From 0e0dd1fe9072b506b2a895efdb7a72b3715022b7 Mon Sep 17 00:00:00 2001 From: OttoHollmann Date: Thu, 1 Jun 2023 16:52:53 +0200 Subject: [PATCH] test: adapt tests for OpenSSL 3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/47859 Reviewed-By: Tobias Nießen Reviewed-By: Richard Lau --- test/common/index.js | 6 +++++- .../test-https-agent-session-eviction.js | 1 + test/parallel/test-tls-alert.js | 1 + test/parallel/test-tls-getprotocol.js | 16 +++++++++++++--- test/parallel/test-tls-min-max-version.js | 3 +++ test/parallel/test-tls-session-cache.js | 1 + 6 files changed, 24 insertions(+), 4 deletions(-) diff --git a/test/common/index.js b/test/common/index.js index b3a7a9d09bcad4..523703a39b8202 100644 --- a/test/common/index.js +++ b/test/common/index.js @@ -56,7 +56,10 @@ const hasCrypto = Boolean(process.versions.openssl) && !process.env.NODE_SKIP_CRYPTO; const hasOpenSSL3 = hasCrypto && - require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368; + require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000; + +const hasOpenSSL31 = hasCrypto && + require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000; const hasQuic = hasCrypto && !!process.config.variables.openssl_quic; @@ -898,6 +901,7 @@ const common = { hasIntl, hasCrypto, hasOpenSSL3, + hasOpenSSL31, hasQuic, hasMultiLocalhost, invalidArgTypeHelper, diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js index 940c43cc40bf15..36c360a96503d5 100644 --- a/test/parallel/test-https-agent-session-eviction.js +++ b/test/parallel/test-https-agent-session-eviction.js @@ -54,6 +54,7 @@ function faultyServer(port) { function second(server, session) { const req = https.request({ port: server.address().port, + ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'), rejectUnauthorized: false }, function(res) { res.resume(); diff --git a/test/parallel/test-tls-alert.js b/test/parallel/test-tls-alert.js index 31b07104c241a9..04000771aa977b 100644 --- a/test/parallel/test-tls-alert.js +++ b/test/parallel/test-tls-alert.js @@ -42,6 +42,7 @@ const server = tls.Server({ cert: loadPEM('agent2-cert') }, null).listen(0, common.mustCall(() => { const args = ['s_client', '-quiet', '-tls1_1', + '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'), '-connect', `127.0.0.1:${server.address().port}`]; execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => { diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js index d45287d671d8af..7da2f60676d00e 100644 --- a/test/parallel/test-tls-getprotocol.js +++ b/test/parallel/test-tls-getprotocol.js @@ -11,9 +11,18 @@ const tls = require('tls'); const fixtures = require('../common/fixtures'); const clientConfigs = [ - { secureProtocol: 'TLSv1_method', version: 'TLSv1' }, - { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1' }, - { secureProtocol: 'TLSv1_2_method', version: 'TLSv1.2' }, + { + secureProtocol: 'TLSv1_method', + version: 'TLSv1', + ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT') + }, { + secureProtocol: 'TLSv1_1_method', + version: 'TLSv1.1', + ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT') + }, { + secureProtocol: 'TLSv1_2_method', + version: 'TLSv1.2' + }, ]; const serverConfig = { @@ -30,6 +39,7 @@ const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.leng tls.connect({ host: common.localhostIPv4, port: server.address().port, + ciphers: v.ciphers, rejectUnauthorized: false, secureProtocol: v.secureProtocol }, common.mustCall(function() { diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js index 5cea41ca7e0bd6..ab351558a4c8b3 100644 --- a/test/parallel/test-tls-min-max-version.js +++ b/test/parallel/test-tls-min-max-version.js @@ -22,6 +22,9 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) { if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL') ciphers = 'ALL@SECLEVEL=0'; } + if (common.hasOpenSSL31 && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') { + ciphers = 'DEFAULT@SECLEVEL=0'; + } // Report where test was called from. Strip leading garbage from // at Object. (file:line) // from the stack location, we only want the file:line part. diff --git a/test/parallel/test-tls-session-cache.js b/test/parallel/test-tls-session-cache.js index c4bebff2e32085..e4ecb53282fbae 100644 --- a/test/parallel/test-tls-session-cache.js +++ b/test/parallel/test-tls-session-cache.js @@ -100,6 +100,7 @@ function doTest(testOptions, callback) { const args = [ 's_client', '-tls1', + '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'), '-connect', `localhost:${this.address().port}`, '-servername', 'ohgod', '-key', fixtures.path('keys/rsa_private.pem'),