-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: update tests for OpenSSL 3.0.14 #53373
Conversation
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338
fecfde6
to
25d62ec
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@richardlau Is there any chance you could make this conditional based on the version of OpenSSL? Otherwise, we'll likely forget about it and keep the old code here forever. |
It's going to be complicated -- there's currently four OpenSSL 3 lines:
and the change is only in the latest release of each of those four lines. |
@tniessen We'd end up with code like this repeated for each of the three tests: diff --git a/test/parallel/test-http2-https-fallback.js b/test/parallel/test-http2-https-fallback.js
index 8e0612375f4..8a1c06caad4 100644
--- a/test/parallel/test-http2-https-fallback.js
+++ b/test/parallel/test-http2-https-fallback.js
@@ -151,7 +151,14 @@ function onSession(session, next) {
// Incompatible ALPN TLS client
tls(Object.assign({ port, ALPNProtocols: ['fake'] }, clientOptions))
.on('error', common.mustCall((err) => {
- strictEqual(err.code, 'ECONNRESET');
+ // ECONNRESET prior to OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1.
+ const { OPENSSL_VERSION_NUMBER } = require('node:crypto').constants;
+ const expectedErr = (OPENSSL_VERSION_NUMBER < 0x300000e0 ||
+ (OPENSSL_VERSION_NUMBER >= 0x30100000 && OPENSSL_VERSION_NUMBER < 0x30100060) ||
+ (OPENSSL_VERSION_NUMBER >= 0x30200000 && OPENSSL_VERSION_NUMBER < 0x30200020) ||
+ (OPENSSL_VERSION_NUMBER >= 0x30300000 && OPENSSL_VERSION_NUMBER < 0x30300010)) ?
+ 'ECONNRESET' : 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL';
+ strictEqual(err.code, expectedErr);
cleanup();
testNoALPN();
})); If you think this is worth doing I can update this PR, but I think this is harder to read. |
@richardlau It's entirely up to you :) |
In which case I'll land as-is as this has a passing CI, approvals and no blocks 🙂. |
Landed in 14863e8 |
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Older versions do fail the tests against newer OpenSSL versions, so could this be backported to v18 and v20? |
Once it's gone out in a current (i.e. Node.js 22) release first. |
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: nodejs#53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: nodejs#53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols.
Update tests to handle both the old
ECONNRESET
error on older versions of OpenSSL and the newERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL
on newer versions of OpenSSL.Refs: openssl/openssl#24338
Addresses these failures (Node.js dynamically linked against OpenSSL 3.0.14 -- I first noticed these (and other failures) with OpenSSL 3.2.2):
cc @nodejs/crypto