Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: fix test-tls-client-mindhsize for OpenSSL32 #54739

Closed
wants to merge 1 commit into from
Closed

test: fix test-tls-client-mindhsize for OpenSSL32 #54739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions test/fixtures/keys/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ all: \
dh512.pem \
dh1024.pem \
dh2048.pem \
dh3072.pem \
dherror.pem \
dh_private.pem \
dh_public.pem \
Expand Down Expand Up @@ -596,6 +597,9 @@ dh1024.pem:
dh2048.pem:
openssl dhparam -out dh2048.pem 2048

dh3072.pem:
openssl dhparam -out dh3072.pem 3072

dherror.pem: dh1024.pem
sed 's/^[^-].*/AAAAAAAAAA/g' dh1024.pem > dherror.pem

Expand Down
11 changes: 11 additions & 0 deletions test/fixtures/keys/dh3072.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEAmV6aZ8ADnmRQoF9aGlV1AmajCkoc2eEltua1KpGFrxM0cr99gcS9
/zxTDo8ixwPoHBOOBD+9MN6KbSJ+61xvu9yQ2qt8HfNcUI7QZxdVQ4ZHCQM3Jw8h
BPHFgjpx8w/pteZ3+L42felUxbd8/qfDv+gKsfuxrm6Ht7zzKLfbX9oNdJwpxX7N
yGP3nNadYDM/ZmvmEY8xh2dwLHSMaAP1gxuWiitdYXX60Yg6EFgIotznqbdW075D
KccGTTseFx9gNbxYkW33qX/p5IAf3wRFmptiRWCol88NHTDqtQRs0nhVQ1R28tiL
rQhSJLHLSa4esF+whfC64oXECr2AtarcKWG+LX1dEWI4SXqurnBPiBoyqfVWHS4b
PVgR90LlBJoXqblhsVrd+CkJI7ULDJmSA/cpgCqXH6vSvhb40yr5rpU4vZz+zhHY
CTXVpH95JD35PiZOfQYhfDA4LGvfICPLIH7E8YL5v2F6Xxsf8trI5KiAs1S3TN8b
lsLV6og5VoPXAgEC
-----END DH PARAMETERS-----
30 changes: 21 additions & 9 deletions test/parallel/test-tls-client-mindhsize.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,12 @@ function test(size, err, next) {
});

server.listen(0, function() {
// Client set minimum DH parameter size to 2048 bits so that
// it fails when it make a connection to the tls server where
// dhparams is 1024 bits
// Client set minimum DH parameter size to 2048 or 3072 bits
// so that it fails when it makes a connection to the tls
// server where is too small
mhdawson marked this conversation as resolved.
Show resolved Hide resolved
const minDHSize = common.hasOpenSSL(3, 2) ? 3072 : 2048;
const client = tls.connect({
minDHSize: 2048,
minDHSize: minDHSize,
port: this.address().port,
rejectUnauthorized: false,
maxVersion: 'TLSv1.2',
Expand All @@ -60,16 +61,27 @@ function test(size, err, next) {
// A client connection fails with an error when a client has an
// 2048 bits minDHSize option and a server has 1024 bits dhparam
function testDHE1024() {
test(1024, true, testDHE2048);
test(1024, true, testDHE2048(false, null));
}

// Test a client connection when a client has an
// 2048 bits minDHSize option
function testDHE2048(expect_to_fail, next) {
test(2048, expect_to_fail, next);
}

// A client connection successes when a client has an
// 2048 bits minDHSize option and a server has 2048 bits dhparam
function testDHE2048() {
test(2048, false, null);
// 3072 bits minDHSize option and a server has 3072 bits dhparam
function testDHE3072() {
test(3072, false, null);
}

testDHE1024();
if (common.hasOpenSSL(3, 2)) {
// Minimum size for OpenSSL 3.2 is 2048 by default
testDHE2048(true, testDHE3072);
} else {
testDHE1024();
}

assert.throws(() => test(512, true, common.mustNotCall()),
/DH parameter is less than 1024 bits/);
Expand Down
Loading