Skip to content

Commit

Permalink
test: update TLS tests for OpenSSL 3.2
Browse files Browse the repository at this point in the history
Update the following TLS tests to account for error code changes
in OpenSSL 3.2 and later.
- `parallel/test-tls-empty-sni-context`
- `parallel/test-tls-psk-circuit`

PR-URL: nodejs#53384
Refs: nodejs#53382
Refs: openssl/openssl#19950
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Mohammed Keyvanzadeh <[email protected]>
Reviewed-By: Yagiz Nizipli <[email protected]>
  • Loading branch information
richardlau committed Sep 27, 2024
1 parent 6615fe5 commit fc43c68
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
4 changes: 4 additions & 0 deletions test/common/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ const hasOpenSSL3 = hasCrypto &&
const hasOpenSSL31 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;

const hasOpenSSL32 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;

const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;

function parseTestFlags(filename = process.argv[1]) {
Expand Down Expand Up @@ -902,6 +905,7 @@ const common = {
hasCrypto,
hasOpenSSL3,
hasOpenSSL31,
hasOpenSSL32,
hasQuic,
hasMultiLocalhost,
invalidArgTypeHelper,
Expand Down
4 changes: 3 additions & 1 deletion test/parallel/test-tls-empty-sni-context.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ const server = tls.createServer(options, (c) => {
}, common.mustNotCall());

c.on('error', common.mustCall((err) => {
assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
const expectedErr = common.hasOpenSSL32 ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
assert.strictEqual(err.code, expectedErr);
}));
}));
10 changes: 6 additions & 4 deletions test/parallel/test-tls-psk-circuit.js
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,11 @@ test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' });
test({ psk: USERS.UserB, identity: 'UserB' });
test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
// Unrecognized user should fail handshake
test({ psk: USERS.UserB, identity: 'UserC' }, {},
'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
const expectedHandshakeErr = common.hasOpenSSL32 ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr);
// Recognized user but incorrect secret should fail handshake
test({ psk: USERS.UserA, identity: 'UserB' }, {},
'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER');
const expectedIllegalParameterErr = common.hasOpenSSL32 ?
'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER';
test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr);
test({ psk: USERS.UserB, identity: 'UserB' });

0 comments on commit fc43c68

Please sign in to comment.