Skip to content

Commit

Permalink
test: update TLS tests for OpenSSL 3.2
Browse files Browse the repository at this point in the history
Update the following TLS tests to account for error code changes
in OpenSSL 3.2 and later.
- `parallel/test-tls-empty-sni-context`
- `parallel/test-tls-psk-circuit`

PR-URL: nodejs#53384
Refs: nodejs#53382
Refs: openssl/openssl#19950
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
  • Loading branch information
richardlau authored Jun 9, 2024
1 parent 83d0cfe commit ce531af
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
4 changes: 4 additions & 0 deletions test/common/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ const hasOpenSSL3 = hasCrypto &&
const hasOpenSSL31 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;

const hasOpenSSL32 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;

const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;

function parseTestFlags(filename = process.argv[1]) {
Expand Down Expand Up @@ -968,6 +971,7 @@ const common = {
hasCrypto,
hasOpenSSL3,
hasOpenSSL31,
hasOpenSSL32,
hasQuic,
hasMultiLocalhost,
invalidArgTypeHelper,
Expand Down
4 changes: 3 additions & 1 deletion test/parallel/test-tls-empty-sni-context.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ const server = tls.createServer(options, (c) => {
}, common.mustNotCall());

c.on('error', common.mustCall((err) => {
assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
const expectedErr = common.hasOpenSSL32 ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
assert.strictEqual(err.code, expectedErr);
}));
}));
10 changes: 6 additions & 4 deletions test/parallel/test-tls-psk-circuit.js
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,11 @@ test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' });
test({ psk: USERS.UserB, identity: 'UserB' });
test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
// Unrecognized user should fail handshake
test({ psk: USERS.UserB, identity: 'UserC' }, {},
'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
const expectedHandshakeErr = common.hasOpenSSL32 ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr);
// Recognized user but incorrect secret should fail handshake
test({ psk: USERS.UserA, identity: 'UserB' }, {},
'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER');
const expectedIllegalParameterErr = common.hasOpenSSL32 ?
'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER';
test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr);
test({ psk: USERS.UserB, identity: 'UserB' });

0 comments on commit ce531af

Please sign in to comment.