test: update tests for OpenSSL 3.0.14 #53373

richardlau · 2024-06-06T18:51:30Z

Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols.

Update tests to handle both the old ECONNRESET error on older versions of OpenSSL and the new ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL on newer versions of OpenSSL.

Refs: openssl/openssl#24338

Addresses these failures (Node.js dynamically linked against OpenSSL 3.0.14 -- I first noticed these (and other failures) with OpenSSL 3.2.2):

not ok 1779 parallel/test-http2-https-fallback
  ---
  duration_ms: 164.14700
  severity: fail
  exitcode: 1
  stack: |-
    node:assert:126
      throw new AssertionError(obj);
      ^

    AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
    + actual - expected

    + 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'
    - 'ECONNRESET'
        at TLSSocket.<anonymous> (/home/nodejs/node/test/parallel/test-http2-https-fallback.js:154:11)
        at TLSSocket.<anonymous> (/home/nodejs/node/test/common/index.js:466:15)
        at TLSSocket.emit (node:events:520:28)
        at emitErrorNT (node:internal/streams/destroy:170:8)
        at emitErrorCloseNT (node:internal/streams/destroy:129:3)
        at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
      generatedMessage: true,
      code: 'ERR_ASSERTION',
      actual: 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL',
      expected: 'ECONNRESET',
      operator: 'strictEqual'
    }

    Node.js v23.0.0-pre
  ...
--
not ok 1873 parallel/test-http2-server-unknown-protocol
  ---
  duration_ms: 132.88000
  severity: fail
  exitcode: 1
  stack: |-
    node:assert:126
      throw new AssertionError(obj);
      ^

    AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
    + actual - expected

    + 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'
    - 'ECONNRESET'
        at TLSSocket.<anonymous> (/home/nodejs/node/test/parallel/test-http2-server-unknown-protocol.js:45:12)
        at TLSSocket.<anonymous> (/home/nodejs/node/test/common/index.js:466:15)
        at TLSSocket.emit (node:events:520:28)
        at emitErrorNT (node:internal/streams/destroy:170:8)
        at emitErrorCloseNT (node:internal/streams/destroy:129:3)
        at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
      generatedMessage: true,
      code: 'ERR_ASSERTION',
      actual: 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL',
      expected: 'ECONNRESET',
      operator: 'strictEqual'
    }

    Node.js v23.0.0-pre
  ...
--
not ok 3010 parallel/test-tls-alpn-server-client
  ---
  duration_ms: 156.74900
  severity: fail
  exitcode: 1
  stack: |-
    node:assert:126
      throw new AssertionError(obj);
      ^

    AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
    + actual - expected

    + 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'
    - 'ECONNRESET'
        at TLSSocket.<anonymous> (/home/nodejs/node/test/parallel/test-tls-alpn-server-client.js:195:14)
        at TLSSocket.<anonymous> (/home/nodejs/node/test/common/index.js:466:15)
        at TLSSocket.emit (node:events:520:28)
        at emitErrorNT (node:internal/streams/destroy:170:8)
        at emitErrorCloseNT (node:internal/streams/destroy:129:3)
        at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
      generatedMessage: true,
      code: 'ERR_ASSERTION',
      actual: 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL',
      expected: 'ECONNRESET',
      operator: 'strictEqual'
    }

    Node.js v23.0.0-pre
  ...

cc @nodejs/crypto

nodejs-github-bot · 2024-06-06T18:52:52Z

CI: https://ci.nodejs.org/job/node-test-pull-request/59681/

Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338

nodejs-github-bot · 2024-06-07T11:36:46Z

CI: https://ci.nodejs.org/job/node-test-pull-request/59682/

nodejs-github-bot · 2024-06-07T13:55:28Z

CI: https://ci.nodejs.org/job/node-test-pull-request/59684/

mhdawson

LGTM

tniessen · 2024-06-07T15:02:14Z

@richardlau Is there any chance you could make this conditional based on the version of OpenSSL? Otherwise, we'll likely forget about it and keep the old code here forever.

richardlau · 2024-06-07T15:25:17Z

@richardlau Is there any chance you could make this conditional based on the version of OpenSSL? Otherwise, we'll likely forget about it and keep the old code here forever.

It's going to be complicated -- there's currently four OpenSSL 3 lines:

3.0.x
3.1.x
3.2.x
3.3.x

and the change is only in the latest release of each of those four lines.

richardlau · 2024-06-10T12:59:26Z

@richardlau Is there any chance you could make this conditional based on the version of OpenSSL? Otherwise, we'll likely forget about it and keep the old code here forever.

@tniessen We'd end up with code like this repeated for each of the three tests:

diff --git a/test/parallel/test-http2-https-fallback.js b/test/parallel/test-http2-https-fallback.js
index 8e0612375f4..8a1c06caad4 100644
--- a/test/parallel/test-http2-https-fallback.js
+++ b/test/parallel/test-http2-https-fallback.js
@@ -151,7 +151,14 @@ function onSession(session, next) {
       // Incompatible ALPN TLS client
       tls(Object.assign({ port, ALPNProtocols: ['fake'] }, clientOptions))
         .on('error', common.mustCall((err) => {
-          strictEqual(err.code, 'ECONNRESET');
+          // ECONNRESET prior to OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1.
+          const { OPENSSL_VERSION_NUMBER } = require('node:crypto').constants;
+          const expectedErr = (OPENSSL_VERSION_NUMBER < 0x300000e0 ||
+            (OPENSSL_VERSION_NUMBER >= 0x30100000 && OPENSSL_VERSION_NUMBER < 0x30100060) ||
+            (OPENSSL_VERSION_NUMBER >= 0x30200000 && OPENSSL_VERSION_NUMBER < 0x30200020) ||
+            (OPENSSL_VERSION_NUMBER >= 0x30300000 && OPENSSL_VERSION_NUMBER < 0x30300010)) ?
+            'ECONNRESET' : 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL';
+          strictEqual(err.code, expectedErr);
           cleanup();
           testNoALPN();
         }));

If you think this is worth doing I can update this PR, but I think this is harder to read.

tniessen · 2024-06-10T17:34:27Z

@richardlau It's entirely up to you :)

richardlau · 2024-06-10T17:39:48Z

@richardlau It's entirely up to you :)

In which case I'll land as-is as this has a passing CI, approvals and no blocks 🙂.

nodejs-github-bot · 2024-06-10T17:43:38Z

Landed in 14863e8

Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

lheckemann · 2024-06-20T17:58:23Z

Older versions do fail the tests against newer OpenSSL versions, so could this be backported to v18 and v20?

richardlau · 2024-06-20T17:59:19Z

Older versions do fail the tests against newer OpenSSL versions, so could this be backported to v18 and v20?

Once it's gone out in a current (i.e. Node.js 22) release first.

Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: nodejs#53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>

richardlau added test Issues and PRs related to the tests. openssl Issues and PRs related to the OpenSSL dependency. lts-watch-v18.x PRs that may need to be released in v18.x. lts-watch-v20.x PRs that may need to be released in v20.x labels Jun 6, 2024

nodejs-github-bot added the needs-ci PRs that need a full CI run. label Jun 6, 2024

lpinca approved these changes Jun 6, 2024

View reviewed changes

richardlau force-pushed the openssl3.0.14tests branch from fecfde6 to 25d62ec Compare June 7, 2024 11:36

mhdawson approved these changes Jun 7, 2024

View reviewed changes

richardlau mentioned this pull request Jun 7, 2024

Test failures with OpenSSL 3.2.2 #53382

Closed

26 tasks

richardlau added the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 10, 2024

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 10, 2024

nodejs-github-bot merged commit 14863e8 into nodejs:main Jun 10, 2024
51 checks passed

richardlau deleted the openssl3.0.14tests branch June 10, 2024 18:05

lheckemann mentioned this pull request Jun 20, 2024

nodejs: run JS test suite as part of the checks NixOS/nixpkgs#313982

Merged

13 tasks

targos mentioned this pull request Jun 25, 2024

v22.4.0 release proposal #53583

Merged

Karliz24 mentioned this pull request Jul 9, 2024

## 2024-07-02, Version 22.4.0 (Current), @targos Karliz24/Marley-#16

Open

marco-ippolito mentioned this pull request Jul 19, 2024

v20.16.0 proposal #53945

Merged

richardlau mentioned this pull request Aug 21, 2024

Revert "deps: upgrade openssl sources to quictls/openssl-3.0.14+quic1" #54491

Closed

targos removed the lts-watch-v20.x PRs that may need to be released in v20.x label Sep 30, 2024

aduh95 removed the lts-watch-v18.x PRs that may need to be released in v18.x. label Nov 2, 2024

aduh95 mentioned this pull request Nov 7, 2024

2024-11-12, Version 18.20.5 'Hydrogen' (LTS) #55768

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test: update tests for OpenSSL 3.0.14 #53373

test: update tests for OpenSSL 3.0.14 #53373

richardlau commented Jun 6, 2024 •

edited

Loading

nodejs-github-bot commented Jun 6, 2024

nodejs-github-bot commented Jun 7, 2024

nodejs-github-bot commented Jun 7, 2024

mhdawson left a comment

tniessen commented Jun 7, 2024

richardlau commented Jun 7, 2024

richardlau commented Jun 10, 2024 •

edited

Loading

tniessen commented Jun 10, 2024

richardlau commented Jun 10, 2024

nodejs-github-bot commented Jun 10, 2024

lheckemann commented Jun 20, 2024

richardlau commented Jun 20, 2024

test: update tests for OpenSSL 3.0.14 #53373

test: update tests for OpenSSL 3.0.14 #53373

Conversation

richardlau commented Jun 6, 2024 • edited Loading

nodejs-github-bot commented Jun 6, 2024

nodejs-github-bot commented Jun 7, 2024

nodejs-github-bot commented Jun 7, 2024

mhdawson left a comment

Choose a reason for hiding this comment

tniessen commented Jun 7, 2024

richardlau commented Jun 7, 2024

richardlau commented Jun 10, 2024 • edited Loading

tniessen commented Jun 10, 2024

richardlau commented Jun 10, 2024

nodejs-github-bot commented Jun 10, 2024

lheckemann commented Jun 20, 2024

richardlau commented Jun 20, 2024

richardlau commented Jun 6, 2024 •

edited

Loading

richardlau commented Jun 10, 2024 •

edited

Loading