|
 |
9500a8 |
From 777b49d1623b2de845b14331a2ffa51b28783dff Mon Sep 17 00:00:00 2001
|
|
|
3f476a |
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
|
|
|
f0ceb1 |
Date: Wed, 7 Jul 2021 13:37:49 +0200
|
|
|
9500a8 |
Subject: [PATCH 5/7] Adjust tests expectations
|
|
|
3f476a |
MIME-Version: 1.0
|
|
|
3f476a |
Content-Type: text/plain; charset=UTF-8
|
|
|
3f476a |
Content-Transfer-Encoding: 8bit
|
|
|
3f476a |
|
|
|
3f476a |
- Modify expected error messages
|
|
|
3f476a |
|
|
|
3f476a |
- https-agent-create-connection: Establish secure connection
|
|
|
3f476a |
|
|
|
3f476a |
- Add back workaround for OpenSSL 1.0
|
|
|
3f476a |
|
|
|
3f476a |
This reverts commit ba7551cad8abd2e460763b06efa4207be96a7a19.
|
|
|
3f476a |
|
|
|
3f476a |
- tls-dhe: Do not hang on unexpected cipher
|
|
|
3f476a |
|
|
|
f0ceb1 |
- Adjust expected identification of external JSStream
|
|
|
3f476a |
|
|
|
3f476a |
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
|
3f476a |
---
|
|
|
3f476a |
test/parallel/test-crypto.js | 4 +-
|
|
|
3f476a |
.../test-https-agent-create-connection.js | 2 +-
|
|
|
3f476a |
.../test-https-agent-session-eviction.js | 42 +++++++++++++++----
|
|
|
3f476a |
test/parallel/test-tls-alert-handling.js | 2 +-
|
|
|
3f476a |
test/parallel/test-tls-dhe.js | 5 ++-
|
|
|
3f476a |
test/parallel/test-tls-empty-sni-context.js | 2 +-
|
|
|
3f476a |
test/parallel/test-tls-env-bad-extra-ca.js | 2 +-
|
|
|
3f476a |
test/parallel/test-tls-min-max-version.js | 15 ++++---
|
|
|
3f476a |
test/parallel/test-util-inspect.js | 2 +-
|
|
|
3f476a |
9 files changed, 55 insertions(+), 21 deletions(-)
|
|
|
3f476a |
|
|
|
3f476a |
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
|
|
|
9500a8 |
index 6b65af5a39..1b1cf76088 100644
|
|
|
3f476a |
--- a/test/parallel/test-crypto.js
|
|
|
3f476a |
+++ b/test/parallel/test-crypto.js
|
|
|
3f476a |
@@ -240,9 +240,9 @@ assert.throws(() => {
|
|
|
3f476a |
}, (err) => {
|
|
|
3f476a |
// Do the standard checks, but then do some custom checks afterwards.
|
|
|
3f476a |
assert.throws(() => { throw err; }, {
|
|
|
3f476a |
- message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag',
|
|
|
3f476a |
+ message: 'error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag',
|
|
|
3f476a |
library: 'asn1 encoding routines',
|
|
|
3f476a |
- function: 'asn1_check_tlen',
|
|
|
3f476a |
+ function: 'ASN1_CHECK_TLEN',
|
|
|
3f476a |
reason: 'wrong tag',
|
|
|
3f476a |
code: 'ERR_OSSL_ASN1_WRONG_TAG',
|
|
|
3f476a |
});
|
|
|
3f476a |
diff --git a/test/parallel/test-https-agent-create-connection.js b/test/parallel/test-https-agent-create-connection.js
|
|
|
3f476a |
index d4840298aa..dcd1927b57 100644
|
|
|
3f476a |
--- a/test/parallel/test-https-agent-create-connection.js
|
|
|
3f476a |
+++ b/test/parallel/test-https-agent-create-connection.js
|
|
|
3f476a |
@@ -145,7 +145,7 @@ function createServer() {
|
|
|
3f476a |
};
|
|
|
3f476a |
|
|
|
3f476a |
const socket = agent.createConnection(port, host, options);
|
|
|
3f476a |
- socket.on('connect', common.mustCall((data) => {
|
|
|
3f476a |
+ socket.on('secure', common.mustCall((data) => {
|
|
|
3f476a |
socket.end();
|
|
|
3f476a |
}));
|
|
|
3f476a |
socket.on('end', common.mustCall(() => {
|
|
|
3f476a |
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
|
|
|
3f476a |
index 3f5cd36e8b..8e13b150bb 100644
|
|
|
3f476a |
--- a/test/parallel/test-https-agent-session-eviction.js
|
|
|
3f476a |
+++ b/test/parallel/test-https-agent-session-eviction.js
|
|
|
3f476a |
@@ -7,8 +7,10 @@ const { readKey } = require('../common/fixtures');
|
|
|
3f476a |
if (!common.hasCrypto)
|
|
|
3f476a |
common.skip('missing crypto');
|
|
|
3f476a |
|
|
|
3f476a |
+const assert = require('assert');
|
|
|
3f476a |
const https = require('https');
|
|
|
3f476a |
-const { SSL_OP_NO_TICKET } = require('crypto').constants;
|
|
|
3f476a |
+const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =
|
|
|
3f476a |
+ require('crypto').constants;
|
|
|
3f476a |
|
|
|
3f476a |
const options = {
|
|
|
3f476a |
key: readKey('agent1-key.pem'),
|
|
|
3f476a |
@@ -58,12 +60,38 @@ function second(server, session) {
|
|
|
3f476a |
res.resume();
|
|
|
3f476a |
});
|
|
|
3f476a |
|
|
|
3f476a |
- // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
|
|
|
3f476a |
- // connection to the TLS 1.0 server should work.
|
|
|
3f476a |
- req.on('response', common.mustCall(function(res) {
|
|
|
3f476a |
- // The test is now complete for OpenSSL 1.1.0.
|
|
|
3f476a |
- server.close();
|
|
|
3f476a |
- }));
|
|
|
3f476a |
+ if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
|
|
|
3f476a |
+ // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
|
|
|
3f476a |
+ // connection to the TLS 1.0 server should work.
|
|
|
3f476a |
+ req.on('response', common.mustCall(function(res) {
|
|
|
3f476a |
+ // The test is now complete for OpenSSL 1.1.0.
|
|
|
3f476a |
+ server.close();
|
|
|
3f476a |
+ }));
|
|
|
3f476a |
+ } else {
|
|
|
3f476a |
+ // OpenSSL 1.0.x mistakenly locked versions based on the session it was
|
|
|
3f476a |
+ // offering. This causes this sequent request to fail. Let it fail, but
|
|
|
3f476a |
+ // test that this is mitigated on the next try by invalidating the session.
|
|
|
3f476a |
+ req.on('error', common.mustCall(function(err) {
|
|
|
3f476a |
+ assert(/wrong version number/.test(err.message));
|
|
|
3f476a |
+
|
|
|
3f476a |
+ req.on('close', function() {
|
|
|
3f476a |
+ third(server);
|
|
|
3f476a |
+ });
|
|
|
3f476a |
+ }));
|
|
|
3f476a |
+ }
|
|
|
3f476a |
+ req.end();
|
|
|
3f476a |
+}
|
|
|
3f476a |
|
|
|
3f476a |
+// Try one more time - session should be evicted!
|
|
|
3f476a |
+function third(server) {
|
|
|
3f476a |
+ const req = https.request({
|
|
|
3f476a |
+ port: server.address().port,
|
|
|
3f476a |
+ rejectUnauthorized: false
|
|
|
3f476a |
+ }, function(res) {
|
|
|
3f476a |
+ res.resume();
|
|
|
3f476a |
+ assert(!req.socket.isSessionReused());
|
|
|
3f476a |
+ server.close();
|
|
|
3f476a |
+ });
|
|
|
3f476a |
+ req.on('error', common.mustNotCall());
|
|
|
3f476a |
req.end();
|
|
|
3f476a |
}
|
|
|
3f476a |
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
|
|
|
3f476a |
index f9f42e2d51..9dc4637ff0 100644
|
|
|
3f476a |
--- a/test/parallel/test-tls-alert-handling.js
|
|
|
3f476a |
+++ b/test/parallel/test-tls-alert-handling.js
|
|
|
3f476a |
@@ -33,7 +33,7 @@ let iter = 0;
|
|
|
3f476a |
const errorHandler = common.mustCall((err) => {
|
|
|
3f476a |
assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
3f476a |
assert.strictEqual(err.library, 'SSL routines');
|
|
|
3f476a |
- assert.strictEqual(err.function, 'ssl3_get_record');
|
|
|
3f476a |
+ assert.strictEqual(err.function, 'SSL3_GET_RECORD');
|
|
|
3f476a |
assert.strictEqual(err.reason, 'wrong version number');
|
|
|
3f476a |
errorReceived = true;
|
|
|
3f476a |
if (canCloseServer())
|
|
|
3f476a |
diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js
|
|
|
3f476a |
index ef645ce1b6..737330345b 100644
|
|
|
3f476a |
--- a/test/parallel/test-tls-dhe.js
|
|
|
3f476a |
+++ b/test/parallel/test-tls-dhe.js
|
|
|
3f476a |
@@ -81,8 +81,8 @@ function test(keylen, expectedCipher, cb) {
|
|
|
3f476a |
const reg = new RegExp(`Cipher : ${expectedCipher}`);
|
|
|
3f476a |
if (reg.test(out)) {
|
|
|
3f476a |
nsuccess++;
|
|
|
3f476a |
- server.close();
|
|
|
3f476a |
}
|
|
|
3f476a |
+ server.close();
|
|
|
3f476a |
});
|
|
|
3f476a |
});
|
|
|
3f476a |
}
|
|
|
3f476a |
@@ -104,6 +104,7 @@ function test2048() {
|
|
|
3f476a |
}
|
|
|
3f476a |
|
|
|
3f476a |
function testError() {
|
|
|
3f476a |
+ // this one fails
|
|
|
3f476a |
test('error', 'ECDHE-RSA-AES128-SHA256', test512);
|
|
|
3f476a |
ntests++;
|
|
|
3f476a |
}
|
|
|
3f476a |
@@ -111,6 +112,6 @@ function testError() {
|
|
|
3f476a |
test1024();
|
|
|
3f476a |
|
|
|
3f476a |
process.on('exit', function() {
|
|
|
3f476a |
- assert.strictEqual(ntests, nsuccess);
|
|
|
3f476a |
+ assert.strictEqual(nsuccess, 2);
|
|
|
3f476a |
assert.strictEqual(ntests, 3);
|
|
|
3f476a |
});
|
|
|
3f476a |
diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js
|
|
|
3f476a |
index 9b963e6629..fe8753c602 100644
|
|
|
3f476a |
--- a/test/parallel/test-tls-empty-sni-context.js
|
|
|
3f476a |
+++ b/test/parallel/test-tls-empty-sni-context.js
|
|
|
3f476a |
@@ -26,6 +26,6 @@ const server = tls.createServer(options, (c) => {
|
|
|
3f476a |
}, common.mustNotCall());
|
|
|
3f476a |
|
|
|
3f476a |
c.on('error', common.mustCall((err) => {
|
|
|
3f476a |
- assert(/Client network socket disconnected/.test(err.message));
|
|
|
3f476a |
+ assert(/Client network socket disconnected|handshake failure/.test(err.message));
|
|
|
3f476a |
}));
|
|
|
3f476a |
}));
|
|
|
3f476a |
diff --git a/test/parallel/test-tls-env-bad-extra-ca.js b/test/parallel/test-tls-env-bad-extra-ca.js
|
|
|
3f476a |
index 5ba1e227d2..0af6756dda 100644
|
|
|
3f476a |
--- a/test/parallel/test-tls-env-bad-extra-ca.js
|
|
|
3f476a |
+++ b/test/parallel/test-tls-env-bad-extra-ca.js
|
|
|
3f476a |
@@ -37,7 +37,7 @@ fork(__filename, opts)
|
|
|
3f476a |
// TODO(addaleax): Make `SafeGetenv` work like `process.env`
|
|
|
3f476a |
// encoding-wise
|
|
|
3f476a |
if (!common.isWindows) {
|
|
|
3f476a |
- const re = /Warning: Ignoring extra certs from.*no-such-file-exists-🐢.* load failed:.*No such file or directory/;
|
|
|
3f476a |
+ const re = /Warning: Ignoring extra certs from.*no-such-file-exists-🐢.* load failed:.*/;
|
|
|
3f476a |
assert(re.test(stderr), stderr);
|
|
|
3f476a |
}
|
|
|
3f476a |
}))
|
|
|
3f476a |
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
|
|
|
3f476a |
index 7ef0f12426..4fcb9247d3 100644
|
|
|
3f476a |
--- a/test/parallel/test-tls-min-max-version.js
|
|
|
3f476a |
+++ b/test/parallel/test-tls-min-max-version.js
|
|
|
3f476a |
@@ -52,6 +52,11 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
|
|
|
3f476a |
}
|
|
|
3f476a |
if (serr) {
|
|
|
3f476a |
assert(pair.server.err);
|
|
|
3f476a |
+ // Accept these codes as aliases, the one reported depends on the
|
|
|
3f476a |
+ // OpenSSL version.
|
|
|
3f476a |
+ if (serr === 'ERR_SSL_UNSUPPORTED_PROTOCOL' &&
|
|
|
3f476a |
+ pair.server.err.code === 'ERR_SSL_UNKNOWN_PROTOCOL')
|
|
|
3f476a |
+ serr = 'ERR_SSL_UNKNOWN_PROTOCOL';
|
|
|
3f476a |
assert.strictEqual(pair.server.err.code, serr);
|
|
|
3f476a |
}
|
|
|
3f476a |
return cleanup();
|
|
|
3f476a |
@@ -131,9 +136,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
|
|
|
3f476a |
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
|
|
|
3f476a |
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
3f476a |
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
|
|
|
3f476a |
- U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
3f476a |
+ U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');
|
|
|
3f476a |
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
|
|
|
3f476a |
- U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
3f476a |
+ U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');
|
|
|
3f476a |
}
|
|
|
3f476a |
|
|
|
3f476a |
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
|
|
|
3f476a |
@@ -167,9 +172,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
|
|
|
3f476a |
|
|
|
3f476a |
if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
|
|
|
3f476a |
test(U, U, U, U, U, 'TLSv1_1_method',
|
|
|
3f476a |
- U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
3f476a |
+ U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');
|
|
|
3f476a |
test(U, U, U, U, U, 'TLSv1_method',
|
|
|
3f476a |
- U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
3f476a |
+ U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');
|
|
|
3f476a |
} else {
|
|
|
3f476a |
// TLS1.3 client hellos are are not understood by TLS1.1 or below.
|
|
|
3f476a |
test(U, U, U, U, U, 'TLSv1_1_method',
|
|
|
3f476a |
@@ -188,7 +193,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
|
|
|
3f476a |
|
|
|
3f476a |
if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
|
|
|
3f476a |
test(U, U, U, U, U, 'TLSv1_method',
|
|
|
3f476a |
- U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
3f476a |
+ U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');
|
|
|
3f476a |
} else {
|
|
|
3f476a |
// TLS1.3 client hellos are are not understood by TLS1.1 or below.
|
|
|
3f476a |
test(U, U, U, U, U, 'TLSv1_method',
|
|
|
3f476a |
diff --git a/test/parallel/test-util-inspect.js b/test/parallel/test-util-inspect.js
|
|
|
9500a8 |
index dbec153cf9..e72abbcc56 100644
|
|
|
3f476a |
--- a/test/parallel/test-util-inspect.js
|
|
|
3f476a |
+++ b/test/parallel/test-util-inspect.js
|
|
|
3f476a |
@@ -148,7 +148,7 @@ assert.strictEqual(
|
|
|
3f476a |
);
|
|
|
3f476a |
|
|
|
3f476a |
assert.match(util.inspect((new JSStream())._externalStream),
|
|
|
3f476a |
- /^\[External: [0-9a-f]+\]$/);
|
|
|
3f476a |
+ /^(\[External: [0-9a-f]+\]|\[External\])$/);
|
|
|
3f476a |
|
|
|
3f476a |
{
|
|
|
3f476a |
const regexp = /regexp/;
|
|
|
3f476a |
--
|
|
|
9500a8 |
2.33.1
|
|
|
3f476a |
|