From f4ed4ca63d56084415fbb2b12ad50add7e68b19c Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>

Date: Wed, 13 Jul 2022 14:31:50 +0200

Subject: [PATCH] Adjust tests expectations

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

- Modify expected error messages

- https-agent-create-connection: Establish secure connection

- Add back workaround for OpenSSL 1.0

  This reverts commit ba7551cad8abd2e460763b06efa4207be96a7a19.

- tls-dhe: Do not hang on unexpected cipher

- Adjust expected identification of external JSStream

Signed-off-by: Jan Staněk <jstanek@redhat.com>

---

 test/parallel/test-crypto.js                  |  4 +-

 .../test-https-agent-create-connection.js     |  2 +-

 .../test-https-agent-session-eviction.js      | 42 +++++++++++++++----

 test/parallel/test-tls-alert-handling.js      |  2 +-

 test/parallel/test-tls-dhe.js                 |  5 ++-

 test/parallel/test-tls-empty-sni-context.js   |  2 +-

 test/parallel/test-tls-env-bad-extra-ca.js    |  2 +-

 test/parallel/test-tls-min-max-version.js     | 15 ++++---

 test/parallel/test-util-inspect.js            |  2 +-

 9 files changed, 55 insertions(+), 21 deletions(-)

diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js

index 6b65af5a39..1b1cf76088 100644

--- a/test/parallel/test-crypto.js

+++ b/test/parallel/test-crypto.js

@@ -240,9 +240,9 @@ assert.throws(() => {

 }, (err) => {

   // Do the standard checks, but then do some custom checks afterwards.

   assert.throws(() => { throw err; }, {

-    message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag',

+    message: 'error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag',

     library: 'asn1 encoding routines',

-    function: 'asn1_check_tlen',

+    function: 'ASN1_CHECK_TLEN',

     reason: 'wrong tag',

     code: 'ERR_OSSL_ASN1_WRONG_TAG',

   });

diff --git a/test/parallel/test-https-agent-create-connection.js b/test/parallel/test-https-agent-create-connection.js

index d4840298aa..dcd1927b57 100644

--- a/test/parallel/test-https-agent-create-connection.js

+++ b/test/parallel/test-https-agent-create-connection.js

@@ -145,7 +145,7 @@ function createServer() {

     };

     const socket = agent.createConnection(port, host, options);

-    socket.on('connect', common.mustCall((data) => {

+    socket.on('secure', common.mustCall((data) => {

       socket.end();

     }));

     socket.on('end', common.mustCall(() => {

diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js

index 3f5cd36e8b..8e13b150bb 100644

--- a/test/parallel/test-https-agent-session-eviction.js

+++ b/test/parallel/test-https-agent-session-eviction.js

@@ -7,8 +7,10 @@ const { readKey } = require('../common/fixtures');

 if (!common.hasCrypto)

   common.skip('missing crypto');

+const assert = require('assert');

 const https = require('https');

-const { SSL_OP_NO_TICKET } = require('crypto').constants;

+const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =

+    require('crypto').constants;

 const options = {

   key: readKey('agent1-key.pem'),

@@ -58,12 +60,38 @@ function second(server, session) {

     res.resume();

   });

-  // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,

-  // connection to the TLS 1.0 server should work.

-  req.on('response', common.mustCall(function(res) {

-    // The test is now complete for OpenSSL 1.1.0.

-    server.close();

-  }));

+  if (OPENSSL_VERSION_NUMBER >= 0x10100000) {

+    // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,

+    // connection to the TLS 1.0 server should work.

+    req.on('response', common.mustCall(function(res) {

+      // The test is now complete for OpenSSL 1.1.0.

+      server.close();

+    }));

+  } else {

+    // OpenSSL 1.0.x mistakenly locked versions based on the session it was

+    // offering. This causes this sequent request to fail. Let it fail, but

+    // test that this is mitigated on the next try by invalidating the session.

+    req.on('error', common.mustCall(function(err) {

+      assert(/wrong version number/.test(err.message));

+

+      req.on('close', function() {

+        third(server);

+      });

+    }));

+  }

+  req.end();

+}

+// Try one more time - session should be evicted!

+function third(server) {

+  const req = https.request({

+    port: server.address().port,

+    rejectUnauthorized: false

+  }, function(res) {

+    res.resume();

+    assert(!req.socket.isSessionReused());

+    server.close();

+  });

+  req.on('error', common.mustNotCall());

   req.end();

 }

diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js

index f9f42e2d51..9dc4637ff0 100644

--- a/test/parallel/test-tls-alert-handling.js

+++ b/test/parallel/test-tls-alert-handling.js

@@ -33,7 +33,7 @@ let iter = 0;

 const errorHandler = common.mustCall((err) => {

   assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');

   assert.strictEqual(err.library, 'SSL routines');

-  assert.strictEqual(err.function, 'ssl3_get_record');

+  assert.strictEqual(err.function, 'SSL3_GET_RECORD');

   assert.strictEqual(err.reason, 'wrong version number');

   errorReceived = true;

   if (canCloseServer())

diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js

index ef645ce1b6..737330345b 100644

--- a/test/parallel/test-tls-dhe.js

+++ b/test/parallel/test-tls-dhe.js

@@ -81,8 +81,8 @@ function test(keylen, expectedCipher, cb) {

       const reg = new RegExp(`Cipher    : ${expectedCipher}`);

       if (reg.test(out)) {

         nsuccess++;

-        server.close();

       }

+      server.close();

     });

   });

 }

@@ -104,6 +104,7 @@ function test2048() {

 }

 function testError() {

+  // this one fails

   test('error', 'ECDHE-RSA-AES128-SHA256', test512);

   ntests++;

 }

@@ -111,6 +112,6 @@ function testError() {

 test1024();

 process.on('exit', function() {

-  assert.strictEqual(ntests, nsuccess);

+  assert.strictEqual(nsuccess, 2);

   assert.strictEqual(ntests, 3);

 });

diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js

index 9b963e6629..fe8753c602 100644

--- a/test/parallel/test-tls-empty-sni-context.js

+++ b/test/parallel/test-tls-empty-sni-context.js

@@ -26,6 +26,6 @@ const server = tls.createServer(options, (c) => {

   }, common.mustNotCall());

   c.on('error', common.mustCall((err) => {

-    assert(/Client network socket disconnected/.test(err.message));

+    assert(/Client network socket disconnected|handshake failure/.test(err.message));

   }));

 }));

diff --git a/test/parallel/test-tls-env-bad-extra-ca.js b/test/parallel/test-tls-env-bad-extra-ca.js

index 5ba1e227d2..0af6756dda 100644

--- a/test/parallel/test-tls-env-bad-extra-ca.js

+++ b/test/parallel/test-tls-env-bad-extra-ca.js

@@ -37,7 +37,7 @@ fork(__filename, opts)

     // TODO(addaleax): Make `SafeGetenv` work like `process.env`

     // encoding-wise

     if (!common.isWindows) {

-      const re = /Warning: Ignoring extra certs from.*no-such-file-exists-🐢.* load failed:.*No such file or directory/;

+      const re = /Warning: Ignoring extra certs from.*no-such-file-exists-🐢.* load failed:.*/;

       assert(re.test(stderr), stderr);

     }

   }))

diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js

index 7ef0f12426..4fcb9247d3 100644

--- a/test/parallel/test-tls-min-max-version.js

+++ b/test/parallel/test-tls-min-max-version.js

@@ -52,6 +52,11 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {

       }

       if (serr) {

         assert(pair.server.err);

+        // Accept these codes as aliases, the one reported depends on the

+        // OpenSSL version.

+        if (serr === 'ERR_SSL_UNSUPPORTED_PROTOCOL' &&

+            pair.server.err.code === 'ERR_SSL_UNKNOWN_PROTOCOL')

+          serr = 'ERR_SSL_UNKNOWN_PROTOCOL';

         assert.strictEqual(pair.server.err.code, serr);

       }

       return cleanup();

@@ -131,9 +136,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {

   test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',

        U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');

   test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',

-       U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');

+       U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');

   test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',

-       U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');

+       U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');

 }

 if (DEFAULT_MIN_VERSION === 'TLSv1.1') {

@@ -167,9 +172,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {

   if (DEFAULT_MAX_VERSION === 'TLSv1.2') {

     test(U, U, U, U, U, 'TLSv1_1_method',

-         U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');

+         U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');

     test(U, U, U, U, U, 'TLSv1_method',

-         U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');

+         U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');

   } else {

     // TLS1.3 client hellos are are not understood by TLS1.1 or below.

     test(U, U, U, U, U, 'TLSv1_1_method',

@@ -188,7 +193,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.1') {

   if (DEFAULT_MAX_VERSION === 'TLSv1.2') {

     test(U, U, U, U, U, 'TLSv1_method',

-         U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');

+         U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET');

   } else {

     // TLS1.3 client hellos are are not understood by TLS1.1 or below.

     test(U, U, U, U, U, 'TLSv1_method',

diff --git a/test/parallel/test-util-inspect.js b/test/parallel/test-util-inspect.js

index dbec153cf9..e72abbcc56 100644

--- a/test/parallel/test-util-inspect.js

+++ b/test/parallel/test-util-inspect.js

@@ -148,7 +148,7 @@ assert.strictEqual(

 );

 assert.match(util.inspect((new JSStream())._externalStream),

-             /^\[External: [0-9a-f]+\]$/);

+             /^(\[External: [0-9a-f]+\]|\[External\])$/);

 {

   const regexp = /regexp/;

-- 

2.36.1