From d262e378ca48cf6a893a9dbc5ed5ec83b1adacbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= Date: Tue, 5 Jan 2021 11:36:29 +0100 Subject: [PATCH] Adjust tests expectations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Modify expected error messages - https-agent-create-connection: Establish secure connection - Add back workaround for OpenSSL 1.0 This reverts commit ba7551cad8abd2e460763b06efa4207be96a7a19. - tls-dhe: Do not hang on unexpected cipher - util-inspect: Adjust expected identification of external JSStream Signed-off-by: Jan Staněk --- test/parallel/test-crypto.js | 4 +- .../test-https-agent-create-connection.js | 2 +- .../test-https-agent-session-eviction.js | 42 +++++++++++++++---- test/parallel/test-tls-alert-handling.js | 2 +- test/parallel/test-tls-dhe.js | 5 ++- test/parallel/test-tls-empty-sni-context.js | 2 +- test/parallel/test-tls-env-bad-extra-ca.js | 2 +- test/parallel/test-tls-min-max-version.js | 15 ++++--- test/parallel/test-util-inspect.js | 2 +- 9 files changed, 55 insertions(+), 21 deletions(-) diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js index 6b72dbd21c..b02e957efc 100644 --- a/test/parallel/test-crypto.js +++ b/test/parallel/test-crypto.js @@ -240,9 +240,9 @@ assert.throws(() => { }, (err) => { // Do the standard checks, but then do some custom checks afterwards. assert.throws(() => { throw err; }, { - message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag', + message: 'error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag', library: 'asn1 encoding routines', - function: 'asn1_check_tlen', + function: 'ASN1_CHECK_TLEN', reason: 'wrong tag', code: 'ERR_OSSL_ASN1_WRONG_TAG', }); diff --git a/test/parallel/test-https-agent-create-connection.js b/test/parallel/test-https-agent-create-connection.js index d4840298aa..dcd1927b57 100644 --- a/test/parallel/test-https-agent-create-connection.js +++ b/test/parallel/test-https-agent-create-connection.js @@ -145,7 +145,7 @@ function createServer() { }; const socket = agent.createConnection(port, host, options); - socket.on('connect', common.mustCall((data) => { + socket.on('secure', common.mustCall((data) => { socket.end(); })); socket.on('end', common.mustCall(() => { diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js index 3f5cd36e8b..8e13b150bb 100644 --- a/test/parallel/test-https-agent-session-eviction.js +++ b/test/parallel/test-https-agent-session-eviction.js @@ -7,8 +7,10 @@ const { readKey } = require('../common/fixtures'); if (!common.hasCrypto) common.skip('missing crypto'); +const assert = require('assert'); const https = require('https'); -const { SSL_OP_NO_TICKET } = require('crypto').constants; +const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } = + require('crypto').constants; const options = { key: readKey('agent1-key.pem'), @@ -58,12 +60,38 @@ function second(server, session) { res.resume(); }); - // Although we have a TLS 1.2 session to offer to the TLS 1.0 server, - // connection to the TLS 1.0 server should work. - req.on('response', common.mustCall(function(res) { - // The test is now complete for OpenSSL 1.1.0. - server.close(); - })); + if (OPENSSL_VERSION_NUMBER >= 0x10100000) { + // Although we have a TLS 1.2 session to offer to the TLS 1.0 server, + // connection to the TLS 1.0 server should work. + req.on('response', common.mustCall(function(res) { + // The test is now complete for OpenSSL 1.1.0. + server.close(); + })); + } else { + // OpenSSL 1.0.x mistakenly locked versions based on the session it was + // offering. This causes this sequent request to fail. Let it fail, but + // test that this is mitigated on the next try by invalidating the session. + req.on('error', common.mustCall(function(err) { + assert(/wrong version number/.test(err.message)); + + req.on('close', function() { + third(server); + }); + })); + } + req.end(); +} +// Try one more time - session should be evicted! +function third(server) { + const req = https.request({ + port: server.address().port, + rejectUnauthorized: false + }, function(res) { + res.resume(); + assert(!req.socket.isSessionReused()); + server.close(); + }); + req.on('error', common.mustNotCall()); req.end(); } diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js index f9f42e2d51..9dc4637ff0 100644 --- a/test/parallel/test-tls-alert-handling.js +++ b/test/parallel/test-tls-alert-handling.js @@ -33,7 +33,7 @@ let iter = 0; const errorHandler = common.mustCall((err) => { assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER'); assert.strictEqual(err.library, 'SSL routines'); - assert.strictEqual(err.function, 'ssl3_get_record'); + assert.strictEqual(err.function, 'SSL3_GET_RECORD'); assert.strictEqual(err.reason, 'wrong version number'); errorReceived = true; if (canCloseServer()) diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index ef645ce1b6..737330345b 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -81,8 +81,8 @@ function test(keylen, expectedCipher, cb) { const reg = new RegExp(`Cipher : ${expectedCipher}`); if (reg.test(out)) { nsuccess++; - server.close(); } + server.close(); }); }); } @@ -104,6 +104,7 @@ function test2048() { } function testError() { + // this one fails test('error', 'ECDHE-RSA-AES128-SHA256', test512); ntests++; } @@ -111,6 +112,6 @@ function testError() { test1024(); process.on('exit', function() { - assert.strictEqual(ntests, nsuccess); + assert.strictEqual(nsuccess, 2); assert.strictEqual(ntests, 3); }); diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js index 9b963e6629..fe8753c602 100644 --- a/test/parallel/test-tls-empty-sni-context.js +++ b/test/parallel/test-tls-empty-sni-context.js @@ -26,6 +26,6 @@ const server = tls.createServer(options, (c) => { }, common.mustNotCall()); c.on('error', common.mustCall((err) => { - assert(/Client network socket disconnected/.test(err.message)); + assert(/Client network socket disconnected|handshake failure/.test(err.message)); })); })); diff --git a/test/parallel/test-tls-env-bad-extra-ca.js b/test/parallel/test-tls-env-bad-extra-ca.js index 5ba1e227d2..0af6756dda 100644 --- a/test/parallel/test-tls-env-bad-extra-ca.js +++ b/test/parallel/test-tls-env-bad-extra-ca.js @@ -37,7 +37,7 @@ fork(__filename, opts) // TODO(addaleax): Make `SafeGetenv` work like `process.env` // encoding-wise if (!common.isWindows) { - const re = /Warning: Ignoring extra certs from.*no-such-file-exists-🐢.* load failed:.*No such file or directory/; + const re = /Warning: Ignoring extra certs from.*no-such-file-exists-🐢.* load failed:.*/; assert(re.test(stderr), stderr); } })) diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js index 7ef0f12426..4fcb9247d3 100644 --- a/test/parallel/test-tls-min-max-version.js +++ b/test/parallel/test-tls-min-max-version.js @@ -52,6 +52,11 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) { } if (serr) { assert(pair.server.err); + // Accept these codes as aliases, the one reported depends on the + // OpenSSL version. + if (serr === 'ERR_SSL_UNSUPPORTED_PROTOCOL' && + pair.server.err.code === 'ERR_SSL_UNKNOWN_PROTOCOL') + serr = 'ERR_SSL_UNKNOWN_PROTOCOL'; assert.strictEqual(pair.server.err.code, serr); } return cleanup(); @@ -131,9 +136,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') { test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL'); test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', - U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); + U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET'); test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', - U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); + U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET'); } if (DEFAULT_MIN_VERSION === 'TLSv1.1') { @@ -167,9 +172,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') { if (DEFAULT_MAX_VERSION === 'TLSv1.2') { test(U, U, U, U, U, 'TLSv1_1_method', - U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); + U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET'); test(U, U, U, U, U, 'TLSv1_method', - U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); + U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET'); } else { // TLS1.3 client hellos are are not understood by TLS1.1 or below. test(U, U, U, U, U, 'TLSv1_1_method', @@ -188,7 +193,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.1') { if (DEFAULT_MAX_VERSION === 'TLSv1.2') { test(U, U, U, U, U, 'TLSv1_method', - U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); + U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ECONNRESET'); } else { // TLS1.3 client hellos are are not understood by TLS1.1 or below. test(U, U, U, U, U, 'TLSv1_method', diff --git a/test/parallel/test-util-inspect.js b/test/parallel/test-util-inspect.js index 9187af18da..53e0840f5c 100644 --- a/test/parallel/test-util-inspect.js +++ b/test/parallel/test-util-inspect.js @@ -148,7 +148,7 @@ assert.strictEqual( ); assert.match(util.inspect((new JSStream())._externalStream), - /^\[External: [0-9a-f]+\]$/); + /^(\[External: [0-9a-f]+\]|\[External\])$/); { const regexp = /regexp/; -- 2.29.2