diff --git a/src/crypto_impl/openssl/1_1_0f/node_crypto.cc b/src/crypto_impl/openssl/1_1_0f/node_crypto.cc index 60f36e084e11d4..16f62764da2741 100644 --- a/src/crypto_impl/openssl/1_1_0f/node_crypto.cc +++ b/src/crypto_impl/openssl/1_1_0f/node_crypto.cc @@ -332,7 +332,6 @@ void SecureContext::Initialize(Environment* env, Local target) { env->SetProtoMethod(t, "loadPKCS12", SecureContext::LoadPKCS12); env->SetProtoMethod(t, "getTicketKeys", SecureContext::GetTicketKeys); env->SetProtoMethod(t, "setTicketKeys", SecureContext::SetTicketKeys); - env->SetProtoMethod(t, "setFreeListLength", SecureContext::SetFreeListLength); env->SetProtoMethod(t, "enableTicketKeyCallback", SecureContext::EnableTicketKeyCallback); @@ -1196,18 +1195,6 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { } -void SecureContext::SetFreeListLength(const FunctionCallbackInfo& args) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL) - // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL - // mallocs and frees buffers directly, without the use of a freelist. - SecureContext* wrap; - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - - wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -#endif -} - - // Currently, EnableTicketKeyCallback and TicketKeyCallback are only present for // the regression test in test/parallel/test-https-resume-after-renew.js. void SecureContext::EnableTicketKeyCallback( @@ -4147,7 +4134,7 @@ static int Node_SignFinal(EVP_MD_CTX* mdctx, unsigned char* md, if (!EVP_DigestFinal_ex(mdctx, m, &m_len)) return rv; - if (EVP_MD_CTX_test_flags(mdctx, EVP_MD_FLAG_DIGALGID_MASK)) { + if(EVP_MD_CTX_pkey_ctx(mdctx) == nullptr) { size_t sltmp = static_cast(EVP_PKEY_size(pkey)); pkctx = EVP_PKEY_CTX_new(pkey, nullptr); if (pkctx == nullptr) @@ -4156,7 +4143,7 @@ static int Node_SignFinal(EVP_MD_CTX* mdctx, unsigned char* md, goto err; if (!ApplyRSAOptions(pkey, pkctx, padding, pss_salt_len)) goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md_data(mdctx)) <= 0) + if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(mdctx)) <= 0) goto err; if (EVP_PKEY_sign(pkctx, md, &sltmp, m, m_len) <= 0) goto err; @@ -4457,7 +4444,7 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, goto err; if (!ApplyRSAOptions(pkey, pkctx, padding, saltlen)) goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md_data(mdctx_)) <= 0) + if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(mdctx_)) <= 0) goto err; r = EVP_PKEY_verify(pkctx, reinterpret_cast(sig), diff --git a/src/crypto_impl/openssl/1_1_0f/node_crypto.h b/src/crypto_impl/openssl/1_1_0f/node_crypto.h index 46d8993d303830..fe1d7df16a4c93 100644 --- a/src/crypto_impl/openssl/1_1_0f/node_crypto.h +++ b/src/crypto_impl/openssl/1_1_0f/node_crypto.h @@ -128,8 +128,6 @@ class SecureContext : public BaseObject { static void LoadPKCS12(const v8::FunctionCallbackInfo& args); static void GetTicketKeys(const v8::FunctionCallbackInfo& args); static void SetTicketKeys(const v8::FunctionCallbackInfo& args); - static void SetFreeListLength( - const v8::FunctionCallbackInfo& args); static void EnableTicketKeyCallback( const v8::FunctionCallbackInfo& args); static void CtxGetter(v8::Local property, @@ -466,6 +464,7 @@ class CipherBase : public BaseObject { auth_tag_(nullptr), auth_tag_len_(0) { MakeWeak(this); + ctx_ = EVP_CIPHER_CTX_new(); } private: @@ -501,6 +500,7 @@ class Hmac : public BaseObject { : BaseObject(env, wrap), initialised_(false) { MakeWeak(this); + ctx_ = HMAC_CTX_new(); } private: @@ -530,6 +530,7 @@ class Hash : public BaseObject { : BaseObject(env, wrap), initialised_(false) { MakeWeak(this); + mdctx_ = EVP_MD_CTX_new(); } private: @@ -553,6 +554,7 @@ class SignBase : public BaseObject { SignBase(Environment* env, v8::Local wrap) : BaseObject(env, wrap), initialised_(false) { + mdctx_ = EVP_MD_CTX_new(); } ~SignBase() override { diff --git a/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.cc b/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.cc index a2c14e02869739..d27f4689755988 100644 --- a/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.cc +++ b/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.cc @@ -28,47 +28,28 @@ namespace node { -const BIO_METHOD* NodeBIO::CreateBioMethod() { - BIO_METHOD* biom = BIO_meth_new(BIO_TYPE_MEM, "node.js SSL buffer"); - BIO_meth_set_write(biom, Write); - BIO_meth_set_read(biom, NodeBIO::Read); - BIO_meth_set_puts(biom, NodeBIO::Puts); - BIO_meth_set_gets(biom, NodeBIO::Gets); - BIO_meth_set_ctrl(biom, NodeBIO::Ctrl); - BIO_meth_set_create(biom, NodeBIO::New); - BIO_meth_set_destroy(biom, NodeBIO::Free); - return biom; +static int New(BIO* bio); +static int Free(BIO* bio); +static int Read(BIO* bio, char* out, int len); +static int Write(BIO* bio, const char* data, int len); +static int Puts(BIO* bio, const char* str); +static int Gets(BIO* bio, char* out, int size); +static long Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int) + void* ptr); + +BIO_METHOD* GetBioMethod() { + BIO_METHOD* method = BIO_meth_new(BIO_TYPE_MEM, "node.js SSL buffer"); + BIO_meth_set_write(method, Write); + BIO_meth_set_read(method, Read); + BIO_meth_set_puts(method, Puts); + BIO_meth_set_gets(method, Gets); + BIO_meth_set_ctrl(method, Ctrl); + BIO_meth_set_create(method, New); + BIO_meth_set_destroy(method, Free); + return method; } -const BIO_METHOD* NodeBIO::method = NodeBIO::CreateBioMethod(); -/* -BIO_TYPE_MEM, - "node.js SSL buffer", - NodeBIO::Write, - NodeBIO::Read, - NodeBIO::Puts, - NodeBIO::Gets, - NodeBIO::Ctrl, - NodeBIO::New, - NodeBIO::Free, - nullptr -}; -{ - if (method_tls_corrupt == NULL) { - method_tls_corrupt = BIO_meth_new(BIO_TYPE_CUSTOM_FILTER, "node.js SSL buffer"); - if ( method_tls_corrupt == NULL - || !BIO_meth_set_write(method_tls_corrupt, tls_corrupt_write) - || !BIO_meth_set_read(method_tls_corrupt, tls_corrupt_read) - || !BIO_meth_set_puts(method_tls_corrupt, tls_corrupt_puts) - || !BIO_meth_set_gets(method_tls_corrupt, tls_corrupt_gets) - || !BIO_meth_set_ctrl(method_tls_corrupt, tls_corrupt_ctrl) - || !BIO_meth_set_create(method_tls_corrupt, tls_corrupt_new) - || !BIO_meth_set_destroy(method_tls_corrupt, tls_corrupt_free)) - return NULL; - } - return method_tls_corrupt; -} -*/ +const BIO_METHOD* method = GetBioMethod(); BIO* NodeBIO::New() { // The const_cast doesn't violate const correctness. OpenSSL's usage of @@ -97,7 +78,7 @@ void NodeBIO::AssignEnvironment(Environment* env) { } -int NodeBIO::New(BIO* bio) { +static int New(BIO* bio) { BIO_set_data(bio, new NodeBIO()); // XXX Why am I doing it?! @@ -108,13 +89,13 @@ int NodeBIO::New(BIO* bio) { } -int NodeBIO::Free(BIO* bio) { +static int Free(BIO* bio) { if (bio == nullptr) return 0; if (BIO_get_shutdown(bio)) { if (BIO_get_init(bio) && BIO_get_data(bio) != nullptr) { - delete FromBIO(bio); + delete NodeBIO::FromBIO(bio); BIO_set_data(bio, nullptr); } } @@ -123,16 +104,17 @@ int NodeBIO::Free(BIO* bio) { } -int NodeBIO::Read(BIO* bio, char* out, int len) { +static int Read(BIO* bio, char* out, int len) { int bytes; + NodeBIO* nbio = NodeBIO::FromBIO(bio); + BIO_clear_retry_flags(bio); - bytes = FromBIO(bio)->Read(out, len); + bytes = nbio->Read(out, len); if (bytes == 0) { - //bytes = bio->num; - //if (bytes != 0) { - if (BIO_should_retry(bio)) { + bytes = nbio->eof_return(); + if (bytes != 0) { BIO_set_retry_read(bio); } } @@ -174,22 +156,22 @@ size_t NodeBIO::PeekMultiple(char** out, size_t* size, size_t* count) { } -int NodeBIO::Write(BIO* bio, const char* data, int len) { +static int Write(BIO* bio, const char* data, int len) { BIO_clear_retry_flags(bio); - FromBIO(bio)->Write(data, len); + NodeBIO::FromBIO(bio)->Write(data, len); return len; } -int NodeBIO::Puts(BIO* bio, const char* str) { +static int Puts(BIO* bio, const char* str) { return Write(bio, str, strlen(str)); } -int NodeBIO::Gets(BIO* bio, char* out, int size) { - NodeBIO* nbio = FromBIO(bio); +static int Gets(BIO* bio, char* out, int size) { + NodeBIO* nbio = NodeBIO::FromBIO(bio); if (nbio->Length() == 0) return 0; @@ -213,12 +195,12 @@ int NodeBIO::Gets(BIO* bio, char* out, int size) { } -long NodeBIO::Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int) - void* ptr) { +static long Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int) + void* ptr) { NodeBIO* nbio; long ret; // NOLINT(runtime/int) - nbio = FromBIO(bio); + nbio = NodeBIO::FromBIO(bio); ret = 1; switch (cmd) { @@ -229,7 +211,8 @@ long NodeBIO::Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int) ret = nbio->Length() == 0; break; case BIO_C_SET_BUF_MEM_EOF_RETURN: - BIO_set_mem_eof_return(bio, num); + //BIO_set_mem_eof_return(bio, num); + nbio->set_eof_return(num); break; case BIO_CTRL_INFO: ret = nbio->Length(); diff --git a/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.h b/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.h index 230c9483fb9f60..b67b22d69b7600 100644 --- a/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.h +++ b/src/crypto_impl/openssl/1_1_0f/node_crypto_bio.h @@ -38,6 +38,7 @@ class NodeBIO { NodeBIO() : env_(nullptr), initial_(kInitialBufferLength), length_(0), + eof_return_(-1), read_head_(nullptr), write_head_(nullptr) { } @@ -100,28 +101,24 @@ class NodeBIO { initial_ = initial; } + inline void set_eof_return(int num) { + eof_return_ = num; + } + + inline int eof_return() { + return eof_return_; + } + static inline NodeBIO* FromBIO(BIO* bio) { CHECK_NE(BIO_get_data(bio), nullptr); return static_cast(BIO_get_data(bio)); } private: - static int New(BIO* bio); - static int Free(BIO* bio); - static int Read(BIO* bio, char* out, int len); - static int Write(BIO* bio, const char* data, int len); - static int Puts(BIO* bio, const char* str); - static int Gets(BIO* bio, char* out, int size); - static long Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int) - void* ptr); - // Enough to handle the most of the client hellos static const size_t kInitialBufferLength = 1024; static const size_t kThroughputBufferLength = 16384; - static const BIO_METHOD* CreateBioMethod(); - static const BIO_METHOD* method; - class Buffer { public: Buffer(Environment* env, size_t len) : env_(env), @@ -153,6 +150,7 @@ class NodeBIO { Environment* env_; size_t initial_; size_t length_; + int eof_return_; Buffer* read_head_; Buffer* write_head_; }; diff --git a/test/common/index.js b/test/common/index.js index 75a1edd447a534..d8aae53b6e769c 100644 --- a/test/common/index.js +++ b/test/common/index.js @@ -223,6 +223,9 @@ Object.defineProperty(exports, 'localhostIPv4', { } }); +exports.isOpenSSL10 = !!process.versions.openssl.match(/^1\.0\./); +exports.needNoRandScreen = exports.isOpenSSL10 && exports.isWindows; + // opensslCli defined lazily to reduce overhead of spawnSync Object.defineProperty(exports, 'opensslCli', {get: function() { if (opensslCli !== null) return opensslCli; diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js index 19fb6f2687e087..9cd5e5fa571ecf 100644 --- a/test/parallel/test-crypto.js +++ b/test/parallel/test-crypto.js @@ -27,6 +27,8 @@ if (!common.hasCrypto) { return; } +const isOpenSSL10 = common.isOpenSSL10; + const assert = require('assert'); const crypto = require('crypto'); const fs = require('fs'); @@ -105,7 +107,9 @@ validateList(tlsCiphers); // Assert that we have sha and sha1 but not SHA and SHA1. assert.notStrictEqual(0, crypto.getHashes().length); assert(crypto.getHashes().includes('sha1')); -assert(crypto.getHashes().includes('sha')); +if (isOpenSSL10) + assert(crypto.getHashes().includes('sha')); + assert(!crypto.getHashes().includes('SHA1')); assert(!crypto.getHashes().includes('SHA')); assert(crypto.getHashes().includes('RSA-SHA1')); @@ -167,6 +171,10 @@ assert.throws(function() { crypto.createSign('RSA-SHA256').update('test').sign(priv); }, /digest too big for rsa key$/); +const err_msg = isOpenSSL10 ? + /asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag/ : + /asn1 encoding routines:asn1_check_tlen:wrong tag/; + assert.throws(function() { // The correct header inside `test_bad_rsa_privkey.pem` should have been // -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- @@ -181,7 +189,7 @@ assert.throws(function() { `${common.fixturesDir}/test_bad_rsa_privkey.pem`, 'ascii'); // this would inject errors onto OpenSSL's error stack crypto.createSign('sha1').sign(sha1_privateKey); -}, /asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag/); +}, err_msg); // Make sure memory isn't released before being returned console.log(crypto.randomBytes(16)); diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js index da2147d53ce88d..cfbfd0c606d642 100644 --- a/test/parallel/test-https-agent-session-eviction.js +++ b/test/parallel/test-https-agent-session-eviction.js @@ -47,7 +47,7 @@ function faultyServer(port) { https.createServer(options, function(req, res) { res.end('hello faulty'); }).listen(port, function() { - second(this); + common.isOpenSSL10 ? second(this) : forth(this); }); } diff --git a/test/parallel/test-https-agent-session-reuse.js b/test/parallel/test-https-agent-session-reuse.js index a9977d8ce9a915..43699a6f63e968 100644 --- a/test/parallel/test-https-agent-session-reuse.js +++ b/test/parallel/test-https-agent-session-reuse.js @@ -26,9 +26,11 @@ const agent = new https.Agent({ maxCachedSessions: 1 }); +const ticketSize = common.isOpenSSL10 ? 48 : 80; + const server = https.createServer(options, function(req, res) { if (req.url === '/drop-key') - server.setTicketKeys(crypto.randomBytes(48)); + server.setTicketKeys(crypto.randomBytes(ticketSize)); serverRequests++; res.end('ok'); diff --git a/test/parallel/test-https-connect-address-family.js b/test/parallel/test-https-connect-address-family.js index e7f41ce861cb27..782157f4a7789f 100644 --- a/test/parallel/test-https-connect-address-family.js +++ b/test/parallel/test-https-connect-address-family.js @@ -13,10 +13,16 @@ if (!common.hasIPv6) { const assert = require('assert'); const https = require('https'); const dns = require('dns'); +const fs = require('fs'); + +const opts = { + key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'), + ca: fs.readFileSync(common.fixturesDir + '/keys/ca1-cert.pem') +}; function runTest() { - const ciphers = 'AECDH-NULL-SHA'; - https.createServer({ ciphers }, common.mustCall(function(req, res) { + https.createServer(opts, common.mustCall(function(req, res) { this.close(); res.end(); })).listen(0, '::1', common.mustCall(function() { @@ -24,7 +30,6 @@ function runTest() { host: 'localhost', port: this.address().port, family: 6, - ciphers: ciphers, rejectUnauthorized: false, }; // Will fail with ECONNREFUSED if the address family is not honored. diff --git a/test/parallel/test-https-foafssl.js b/test/parallel/test-https-foafssl.js index 9900cf7a643c10..7095ee2a6b1b6b 100644 --- a/test/parallel/test-https-foafssl.js +++ b/test/parallel/test-https-foafssl.js @@ -80,7 +80,7 @@ server.listen(0, function() { '-key', join(common.fixturesDir, 'foafssl.key')]; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); const client = spawn(common.opensslCli, args); diff --git a/test/parallel/test-tls-alert.js b/test/parallel/test-tls-alert.js index d12d45f529cfd4..316ab559292734 100644 --- a/test/parallel/test-tls-alert.js +++ b/test/parallel/test-tls-alert.js @@ -56,7 +56,7 @@ const server = tls.Server({ '-connect', `127.0.0.1:${this.address().port}`]; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); const client = spawn(common.opensslCli, args); diff --git a/test/parallel/test-tls-alpn-server-client.js b/test/parallel/test-tls-alpn-server-client.js index a397550d96863a..47c236595e8699 100644 --- a/test/parallel/test-tls-alpn-server-client.js +++ b/test/parallel/test-tls-alpn-server-client.js @@ -12,6 +12,8 @@ if (!process.features.tls_alpn || !process.features.tls_npn) { return; } +const isOpenSSL10 = common.isOpenSSL10; + const assert = require('assert'); const fs = require('fs'); const tls = require('tls'); @@ -26,17 +28,22 @@ function loadPEM(n) { const serverIP = common.localhostIPv4; -function checkResults(result, expected) { - assert.strictEqual(result.server.ALPN, expected.server.ALPN); - assert.strictEqual(result.server.NPN, expected.server.NPN); - assert.strictEqual(result.client.ALPN, expected.client.ALPN); - assert.strictEqual(result.client.NPN, expected.client.NPN); +function checkResults(result, expected, error) { + if (!error) { + assert.strictEqual(result.server.ALPN, expected.server.ALPN); + assert.strictEqual(result.server.NPN, expected.server.NPN); + assert.strictEqual(result.client.ALPN, expected.client.ALPN); + assert.strictEqual(result.client.NPN, expected.client.NPN); + } else { + assert(error.message.match(/socket hang up/)); + } } function runTest(clientsOptions, serverOptions, cb) { serverOptions.key = loadPEM('agent2-key'); serverOptions.cert = loadPEM('agent2-cert'); const results = []; + const errors = []; let index = 0; const server = tls.createServer(serverOptions, function(c) { results[index].server = {ALPN: c.alpnProtocol, NPN: c.npnProtocol}; @@ -46,27 +53,33 @@ function runTest(clientsOptions, serverOptions, cb) { connectClient(clientsOptions); }); + function runNext(options) { + if (options.length) { + index++; + connectClient(options); + } else { + server.close(); + cb(results, errors); + } + } + function connectClient(options) { const opt = options.shift(); opt.port = server.address().port; opt.host = serverIP; opt.rejectUnauthorized = false; - results[index] = {}; const client = tls.connect(opt, function() { results[index].client = {ALPN: client.alpnProtocol, NPN: client.npnProtocol}; client.destroy(); - if (options.length) { - index++; - connectClient(options); - } else { - server.close(); - cb(results); - } + runNext(options); + }); + client.on('error', function(e) { + errors[index] = e; + runNext(options); }); } - } // Server: ALPN/NPN, Client: ALPN/NPN @@ -87,19 +100,23 @@ function Test1() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by ALPN checkResults(results[0], {server: {ALPN: 'a', NPN: false}, - client: {ALPN: 'a', NPN: undefined}}); + client: {ALPN: 'a', NPN: undefined}}, errors[0]); // 'b' is selected by ALPN checkResults(results[1], {server: {ALPN: 'b', NPN: false}, - client: {ALPN: 'b', NPN: undefined}}); + client: {ALPN: 'b', NPN: undefined}}, errors[1]); // nothing is selected by ALPN - checkResults(results[2], - {server: {ALPN: false, NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + const expected_openssl10 = {server: {ALPN: false, + NPN: 'first-priority-unsupported'}, + client: {ALPN: false, NPN: false}}; + const expected_openssl11 = {}; + const expected = isOpenSSL10 ? expected_openssl10 : expected_openssl11; + checkResults(results[2], expected, errors[2]); + // execute next test Test2(); }); @@ -120,19 +137,23 @@ function Test2() { ALPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by ALPN checkResults(results[0], {server: {ALPN: 'a', NPN: false}, - client: {ALPN: 'a', NPN: undefined}}); + client: {ALPN: 'a', NPN: undefined}}, errors[0]); // 'b' is selected by ALPN checkResults(results[1], {server: {ALPN: 'b', NPN: false}, - client: {ALPN: 'b', NPN: undefined}}); + client: {ALPN: 'b', NPN: undefined}}, errors[1]); // nothing is selected by ALPN - checkResults(results[2], - {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + const expected_openssl10 = {server: {ALPN: false, NPN: 'http/1.1'}, + client: {ALPN: false, NPN: false}}; + const expected_openssl11 = {}; + const expected = isOpenSSL10 ? expected_openssl10 : expected_openssl11; + checkResults(results[2], expected, errors[2]); + + // execute next test Test3(); }); @@ -153,19 +174,19 @@ function Test3() { NPPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by NPN checkResults(results[0], {server: {ALPN: false, NPN: 'a'}, - client: {ALPN: false, NPN: 'a'}}); + client: {ALPN: false, NPN: 'a'}}, errors[0]); // nothing is selected by ALPN checkResults(results[1], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected by ALPN checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test4(); }); @@ -215,17 +236,21 @@ function Test5() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by ALPN checkResults(results[0], {server: {ALPN: 'a', NPN: false}, - client: {ALPN: 'a', NPN: undefined}}); + client: {ALPN: 'a', NPN: undefined}}, errors[0]); // 'b' is selected by ALPN checkResults(results[1], {server: {ALPN: 'b', NPN: false}, - client: {ALPN: 'b', NPN: undefined}}); + client: {ALPN: 'b', NPN: undefined}}, errors[1]); // nothing is selected by ALPN - checkResults(results[2], {server: {ALPN: false, - NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + const expected_openssl10 = {server: {ALPN: false, + NPN: 'first-priority-unsupported'}, + client: {ALPN: false, NPN: false}}; + const expected_openssl11 = {}; + const expected = isOpenSSL10 ? expected_openssl10 : expected_openssl11; + + checkResults(results[2], expected, errors[2]); // execute next test Test6(); }); @@ -245,16 +270,19 @@ function Test6() { ALPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by ALPN checkResults(results[0], {server: {ALPN: 'a', NPN: false}, - client: {ALPN: 'a', NPN: undefined}}); + client: {ALPN: 'a', NPN: undefined}}, errors[0]); // 'b' is selected by ALPN checkResults(results[1], {server: {ALPN: 'b', NPN: false}, - client: {ALPN: 'b', NPN: undefined}}); + client: {ALPN: 'b', NPN: undefined}}, errors[1]); // nothing is selected by ALPN - checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + const expected_openssl10 = {server: {ALPN: false, NPN: 'http/1.1'}, + client: {ALPN: false, NPN: false}}; + const expected_openssl11 = {}; + const expected = isOpenSSL10 ? expected_openssl10 : expected_openssl11; + checkResults(results[2], expected, errors[2]); // execute next test Test7(); }); @@ -274,17 +302,20 @@ function Test7() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected by ALPN checkResults(results[0], {server: {ALPN: false, NPN: 'a'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[0]); // nothing is selected by ALPN checkResults(results[1], {server: {ALPN: false, NPN: 'c'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[1]); // nothing is selected by ALPN checkResults(results[2], {server: {ALPN: false, NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[2]); // execute next test Test8(); }); @@ -298,17 +329,20 @@ function Test8() { const clientsOptions = [{}, {}, {}]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected by ALPN checkResults(results[0], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[0]); // nothing is selected by ALPN checkResults(results[1], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[1]); // nothing is selected by ALPN checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[2]); // execute next test Test9(); }); @@ -331,17 +365,18 @@ function Test9() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by NPN checkResults(results[0], {server: {ALPN: false, NPN: 'a'}, - client: {ALPN: false, NPN: 'a'}}); + client: {ALPN: false, NPN: 'a'}}, errors[0]); // 'b' is selected by NPN checkResults(results[1], {server: {ALPN: false, NPN: 'b'}, - client: {ALPN: false, NPN: 'b'}}); + client: {ALPN: false, NPN: 'b'}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, + errors[2]); // execute next test Test10(); }); @@ -361,16 +396,16 @@ function Test10() { ALPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected checkResults(results[0], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[0]); // nothing is selected checkResults(results[1], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test11(); }); @@ -390,17 +425,17 @@ function Test11() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // 'a' is selected by NPN checkResults(results[0], {server: {ALPN: false, NPN: 'a'}, - client: {ALPN: false, NPN: 'a'}}); + client: {ALPN: false, NPN: 'a'}}, errors[0]); // 'b' is selected by NPN checkResults(results[1], {server: {ALPN: false, NPN: 'b'}, - client: {ALPN: false, NPN: 'b'}}); + client: {ALPN: false, NPN: 'b'}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test12(); }); @@ -414,17 +449,17 @@ function Test12() { const clientsOptions = [{}, {}, {}]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected checkResults(results[0], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[0]); // nothing is selected checkResults(results[1], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test13(); }); @@ -445,17 +480,17 @@ function Test13() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected checkResults(results[0], {server: {ALPN: false, NPN: 'a'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[0]); // nothing is selected checkResults(results[1], {server: {ALPN: false, NPN: 'c'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test14(); }); @@ -473,17 +508,17 @@ function Test14() { ALPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected checkResults(results[0], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[0]); // nothing is selected checkResults(results[1], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test15(); }); @@ -501,17 +536,17 @@ function Test15() { NPNProtocols: ['first-priority-unsupported', 'x', 'y'] }]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected checkResults(results[0], {server: {ALPN: false, NPN: 'a'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[0]); // nothing is selected checkResults(results[1], {server: {ALPN: false, NPN: 'c'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'first-priority-unsupported'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); // execute next test Test16(); }); @@ -523,17 +558,17 @@ function Test16() { const clientsOptions = [{}, {}, {}]; - runTest(clientsOptions, serverOptions, function(results) { + runTest(clientsOptions, serverOptions, function(results, errors) { // nothing is selected checkResults(results[0], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[0]); // nothing is selected checkResults(results[1], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[1]); // nothing is selected checkResults(results[2], {server: {ALPN: false, NPN: 'http/1.1'}, - client: {ALPN: false, NPN: false}}); + client: {ALPN: false, NPN: false}}, errors[2]); }); } diff --git a/test/parallel/test-tls-cert-regression.js b/test/parallel/test-tls-cert-regression.js index 0a128275c3874d..2f97fa4ac38c16 100644 --- a/test/parallel/test-tls-cert-regression.js +++ b/test/parallel/test-tls-cert-regression.js @@ -28,29 +28,39 @@ if (!common.hasCrypto) { } const tls = require('tls'); - -const cert = -`-----BEGIN CERTIFICATE----- -MIIBfjCCASgCCQDmmNjAojbDQjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB -VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMCAXDTE0MDExNjE3NTMxM1oYDzIyODcxMDMxMTc1MzEzWjBFMQsw -CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu -ZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPKwlfMX -6HGZIt1xm7fna72eWcOYfUfSxSugghvqYgJt2Oi3lH+wsU1O9FzRIVmpeIjDXhbp -Mjsa1HtzSiccPXsCAwEAATANBgkqhkiG9w0BAQUFAANBAHOoKy0NkyfiYH7Ne5ka -uvCyndyeB4d24FlfqEUlkfaWCZlNKRaV9YhLDiEg3BcIreFo4brtKQfZzTRs0GVm -KHg= +// taken from test/fixtures/keys/agent2-cert.pem +const cert = `-----BEGIN CERTIFICATE----- +MIICcTCCAdoCCQDTgzSLdDTF0TANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV +UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO +BgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MjEgMB4GCSqGSIb3DQEJARYR +cnlAdGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExOTAwWhcNNDAxMjE2MTExOTAw +WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYD +VQQKEwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MjEg +MB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAKGYRnu2BdY2R8flqKPLICWO/7NoRVGH4KZBY1uBF/VYXyA2 +VT5O7461mt6oA372BItGyNxdbMEvQBRcLiXTueKF5D+KYu30bWem6A/AxxYvnqU4 +tP+uhsXNuGNQTp8i0vBDM/nUx7QGeP1Kda6C936PCNt7wbGPKPNyACNMbnptAgMB +AAEwDQYJKoZIhvcNAQEFBQADgYEATzjDAPocPA2Jm8wrLBW+fOC478wMo9gT3Y3N +ZU6fnF2dEPFLNETCMtDxnKhi4hnBpaiZ0fu0oaR1cSDRIVtlyW4azNjny4495C0F +JLuP5P5pz+rJe+ImKw+mO1ARA9fUAL3VN6/kVXY/EspwWJcLbJ5jdsDmkRbV52hX +Th4jkAI= -----END CERTIFICATE-----`; -const key = -`-----BEGIN RSA PRIVATE KEY----- -MIIBPQIBAAJBAPKwlfMX6HGZIt1xm7fna72eWcOYfUfSxSugghvqYgJt2Oi3lH+w -sU1O9FzRIVmpeIjDXhbpMjsa1HtzSiccPXsCAwEAAQJBAM4uU9aJE0OfdE1p/X+K -LrCT3XMdFCJ24GgmHyOURtwDy18upQJecDVdcZp16fjtOPmaW95GoYRyifB3R4I5 -RxECIQD7jRM9slCSVV8xp9kOJQNpHjhRQYVGBn+pyllS2sb+RQIhAPb7Y+BIccri -NWnuhwCW8hA7Fkj/kaBdAwyW7L3Tvui/AiEAiqLCovMecre4Yi6GcsQ1b/6mvSmm -IOS+AT6zIfXPTB0CIQCJKGR3ymN/Qw5crL1GQ41cHCQtF9ickOq/lBUW+j976wIh -AOaJnkQrmurlRdePX6LvN/LgGAQoxwovfjcOYNnZsIVY +// taken from test/fixtures/keys/agent2-key.pem +const key = `-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQChmEZ7tgXWNkfH5aijyyAljv+zaEVRh+CmQWNbgRf1WF8gNlU+ +Tu+OtZreqAN+9gSLRsjcXWzBL0AUXC4l07niheQ/imLt9G1npugPwMcWL56lOLT/ +robFzbhjUE6fItLwQzP51Me0Bnj9SnWugvd+jwjbe8GxjyjzcgAjTG56bQIDAQAB +AoGAd19C6g5731N30T5hRqY+GCC72a90TZc/p/Fz0Vva8/4VP3mDnSS4qMaVIlgh +RP++OZjPtqI5PbiG8MNrv7vZe0UXlV7oZE0IA+jomUXsplbwMFf6pkrqdyHi+cbm +rBudhmKeLUgNA6peMGVA83C5g2SMqU5kB+tWzZT7Rs9rsyECQQDWpXxZgULqbFZv +wjpIDGWjOpQZrv123bJ9TQ+VoskCu4vlyDJqDJPwnscl8NnzpFJriDARn0WrB2sd +8GCX1yEpAkEAwLo/MYG5elkNRsE5/vINSIo04Gu6tP/Sd7EBtHYAPHUPjs/MhhVX +tMIGtACheHMwjGRPyr8pboEp2LEap4GjpQJBALNsy+CJ0+TfwPVU96EIc+GZcvlx +NMErGyvwwclEtSDKo2vmCHZrozLtlu1ZQueOgbMPuZbRe8w2vEzfhe8HTtkCQAYy +NrPlwsvPLyEWN0IeEBVD9D0+2WrWSrL0auSdYpaPAOgLgDzTVNWH42VIG+jeczIg +S3xuNuvJlUnVL9Ew1s0CQQCly+gduXtvOYip1/Stm/65kT7d8ICQgjh0XSPw/kUC +llVMQY3z1iFCaj/z0Csr0t0kJ534bH7GP3LOoNruV0p9 -----END RSA PRIVATE KEY-----`; function test(cert, key, cb) { diff --git a/test/parallel/test-tls-connect-address-family.js b/test/parallel/test-tls-connect-address-family.js index f22831f395a8dd..ac9a610700057f 100644 --- a/test/parallel/test-tls-connect-address-family.js +++ b/test/parallel/test-tls-connect-address-family.js @@ -13,17 +13,22 @@ if (!common.hasIPv6) { const assert = require('assert'); const tls = require('tls'); const dns = require('dns'); +const fs = require('fs'); + +const opts = { + key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'), + ca: fs.readFileSync(common.fixturesDir + '/keys/ca1-cert.pem') +}; function runTest() { - const ciphers = 'AECDH-NULL-SHA'; - tls.createServer({ ciphers }, common.mustCall(function() { + tls.createServer(opts, common.mustCall(function() { this.close(); })).listen(0, '::1', common.mustCall(function() { const options = { host: 'localhost', port: this.address().port, family: 6, - ciphers: ciphers, rejectUnauthorized: false, }; // Will fail with ECONNREFUSED if the address family is not honored. diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index 2f86e82be7fc96..ad12688bb0bac7 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -76,7 +76,7 @@ function test(keylen, expectedCipher, cb) { '-cipher', ciphers]; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); const client = spawn(common.opensslCli, args); diff --git a/test/parallel/test-tls-ecdh-disable.js b/test/parallel/test-tls-ecdh-disable.js index 195ca529395fba..1ed6ab83a91bd6 100644 --- a/test/parallel/test-tls-ecdh-disable.js +++ b/test/parallel/test-tls-ecdh-disable.js @@ -46,7 +46,7 @@ const fs = require('fs'); const options = { key: fs.readFileSync(`${common.fixturesDir}/keys/agent2-key.pem`), cert: fs.readFileSync(`${common.fixturesDir}/keys/agent2-cert.pem`), - ciphers: 'ECDHE-RSA-RC4-SHA', + ciphers: 'ECDHE-RSA-AES128-GCM-SHA256', ecdhCurve: false }; @@ -57,7 +57,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { options.ciphers} -connect 127.0.0.1:${this.address().port}`; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) cmd += ' -no_rand_screen'; exec(cmd, common.mustCall(function(err, stdout, stderr) { diff --git a/test/parallel/test-tls-ecdh.js b/test/parallel/test-tls-ecdh.js index 32e77456bdc045..0db9580d496911 100644 --- a/test/parallel/test-tls-ecdh.js +++ b/test/parallel/test-tls-ecdh.js @@ -56,7 +56,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { options.ciphers} -connect 127.0.0.1:${this.address().port}`; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) cmd += ' -no_rand_screen'; exec(cmd, common.mustCall(function(err, stdout, stderr) { diff --git a/test/parallel/test-tls-econnreset.js b/test/parallel/test-tls-econnreset.js index 798c10ca4c141c..494a85c65e0e60 100644 --- a/test/parallel/test-tls-econnreset.js +++ b/test/parallel/test-tls-econnreset.js @@ -23,10 +23,22 @@ const common = require('../common'); const assert = require('assert'); +// Check if a tls server can handle clientError properly. +// The ECONRESET error is triggered from a tls client due to TLS +// handshake error with using 384 bits RSA certs and RSA key exchange +// because its RSA size is too small to carry premaster secret. + if (!common.hasCrypto) { common.skip('missing crypto'); return; } + +// 384 bits RSA key cannot be accepted in openssl-1.1.x +if (!common.isOpenSSL10) { + common.skip('due to openssl-' + process.versions.openssl); + return; +} + const tls = require('tls'); const cacert = diff --git a/test/parallel/test-tls-junk-server.js b/test/parallel/test-tls-junk-server.js index 9b5ab6fdcc649d..a884cb613554ea 100644 --- a/test/parallel/test-tls-junk-server.js +++ b/test/parallel/test-tls-junk-server.js @@ -18,12 +18,15 @@ const server = net.createServer(function(s) { }); }); +const expected_err = common.isOpenSSL10 ? /unknown protocol/ : + /wrong version number/; + server.listen(0, function() { const req = https.request({ port: this.address().port }); req.end(); req.once('error', common.mustCall(function(err) { - assert(/unknown protocol/.test(err.message)); + assert(expected_err.test(err.message)); server.close(); })); }); diff --git a/test/parallel/test-tls-multi-key.js b/test/parallel/test-tls-multi-key.js index 6158f7d4057657..42acf26700727d 100644 --- a/test/parallel/test-tls-multi-key.js +++ b/test/parallel/test-tls-multi-key.js @@ -63,12 +63,14 @@ const server = tls.createServer(options, function(conn) { }); }); +const version = common.isOpenSSL10 ? 'TLSv1/SSLv3' : 'TLSv1.2'; + process.on('exit', function() { assert.deepStrictEqual(ciphers, [{ name: 'ECDHE-ECDSA-AES256-GCM-SHA384', - version: 'TLSv1/SSLv3' + version: version }, { name: 'ECDHE-RSA-AES256-GCM-SHA384', - version: 'TLSv1/SSLv3' + version: version }]); }); diff --git a/test/parallel/test-tls-no-sslv3.js b/test/parallel/test-tls-no-sslv3.js index fe0c4fe7eabe14..206f2d9312e8d1 100644 --- a/test/parallel/test-tls-no-sslv3.js +++ b/test/parallel/test-tls-no-sslv3.js @@ -34,7 +34,7 @@ server.listen(0, '127.0.0.1', function() { '-connect', address]; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); const client = spawn(common.opensslCli, args, { stdio: 'pipe' }); diff --git a/test/parallel/test-tls-securepair-server.js b/test/parallel/test-tls-securepair-server.js index 00e8cd591ff2c9..227258f078dca2 100644 --- a/test/parallel/test-tls-securepair-server.js +++ b/test/parallel/test-tls-securepair-server.js @@ -121,7 +121,7 @@ server.listen(0, common.mustCall(function() { const args = ['s_client', '-connect', `127.0.0.1:${this.address().port}`]; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); const client = spawn(common.opensslCli, args); diff --git a/test/parallel/test-tls-server-failed-handshake-emits-clienterror.js b/test/parallel/test-tls-server-failed-handshake-emits-clienterror.js index 1ff7decf3cf9cc..0ce9e488dc9316 100644 --- a/test/parallel/test-tls-server-failed-handshake-emits-clienterror.js +++ b/test/parallel/test-tls-server-failed-handshake-emits-clienterror.js @@ -11,6 +11,9 @@ const assert = require('assert'); const bonkers = Buffer.alloc(1024, 42); +const expected = common.isOpenSSL10 ? + /SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/ : + /wrong version/; const server = tls.createServer({}) .listen(0, function() { @@ -21,9 +24,7 @@ const server = tls.createServer({}) }).on('tlsClientError', common.mustCall(function(e) { assert.ok(e instanceof Error, 'Instance of Error should be passed to error handler'); - assert.ok(e.message.match( - /SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/), - 'Expecting SSL unknown protocol'); + assert.ok(e.message.match(expected), 'Expecting SSL unknown protocol'); server.close(); })); diff --git a/test/parallel/test-tls-server-verify.js b/test/parallel/test-tls-server-verify.js index 2d7323dc5a840d..8de24d7344c3e6 100644 --- a/test/parallel/test-tls-server-verify.js +++ b/test/parallel/test-tls-server-verify.js @@ -157,7 +157,7 @@ function runClient(prefix, port, options, cb) { const args = ['s_client', '-connect', `127.0.0.1:${port}`]; // for the performance issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); console.log(`${prefix} connecting with`, options.name); diff --git a/test/parallel/test-tls-session-cache.js b/test/parallel/test-tls-session-cache.js index 5a380597f5078a..8629f6e2746693 100644 --- a/test/parallel/test-tls-session-cache.js +++ b/test/parallel/test-tls-session-cache.js @@ -118,7 +118,7 @@ function doTest(testOptions, callback) { ].concat(testOptions.tickets ? [] : '-no_ticket'); // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) args.push('-no_rand_screen'); function spawnClient() { diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js index e5c3a419bc6099..38925457b9e8c3 100644 --- a/test/parallel/test-tls-set-ciphers.js +++ b/test/parallel/test-tls-set-ciphers.js @@ -59,7 +59,7 @@ server.listen(0, '127.0.0.1', function() { options.ciphers} -connect 127.0.0.1:${this.address().port}`; // for the performance and stability issue in s_client on Windows - if (common.isWindows) + if (common.needNoRandScreen) cmd += ' -no_rand_screen'; exec(cmd, function(err, stdout, stderr) { diff --git a/test/parallel/test-tls-socket-failed-handshake-emits-error.js b/test/parallel/test-tls-socket-failed-handshake-emits-error.js index ffeb42c8ebd8da..299aa07e4cfba9 100644 --- a/test/parallel/test-tls-socket-failed-handshake-emits-error.js +++ b/test/parallel/test-tls-socket-failed-handshake-emits-error.js @@ -11,6 +11,10 @@ const assert = require('assert'); const bonkers = Buffer.alloc(1024, 42); +const expected_err = common.isOpenSSL10 ? + /SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/ : + /wrong version number/; + const server = net.createServer(function(c) { setTimeout(function() { const s = new tls.TLSSocket(c, { @@ -19,10 +23,10 @@ const server = net.createServer(function(c) { }); s.on('error', common.mustCall(function(e) { + assert.ok(e instanceof Error, 'Instance of Error should be passed to error handler'); - assert.ok(e.message.match( - /SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol/), + assert.ok(e.message.match(expected_err), 'Expecting SSL unknown protocol'); })); diff --git a/test/parallel/test-tls-ticket.js b/test/parallel/test-tls-ticket.js index b2541e06ab8872..eec7b8b56f2b53 100644 --- a/test/parallel/test-tls-ticket.js +++ b/test/parallel/test-tls-ticket.js @@ -33,7 +33,8 @@ const fs = require('fs'); const net = require('net'); const crypto = require('crypto'); -const keys = crypto.randomBytes(48); +const ticketKeySize = common.isOpenSSL10 ? 48 : 80; +const keys = crypto.randomBytes(ticketKeySize); const serverLog = []; const ticketLog = []; @@ -57,7 +58,7 @@ function createServer() { // Rotate ticket keys if (counter === 1) { previousKey = server.getTicketKeys(); - server.setTicketKeys(crypto.randomBytes(48)); + server.setTicketKeys(crypto.randomBytes(ticketKeySize)); } else if (counter === 2) { server.setTicketKeys(previousKey); } else if (counter === 3) {