-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: replace s_client in test-https-ci-reneg-attack #25720
Conversation
Replace `s_client` in test-https-ci-reneg-attack with built-in client calling `tls.renegotiate()`. This also fixes the currently-broken test. (It is broken due to a change in behavior in a recently-updated-in-core version of `s_client`.)
Pummel tests are not run in regular CI so this combination should be sufficient: Lite CI: https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/2398/ Repurposed custom-suites job from node-daily-master that runs the pummel tests, but set to only run this one (because there is one other broken pummel test fixed in another PR that hasn't landed yet): https://ci.nodejs.org/job/node-test-commit-custom-suites/841/ |
}); | ||
const options = { | ||
rejectUnauthorized: false, | ||
agent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a trailing comma?
Landed in 43c2a13` |
Replace `s_client` in test-https-ci-reneg-attack with built-in client calling `tls.renegotiate()`. This also fixes the currently-broken test. (It is broken due to a change in behavior in a recently-updated-in-core version of `s_client`.) PR-URL: nodejs#25720 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
BTW, a run with the full suite fails |
Interesting. it's a different test that fails (test-tls rather than test-https) but it's still TLS renegotiation... |
@refack Is it possible something funky is up with the git checkout on that run? Here's output from that run: 08:25:56 AssertionError [ERR_ASSERTION]: The expression evaluated to a falsy value:
08:25:56
08:25:56 assert(/TLS session renegotiation attack/.test(err))
08:25:56
08:25:56 at TLSSocket.<anonymous> (/home/iojs/build/workspace/node-test-commit-custom-suites/default/test/pummel/test-tls-ci-reneg-attack.js:59:7) But the |
Yeah, in fact, I'm going to call "funky checkout" on this one. It seems that somehow c421619 is missing. That change fixed that test for this sort of thing. And before that change, the |
I used the head of this PR - b2ad179: 11:20:08 > git fetch --no-tags --progress git@github.com:nodejs/node.git +refs/heads/*:refs/remotes/origin/* +refs/pull/25720/head:refs/remotes/origin/_jenkins_local_branch # timeout=20
11:20:15 Checking out Revision b2ad1797bde3da028813b073e68dc5ae2d3c9541 (refs/remotes/origin/_jenkins_local_branch)
11:20:15 > git config core.sparsecheckout # timeout=10
11:20:15 > git checkout -f b2ad1797bde3da028813b073e68dc5ae2d3c9541 # timeout=10 |
Replace `s_client` in test-https-ci-reneg-attack with built-in client calling `tls.renegotiate()`. This also fixes the currently-broken test. (It is broken due to a change in behavior in a recently-updated-in-core version of `s_client`.) PR-URL: #25720 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Ah! That'll do it. This branch didn't have the fix for the other test in it. But it had landed on master. |
Replace
s_client
in test-https-ci-reneg-attack with built-inclient calling
tls.renegotiate()
. This also fixes the currently-brokentest. (It is broken due to a change in behavior in a
recently-updated-in-core version of
s_client
.)Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes