From ce531af0c27acf29dd05ab2fac19b4af88f8780d Mon Sep 17 00:00:00 2001 From: Richard Lau Date: Sun, 9 Jun 2024 17:50:08 +0100 Subject: [PATCH] test: update TLS tests for OpenSSL 3.2 Update the following TLS tests to account for error code changes in OpenSSL 3.2 and later. - `parallel/test-tls-empty-sni-context` - `parallel/test-tls-psk-circuit` PR-URL: https://github.com/nodejs/node/pull/53384 Refs: https://github.com/nodejs/node/issues/53382 Refs: https://github.com/openssl/openssl/pull/19950 Reviewed-By: Luigi Pinca Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Yagiz Nizipli --- test/common/index.js | 4 ++++ test/parallel/test-tls-empty-sni-context.js | 4 +++- test/parallel/test-tls-psk-circuit.js | 10 ++++++---- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/test/common/index.js b/test/common/index.js index 10efeef4f05c23..86667fd39deee1 100644 --- a/test/common/index.js +++ b/test/common/index.js @@ -63,6 +63,9 @@ const hasOpenSSL3 = hasCrypto && const hasOpenSSL31 = hasCrypto && require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000; +const hasOpenSSL32 = hasCrypto && + require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000; + const hasQuic = hasCrypto && !!process.config.variables.openssl_quic; function parseTestFlags(filename = process.argv[1]) { @@ -968,6 +971,7 @@ const common = { hasCrypto, hasOpenSSL3, hasOpenSSL31, + hasOpenSSL32, hasQuic, hasMultiLocalhost, invalidArgTypeHelper, diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js index 87219976a1ebda..3424e057bdef46 100644 --- a/test/parallel/test-tls-empty-sni-context.js +++ b/test/parallel/test-tls-empty-sni-context.js @@ -26,6 +26,8 @@ const server = tls.createServer(options, (c) => { }, common.mustNotCall()); c.on('error', common.mustCall((err) => { - assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'); + const expectedErr = common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; + assert.strictEqual(err.code, expectedErr); })); })); diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js index cef6735032ea6e..2b49161df8326c 100644 --- a/test/parallel/test-tls-psk-circuit.js +++ b/test/parallel/test-tls-psk-circuit.js @@ -62,9 +62,11 @@ test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' }); test({ psk: USERS.UserB, identity: 'UserB' }); test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' }); // Unrecognized user should fail handshake -test({ psk: USERS.UserB, identity: 'UserC' }, {}, - 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'); +const expectedHandshakeErr = common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; +test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr); // Recognized user but incorrect secret should fail handshake -test({ psk: USERS.UserA, identity: 'UserB' }, {}, - 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'); +const expectedIllegalParameterErr = common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'; +test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr); test({ psk: USERS.UserB, identity: 'UserB' });