From fc43c6803ec6ec5d92288826b0f25c5afbe86c61 Mon Sep 17 00:00:00 2001
From: Richard Lau <rlau@redhat.com>
Date: Sun, 9 Jun 2024 17:50:08 +0100
Subject: [PATCH] test: update TLS tests for OpenSSL 3.2

Update the following TLS tests to account for error code changes
in OpenSSL 3.2 and later.
- `parallel/test-tls-empty-sni-context`
- `parallel/test-tls-psk-circuit`

PR-URL: https://github.com/nodejs/node/pull/53384
Refs: https://github.com/nodejs/node/issues/53382
Refs: https://github.com/openssl/openssl/pull/19950
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
---
 test/common/index.js                        |  4 ++++
 test/parallel/test-tls-empty-sni-context.js |  4 +++-
 test/parallel/test-tls-psk-circuit.js       | 10 ++++++----
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/test/common/index.js b/test/common/index.js
index e25b861cce1cd6..131cf618b8beaa 100644
--- a/test/common/index.js
+++ b/test/common/index.js
@@ -61,6 +61,9 @@ const hasOpenSSL3 = hasCrypto &&
 const hasOpenSSL31 = hasCrypto &&
     require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
 
+const hasOpenSSL32 = hasCrypto &&
+    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;
+
 const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
 
 function parseTestFlags(filename = process.argv[1]) {
@@ -902,6 +905,7 @@ const common = {
   hasCrypto,
   hasOpenSSL3,
   hasOpenSSL31,
+  hasOpenSSL32,
   hasQuic,
   hasMultiLocalhost,
   invalidArgTypeHelper,
diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js
index 87219976a1ebda..3424e057bdef46 100644
--- a/test/parallel/test-tls-empty-sni-context.js
+++ b/test/parallel/test-tls-empty-sni-context.js
@@ -26,6 +26,8 @@ const server = tls.createServer(options, (c) => {
   }, common.mustNotCall());
 
   c.on('error', common.mustCall((err) => {
-    assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+    const expectedErr = common.hasOpenSSL32 ?
+      'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
+    assert.strictEqual(err.code, expectedErr);
   }));
 }));
diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js
index cef6735032ea6e..2b49161df8326c 100644
--- a/test/parallel/test-tls-psk-circuit.js
+++ b/test/parallel/test-tls-psk-circuit.js
@@ -62,9 +62,11 @@ test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' });
 test({ psk: USERS.UserB, identity: 'UserB' });
 test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
 // Unrecognized user should fail handshake
-test({ psk: USERS.UserB, identity: 'UserC' }, {},
-     'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+const expectedHandshakeErr = common.hasOpenSSL32 ?
+  'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
+test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr);
 // Recognized user but incorrect secret should fail handshake
-test({ psk: USERS.UserA, identity: 'UserB' }, {},
-     'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER');
+const expectedIllegalParameterErr = common.hasOpenSSL32 ?
+  'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER';
+test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr);
 test({ psk: USERS.UserB, identity: 'UserB' });