALPN rejected:
assert.strictEqual(results[1].server, undefined);
assert.strictEqual(results[1].client.error.code, 'ECONNRESET');
const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
assert.ok(allowedErrors.includes(results[1].client.error.code), `'${results[1].client.error.code}' was not one of ${allowedErrors}.`);

TestBadALPNCallback();
});
Expand All @@ -263,7 +266,8 @@ function TestBadALPNCallback() {
runTest(clientsOptions, serverOptions, function(results) {
// Callback returns 'http/5' => doesn't match client ALPN => error & reset
assert.strictEqual(results[0].server, undefined);
assert.strictEqual(results[0].client.error.code, 'ECONNRESET');
const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
assert.ok(allowedErrors.includes(results[0].client.error.code), `'${results[0].client.error.code}' was not one of ${allowedErrors}.`);

TestALPNOptionsCallback();
});
Expand Down

0 comments on commit 059e47c

Please sign in to comment.