From 602b9d63c47e0ec34cefbcc05e60cb2b462ee5ca Mon Sep 17 00:00:00 2001 From: Richard Lau Date: Mon, 10 Jun 2024 18:43:36 +0100 Subject: [PATCH] test: update tests for OpenSSL 3.0.14 Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: https://github.com/openssl/openssl/pull/24338 PR-URL: https://github.com/nodejs/node/pull/53373 Reviewed-By: Luigi Pinca Reviewed-By: Michael Dawson --- test/parallel/test-http2-https-fallback.js | 3 ++- test/parallel/test-http2-server-unknown-protocol.js | 3 ++- test/parallel/test-tls-alpn-server-client.js | 12 ++++++++---- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/test/parallel/test-http2-https-fallback.js b/test/parallel/test-http2-https-fallback.js index 8e0612375f4844..c75a4938425d6e 100644 --- a/test/parallel/test-http2-https-fallback.js +++ b/test/parallel/test-http2-https-fallback.js @@ -151,7 +151,8 @@ function onSession(session, next) { // Incompatible ALPN TLS client tls(Object.assign({ port, ALPNProtocols: ['fake'] }, clientOptions)) .on('error', common.mustCall((err) => { - strictEqual(err.code, 'ECONNRESET'); + const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL']; + ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`); cleanup(); testNoALPN(); })); diff --git a/test/parallel/test-http2-server-unknown-protocol.js b/test/parallel/test-http2-server-unknown-protocol.js index b00ccc1b338e47..4a08f4552e62fd 100644 --- a/test/parallel/test-http2-server-unknown-protocol.js +++ b/test/parallel/test-http2-server-unknown-protocol.js @@ -42,6 +42,7 @@ server.listen(0, function() { rejectUnauthorized: false, ALPNProtocols: ['bogus'] }).on('error', common.mustCall((err) => { - assert.strictEqual(err.code, 'ECONNRESET'); + const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL']; + assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`); })); }); diff --git a/test/parallel/test-tls-alpn-server-client.js b/test/parallel/test-tls-alpn-server-client.js index a77c15b77ab254..8f1a4b8e439aab 100644 --- a/test/parallel/test-tls-alpn-server-client.js +++ b/test/parallel/test-tls-alpn-server-client.js @@ -184,7 +184,8 @@ function TestFatalAlert() { server.listen(0, serverIP, common.mustCall(() => { const { port } = server.address(); - // The Node.js client will just report ECONNRESET because the connection + // The Node.js client will just report ECONNRESET (older OpenSSL) or + // ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL because the connection // is severed before the TLS handshake completes. tls.connect({ host: serverIP, @@ -192,7 +193,8 @@ function TestFatalAlert() { rejectUnauthorized: false, ALPNProtocols: ['bar'] }, common.mustNotCall()).on('error', common.mustCall((err) => { - assert.strictEqual(err.code, 'ECONNRESET'); + const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL']; + assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`); // OpenSSL's s_client should output the TLS alert number, which is 120 // for the 'no_application_protocol' alert. @@ -240,7 +242,8 @@ function TestALPNCallback() { // Callback picks 2nd preference => undefined => ALPN rejected: assert.strictEqual(results[1].server, undefined); - assert.strictEqual(results[1].client.error.code, 'ECONNRESET'); + const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL']; + assert.ok(allowedErrors.includes(results[1].client.error.code), `'${results[1].client.error.code}' was not one of ${allowedErrors}.`); TestBadALPNCallback(); }); @@ -263,7 +266,8 @@ function TestBadALPNCallback() { runTest(clientsOptions, serverOptions, function(results) { // Callback returns 'http/5' => doesn't match client ALPN => error & reset assert.strictEqual(results[0].server, undefined); - assert.strictEqual(results[0].client.error.code, 'ECONNRESET'); + const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL']; + assert.ok(allowedErrors.includes(results[0].client.error.code), `'${results[0].client.error.code}' was not one of ${allowedErrors}.`); TestALPNOptionsCallback(); });