diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc index 64e788dcecaca1..e6731638aa2c87 100644 --- a/src/crypto/crypto_sig.cc +++ b/src/crypto/crypto_sig.cc @@ -92,12 +92,15 @@ std::unique_ptr Node_SignFinal(Environment* env, sig = ArrayBuffer::NewBackingStore(env->isolate(), sig_len); } EVPKeyCtxPointer pkctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); - if (pkctx && - EVP_PKEY_sign_init(pkctx.get()) && + if (pkctx && EVP_PKEY_sign_init(pkctx.get()) > 0 && ApplyRSAOptions(pkey, pkctx.get(), padding, pss_salt_len) && - EVP_PKEY_CTX_set_signature_md(pkctx.get(), EVP_MD_CTX_md(mdctx.get())) && - EVP_PKEY_sign(pkctx.get(), static_cast(sig->Data()), - &sig_len, m, m_len)) { + EVP_PKEY_CTX_set_signature_md(pkctx.get(), EVP_MD_CTX_md(mdctx.get())) > + 0 && + EVP_PKEY_sign(pkctx.get(), + static_cast(sig->Data()), + &sig_len, + m, + m_len) > 0) { CHECK_LE(sig_len, sig->ByteLength()); if (sig_len == 0) sig = ArrayBuffer::NewBackingStore(env->isolate(), 0); @@ -420,6 +423,11 @@ void Sign::SignFinal(const FunctionCallbackInfo& args) { if (!key) return; + if (IsOneShot(key)) { + THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env); + return; + } + int padding = GetDefaultSignPadding(key); if (!args[offset]->IsUndefined()) { CHECK(args[offset]->IsInt32()); @@ -521,14 +529,18 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey, return kSignPublicKey; EVPKeyCtxPointer pkctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); - if (pkctx && - EVP_PKEY_verify_init(pkctx.get()) > 0 && - ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) && - EVP_PKEY_CTX_set_signature_md(pkctx.get(), - EVP_MD_CTX_md(mdctx.get())) > 0) { - const unsigned char* s = sig.data(); - const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len); - *verify_result = r == 1; + if (pkctx) { + const int init_ret = EVP_PKEY_verify_init(pkctx.get()); + if (init_ret == -2) { + return kSignPublicKey; + } + if (init_ret > 0 && ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) && + EVP_PKEY_CTX_set_signature_md(pkctx.get(), EVP_MD_CTX_md(mdctx.get())) > + 0) { + const unsigned char* s = sig.data(); + const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len); + *verify_result = r == 1; + } } return kSignOk; @@ -547,6 +559,11 @@ void Verify::VerifyFinal(const FunctionCallbackInfo& args) { if (!pkey) return; + if (IsOneShot(pkey)) { + THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env); + return; + } + ArrayBufferOrViewContents hbuf(args[offset]); if (UNLIKELY(!hbuf.CheckSizeInt32())) return THROW_ERR_OUT_OF_RANGE(env, "buffer is too big"); diff --git a/src/node_metadata.cc b/src/node_metadata.cc index 22546e9de25bdf..361b3596b4a65c 100644 --- a/src/node_metadata.cc +++ b/src/node_metadata.cc @@ -17,7 +17,7 @@ #include "zlib.h" #if HAVE_OPENSSL -#include +#include #if NODE_OPENSSL_HAS_QUIC #include #endif @@ -49,9 +49,10 @@ static constexpr size_t search(const char* s, char c, size_t n = 0) { static inline std::string GetOpenSSLVersion() { // sample openssl version string format // for reference: "OpenSSL 1.1.0i 14 Aug 2018" - constexpr size_t start = search(OPENSSL_VERSION_TEXT, ' ') + 1; - constexpr size_t len = search(&OPENSSL_VERSION_TEXT[start], ' '); - return std::string(OPENSSL_VERSION_TEXT, start, len); + const char* version = OpenSSL_version(OPENSSL_VERSION); + const size_t start = search(version, ' ') + 1; + const size_t len = search(&version[start], ' '); + return std::string(version, start, len); } #endif // HAVE_OPENSSL diff --git a/test/common/index.js b/test/common/index.js index e25b861cce1cd6..7c1b99a9f78d63 100644 --- a/test/common/index.js +++ b/test/common/index.js @@ -55,11 +55,24 @@ const noop = () => {}; const hasCrypto = Boolean(process.versions.openssl) && !process.env.NODE_SKIP_CRYPTO; -const hasOpenSSL3 = hasCrypto && - require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000; +// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL +const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => { + assert(major >= 0 && major <= 0xf); + assert(minor >= 0 && minor <= 0xff); + assert(patch >= 0 && patch <= 0xff); + return (major << 28) | (minor << 20) | (patch << 4); +}; -const hasOpenSSL31 = hasCrypto && - require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000; +let OPENSSL_VERSION_NUMBER; +const hasOpenSSL = (major = 0, minor = 0, patch = 0) => { + if (!hasCrypto) return false; + if (OPENSSL_VERSION_NUMBER === undefined) { + const regexp = /(?\d+)\.(?\d+)\.(?

\d+)/; + const { m, n, p } = process.versions.openssl.match(regexp).groups; + OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p); + } + return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch); +}; const hasQuic = hasCrypto && !!process.config.variables.openssl_quic; @@ -900,8 +913,7 @@ const common = { getTTYfd, hasIntl, hasCrypto, - hasOpenSSL3, - hasOpenSSL31, + hasOpenSSL, hasQuic, hasMultiLocalhost, invalidArgTypeHelper, @@ -962,6 +974,18 @@ const common = { }); }, + get hasOpenSSL3() { + return hasOpenSSL(3); + }, + + get hasOpenSSL31() { + return hasOpenSSL(3, 1); + }, + + get hasOpenSSL32() { + return hasOpenSSL(3, 2); + }, + get inFreeBSDJail() { if (inFreeBSDJail !== null) return inFreeBSDJail; diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile index 313183f6d6e3ed..3339f4b912dc92 100644 --- a/test/fixtures/keys/Makefile +++ b/test/fixtures/keys/Makefile @@ -24,7 +24,10 @@ all: \ dh512.pem \ dh1024.pem \ dh2048.pem \ + dh3072.pem \ dherror.pem \ + dh_private.pem \ + dh_public.pem \ dsa_params.pem \ dsa_private.pem \ dsa_private_encrypted.pem \ @@ -594,9 +597,18 @@ dh1024.pem: dh2048.pem: openssl dhparam -out dh2048.pem 2048 +dh3072.pem: + openssl dhparam -out dh3072.pem 3072 + dherror.pem: dh1024.pem sed 's/^[^-].*/AAAAAAAAAA/g' dh1024.pem > dherror.pem +dh_private.pem: + openssl genpkey -algorithm dh -out dh_private.pem -pkeyopt dh_param:ffdhe2048 + +dh_public.pem: dh_private.pem + openssl pkey -in dh_private.pem -pubout -out dh_public.pem + dsa_params.pem: openssl dsaparam -out dsa_params.pem 2048 diff --git a/test/fixtures/keys/agent10-cert.pem b/test/fixtures/keys/agent10-cert.pem index ce0e515e823d1b..59bb0705757d5b 100644 --- a/test/fixtures/keys/agent10-cert.pem +++ b/test/fixtures/keys/agent10-cert.pem @@ -1,41 +1,47 @@ -----BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgITMVaZ0eX5Kp8NI4vaKFVI592wTjANBgkqhkiG9w0BAQsF -ADCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEfMB0G -A1UECgwWVGhlIE5vZGUuanMgRm91bmRhdGlvbjEQMA4GA1UECwwHTm9kZS5qczEM -MAoGA1UEAwwDY2E0MR4wHAYJKoZIhvcNAQkBFg9jYTRAZXhhbXBsZS5vcmcwIBcN -MjIwOTAzMjE0MDM3WhgPMjI5NjA2MTcyMTQwMzdaMHgxCzAJBgNVBAYTAlVTMQsw -CQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxHzAdBgNVBAoMFlRoZSBOb2RlLmpzIEZv -dW5kYXRpb24xEDAOBgNVBAsMB05vZGUuanMxHDAaBgNVBAMME2FnZW50MTAuZXhh -bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP49yjMES5 -1sfYG4ac06jR7DnSizMDgW+0V6CFPguv6p1D08aBA60mhY8+tjsbin3DYRiTB2HN -7C9svZ2cAffKK9W/40G6+jfJuB6I8g+LtdZ9hViw2RC0k4PFLzpG3VsJRpM4Wfos -/ubZqBuNGLN+K68sAFU0jbUra4dtJQXMi7SlFlJIUx2g10OF312uJcREfFVgNAw4 -EIZ2H7bmGtpE0p3UfBir4HTy5nz4ruYCbbzNWDuX7RIGZSXtqaQc7P9QPvuLzspl -feI8S2oRTLRIgDEatXJFlIWzGu1kF7XjftOrnFHwRWICK6joqSzdLhSS02qfqIRF -JFVZ8QNq11bhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACenzaglCUisBHiI7H/v -tOF/75jxDUO8FmV3mksh33EpTmzoBiQD1DiTFQu/EEJ/iAbdTRJ1PVnJsMTFH0Bm -7SmkYOCpETleXjU1MwHZIvh/gGa/CjLZhop26FkK2oqENl7iaM9vvqxxQ8H4Niit -ay3cn+aB9o8MjTH9Ki9iH0LS6bwtqqRimXXX0sx3HTUnFxD/7tzE7s6t7ayk+rIJ -6mBeQAw3UjNzjtLTvSxHoPFto7z5imF+6/v236UlOTdQpkbRS1KlxA8wm/NisWeq -TLjPh5BkZof+CwTUoAFK+WILsIHuvVY9SZBNcsQvsBao/whRR2Z8bU1HDAh8jHnk -4wo= +MIIDijCCAnICFAa1gku/rBMKem53dr6+kaDTIvSCMA0GCSqGSIb3DQEBCwUAMIGI +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMR8wHQYDVQQK +DBZUaGUgTm9kZS5qcyBGb3VuZGF0aW9uMRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYD +VQQDDANjYTQxHjAcBgkqhkiG9w0BCQEWD2NhNEBleGFtcGxlLm9yZzAgFw0yNDA4 +MjcyMjU4NDRaGA8yMjk4MDYxMTIyNTg0NFoweDELMAkGA1UEBhMCVVMxCzAJBgNV +BAgMAkNBMQswCQYDVQQHDAJTRjEfMB0GA1UECgwWVGhlIE5vZGUuanMgRm91bmRh +dGlvbjEQMA4GA1UECwwHTm9kZS5qczEcMBoGA1UEAwwTYWdlbnQxMC5leGFtcGxl +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/j3KMwRLnWx9gb +hpzTqNHsOdKLMwOBb7RXoIU+C6/qnUPTxoEDrSaFjz62OxuKfcNhGJMHYc3sL2y9 +nZwB98or1b/jQbr6N8m4HojyD4u11n2FWLDZELSTg8UvOkbdWwlGkzhZ+iz+5tmo +G40Ys34rrywAVTSNtStrh20lBcyLtKUWUkhTHaDXQ4XfXa4lxER8VWA0DDgQhnYf +tuYa2kTSndR8GKvgdPLmfPiu5gJtvM1YO5ftEgZlJe2ppBzs/1A++4vOymV94jxL +ahFMtEiAMRq1ckWUhbMa7WQXteN+06ucUfBFYgIrqOipLN0uFJLTap+ohEUkVVnx +A2rXVuECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAy0rm8E+PR+ZuaQsz8Q3s0Y7I +fNICuwEyByMcwiwCjvMM2FwNZbnmagmSQ2eo+jD0GMAcBLS61AWhC8tPqO6DfFOj +7L07NYJWTKQMqAsv3n6Nl0uXd8Aa4iGDhsMeTZXXk4E/GsZZ8T4pDmE8TtY6285Y +ONU7uKKFcnIfQwtcEUnpwqSAYmQxKa+rhQ974rW3hBCxvtrwNRXsMjCoPyfkIuOz +9P6ThZfMWlmuKg852Yi2VglaOrxakQInQGz4Q0JHyROd/e9m3J+t/QFR9VqtRnX8 +UEOlxD8iazk//VFd7WrO2jzqjXFIzBNrdvmsNsP+8uIjrGJtHdKeHL7v5V687A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDFzCCAoCgAwIBAgIJAJHwBmNgafKfMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoMBkpveWVu -dDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZIhvcNAQkB -FhFyeUB0aW55Y2xvdWRzLm9yZzAgFw0yMjA5MDMxNDQ2NTFaGA8yMjk2MDYxNzE0 -NDY1MVowgYgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0Yx -HzAdBgNVBAoMFlRoZSBOb2RlLmpzIEZvdW5kYXRpb24xEDAOBgNVBAsMB05vZGUu -anMxDDAKBgNVBAMMA2NhNDEeMBwGCSqGSIb3DQEJARYPY2E0QGV4YW1wbGUub3Jn -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HnUahyfA25t8kaziu0i -vVMkTWntm0pJ8oemeO7yCGaY4QHEwN+QUzrzO7y7ngl2Dt76eEvj0mrgaW8Ao7Ns -ePfp3663g8RrBsb4cR1da2Tc8kpXCqgwbcTlm8HI/7OAdHGA2YDLNv7iyVk9meHM -gYfO9dVgrZ7RxfnGwNMJdNjYJrd02xeU6euoKl9j/ZWCG5xHAM2xAXOKHGm8toIm -+Ss6iZXY8kypy7Fjwyv7jMT8V+pzIWu24xd3Y3s07r59nkFmQ29nHMTaLP7Tf3TY -MBI5mp8fet732aBoywpQ/w05LR9gdM1jpUvIlmhj4qGskv17AMEmRecwic3opq/b -yQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADsFOR+N -Bcm2FyHOutoFpQn70qAFg0xlO3NTH87uubbs6rf3LDrsskhjskfs6wpUk56IJOoU -H7+F7aDDtSrnxzxxC5eZeGyaN05T5N01OdK3xvqUnr7mg/Ce0jnxrZhxHI8SHOqs -Kwrg4fRasUHGhH286Y13xOj2pLSrVoSbkXsA +MIIEaDCCA1CgAwIBAgIUDxaIwCfB2vttbQL/LlnVg4mwMUAwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTIxIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTI0MDgyNzIyNTg0NFoY +DzIyOTgwNjExMjI1ODQ0WjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw +CQYDVQQHDAJTRjEfMB0GA1UECgwWVGhlIE5vZGUuanMgRm91bmRhdGlvbjEQMA4G +A1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2E0MR4wHAYJKoZIhvcNAQkBFg9jYTRA +ZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQedRq +HJ8Dbm3yRrOK7SK9UyRNae2bSknyh6Z47vIIZpjhAcTA35BTOvM7vLueCXYO3vp4 +S+PSauBpbwCjs2x49+nfrreDxGsGxvhxHV1rZNzySlcKqDBtxOWbwcj/s4B0cYDZ +gMs2/uLJWT2Z4cyBh8711WCtntHF+cbA0wl02Ngmt3TbF5Tp66gqX2P9lYIbnEcA +zbEBc4ocaby2gib5KzqJldjyTKnLsWPDK/uMxPxX6nMha7bjF3djezTuvn2eQWZD +b2ccxNos/tN/dNgwEjmanx963vfZoGjLClD/DTktH2B0zWOlS8iWaGPioayS/XsA +wSZF5zCJzeimr9vJAgMBAAGjgdQwgdEwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU +Tc8o3KouldTCYNQHvW09ZBv9sW0wgaEGA1UdIwSBmTCBlqF+pHwwejELMAkGA1UE +BhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0GA1UECgwGSm95ZW50 +MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTIxIDAeBgkqhkiG9w0BCQEW +EXJ5QHRpbnljbG91ZHMub3JnghRsoeMhBMOB34RpWIz6SD/UwaqquzANBgkqhkiG +9w0BAQsFAAOCAQEAKtd7q+5123jVDzpydg4o3FO84u/1gzlkQ9gAc0q48/ePD/0g +GTeTLz3fODq84l0Nx0g2XbcnrnH/07dzykZokAI6TFhv9qioeMmZa5UhwLSFynXJ +tqP26jA2/dpofGrVV2up/dJ9nw/jmvsRTigvIjkPyofFyxyssNmUIOXgEB6szthQ +mg0VKqgcF3yPDFiSMNh7YnxKd6Rsw1uujtRR+dbkLJs3m0sk+MNra7+LIfqVU5Iv +UyieguUmYYtW9rWTjxVCEl84teryIFJK81GlX/wiq1Nx3DZj+DCSwJMdl5DDzvH8 +EnE1L+MapqCnP0eAmNdWwF5SVxfKUwtt6uPpYw== -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent10.pfx b/test/fixtures/keys/agent10.pfx index f1df772cbbee1b..fc6a9a20b1f7c1 100644 Binary files a/test/fixtures/keys/agent10.pfx and b/test/fixtures/keys/agent10.pfx differ diff --git a/test/fixtures/keys/agent3-cert.pem b/test/fixtures/keys/agent3-cert.pem index 9a2b16b19f3d87..e24a34c1bfd8e9 100644 --- a/test/fixtures/keys/agent3-cert.pem +++ b/test/fixtures/keys/agent3-cert.pem @@ -1,18 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIC9DCCAl0CCQCR8AZjYGnyoDANBgkqhkiG9w0BAQsFADB6MQswCQYDVQQGEwJV -UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAO -BgNVBAsMB05vZGUuanMxDDAKBgNVBAMMA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA -dGlueWNsb3Vkcy5vcmcwIBcNMjIwOTAzMTQ0NjUxWhgPMjI5NjA2MTcxNDQ2NTFa -MH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNV -BAoMBkpveWVudDEQMA4GA1UECwwHTm9kZS5qczEPMA0GA1UEAwwGYWdlbnQzMSAw -HgYJKoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMwdFX1RDh/WG1MyegBg2PqcmMSd3wKmO6QxSYpEdv2o -rhBJ8opfsdvMDvk66UfqBgMIryJhHWf1iznmAC2aT4hDYyKuqFuN7EDzHOWH7ta5 -E5+OXR/UvgYvsq5ptNKAUUbZ3MoOnQluEbNnJS0wqKSQWu1apnih8fUiqrTQjI/d -lnnN9A1aQwD2JMPy/GYD6bjx3psFcBjrPiSm/WuZxpcFg/r9cNW3mylEMMw2TUe2 -Wwaz92GfX6AbF/ENAS9DZSwz7UzVwaHzwv69TXTlskdvAvGA4j6FCvpbuTFNc03Y -YGUfnhO7WpiaS9lppj7UMAUOI0KLAIoYZYOCYarZeN0CAwEAATANBgkqhkiG9w0B -AQsFAAOBgQC3K2rmDobXHmAvKjQOndWY6xPUmmSzLPWr+WtFormgLG5UOiKAYa7K -ErG6aklZw2ZnYRSebotC+eVh1ZSuOdpFnLw36dt6XGe+ulp3jgc9nggTZGagCFB1 -yhgZ4y+7zx4u1t2oVqCbYn6mtw+AuwoszkdzHQqZIA42USnxUCLJPQ== +MIIDgDCCAmgCFHtnB1Iw05rTKjL+Xc+x+pXi6jGdMA0GCSqGSIb3DQEBCwUAMHox +CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoM +BkpveWVudDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZI +hvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzAgFw0yNDA4MjcyMjU4NDRaGA8yMjk4 +MDYxMTIyNTg0NFowfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQH +DAJTRjEPMA0GA1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQ8wDQYDVQQD +DAZhZ2VudDMxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB0VfVEOH9YbUzJ6AGDY+pyYxJ3f +AqY7pDFJikR2/aiuEEnyil+x28wO+TrpR+oGAwivImEdZ/WLOeYALZpPiENjIq6o +W43sQPMc5Yfu1rkTn45dH9S+Bi+yrmm00oBRRtncyg6dCW4Rs2clLTCopJBa7Vqm +eKHx9SKqtNCMj92Wec30DVpDAPYkw/L8ZgPpuPHemwVwGOs+JKb9a5nGlwWD+v1w +1bebKUQwzDZNR7ZbBrP3YZ9foBsX8Q0BL0NlLDPtTNXBofPC/r1NdOWyR28C8YDi +PoUK+lu5MU1zTdhgZR+eE7tamJpL2WmmPtQwBQ4jQosAihhlg4Jhqtl43QIDAQAB +MA0GCSqGSIb3DQEBCwUAA4IBAQAfxPLKKEifOSGFXXFEa1Z2DXTxOc9YeY3dTVYa +py/ATdwnKhGDHknYmnHSUBzgvqRZqoZrG04S1HuatAdCifNx+ts2qrx3AmOdYrMH +A6PYQIY8RVNKgEoel776FjCJta2ta2KNOkyrVwEhY7jgIgHcYIGwAgM0Gcq8j63R +IomOu0+FE9M6a+oU9Z0EZ646LU0GgMEz8cegxKwRoA+KKEQzmdwnblzWXqNWf+VC +nljA0ReLl484iBt1eMZQ9tGMvu2QW8v7k1nnyuRF6Zmfe+ELgAk3rHWGCcFqB5ri +tEjlIc055+AmBlbf6Ba5oVawjrowvd+3BtlM0cx60DmC425T -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent4-cert.pem b/test/fixtures/keys/agent4-cert.pem index 81989bf2ee8298..5792845c747447 100644 --- a/test/fixtures/keys/agent4-cert.pem +++ b/test/fixtures/keys/agent4-cert.pem @@ -1,19 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIDEjCCAnugAwIBAgIJAJHwBmNgafKeMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoMBkpveWVu -dDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZIhvcNAQkB -FhFyeUB0aW55Y2xvdWRzLm9yZzAgFw0yMjA5MDMxNDQ2NTFaGA8yMjk2MDYxNzE0 -NDY1MVowfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEP -MA0GA1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQ8wDQYDVQQDDAZhZ2Vu -dDQxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9loX+bQq2o1Sh+p2vfnNvDs/lvCexuKKWCst -/LZZyPhd6ywuUos0lxs0AN7B4cY54Aq0OUEfoX7oPBxS3rIuTdUwWcswz9Jg2PnU -EAvekJtFS78v77ORAqnegEyeQzpJ1i+MYZ/Ebnrp6m2Pt11UrvQpkSVofzerrZbx -SBBIRm2pianctaPuonL3tyV11kZb3i5YD9s0J+g3A51PfUCOB2umPnzDgeAAl97F -w/E+0bQu0C57Ej86AxEfSEnbj9l+ZKkDMuXQTZKVloY+Ec/6wj2m0/ABEsWN9h6q -Q0pb4oB15zFBpgCeRzWuRfL2tr96nGwYjQiM3dAzEkvSmDF3TwIDAQABoxcwFTAT -BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQB9szRHxchcB2qQ -+92InxIollN27xqUklcdNhlSqmH6MD1VOj2M3xwmRGzIroIx9da+A51k7h/QPsc9 -xMHrIRlRxb+/rJ2K6ayvwI2EPgduSjMfaor72CNRJ+/lsiRffo6weoBju1szAFgI -cSeYOOo8obGa7if3LvdzolXPue3dkg== +MIIEYzCCA0ugAwIBAgIUeDAG+o11vU6VBF7j7ALuBgnQQsIwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTIxIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTI0MDgyNzIyNTg0NFoY +DzIyOTgwNjExMjI1ODQ0WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJ +BgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAOBgNVBAsMB05vZGUuanMxDzAN +BgNVBAMMBmFnZW50NDEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2Whf5tCrajVKH6na9+c28 +Oz+W8J7G4opYKy38tlnI+F3rLC5SizSXGzQA3sHhxjngCrQ5QR+hfug8HFLesi5N +1TBZyzDP0mDY+dQQC96Qm0VLvy/vs5ECqd6ATJ5DOknWL4xhn8RueunqbY+3XVSu +9CmRJWh/N6utlvFIEEhGbamJqdy1o+6icve3JXXWRlveLlgP2zQn6DcDnU99QI4H +a6Y+fMOB4ACX3sXD8T7RtC7QLnsSPzoDER9ISduP2X5kqQMy5dBNkpWWhj4Rz/rC +PabT8AESxY32HqpDSlvigHXnMUGmAJ5HNa5F8va2v3qcbBiNCIzd0DMSS9KYMXdP +AgMBAAGjgdswgdgwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF1UHW4p +D6zk376eyKXCjPGn7HWKMIGhBgNVHSMEgZkwgZahfqR8MHoxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoMBkpveWVudDEQMA4G +A1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZIhvcNAQkBFhFyeUB0 +aW55Y2xvdWRzLm9yZ4IUbKHjIQTDgd+EaViM+kg/1MGqqrswDQYJKoZIhvcNAQEL +BQADggEBABgvOfGvXKVWIiPxTiQXcS76gwrxb7GdoW1WNrM/nqjqEl19gw/EopZi +RkRXyXE2NXHIrlr+b+QAIcIPNYhwWzMPzMIgwddlKjWVqZB+YOk8lbGJeCEBXQN2 +n6m2H4ILw83jg7XMeLr9hCRsn9ooC1EBzwN4N729lVya7V0zoFryBM/yYB5sTx/u +4xUBKC7XFZXTtDE2KuBq9b0PTV3jSNfhHfHLEOCp55i/H9MFz8cbk3kd+6aKYwDC +Lt09Y55fd3Bo1eTENNZ5FOgzFj2P50orIvSHHqIiYESegE3E7mzM08E4ek1ID5ub +SQU4LdYnC+Mo3MPoWJfQgiPLtxC3EyI= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent5-cert.pem b/test/fixtures/keys/agent5-cert.pem index a1edef0739c0c7..b5433405749cde 100644 --- a/test/fixtures/keys/agent5-cert.pem +++ b/test/fixtures/keys/agent5-cert.pem @@ -1,19 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIDCTCCAnKgAwIBAgIJAJHwBmNgafKhMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoMBkpveWVu -dDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZIhvcNAQkB -FhFyeUB0aW55Y2xvdWRzLm9yZzAgFw0yMjA5MDMxNDQ2NTJaGA8yMjk2MDYxNzE0 -NDY1MlowdDELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MREwDwYDVQQK -DAhUcmVzb3JpdDEWMBQGA1UEAwwNw4Fkw6FtIExpcHBhaTEnMCUGCSqGSIb3DQEJ -ARYYYWRhbS5saXBwYWlAdHJlc29yaXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA0oKK05Cl/JmoVBAMR/bbJ4EPYGdh3GCrppPKNcgqGtvnmmJ7 -CMKWLzb4FA4O43SD/P0u9jJZdkOTfpzNMk9wjrQvBeXxCiSVS0fjDb+9YDolIfjq -hs/9arPa2FKQJcWX/2/TgBndEw1NOvumwrktxlgRK8IxxF4/28ub5Y4Kqo3DFks/ -uicH+IInjkujLV9hu3XfPTme6mr/NmKPa6DV3fm2rib7hby5Kk7WFfsYTiMGxl6S -WhHuoyeqK4sFycL3ly8letX8D/Kfz27dx2zBOIbXADbK0afJCtLDOYIFBEhZAYhi -+NWBRlP9NQrd1vT1zS2/eBlvB6QqCTgoX6uXEQIDAQABoxcwFTATBgNVHSUEDDAK -BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQAQtX59XTk/vLNN/nqSECzhelMV -WBOvtjGnA4WK/jtFpOLwFPwSp/FOpGT1Gbi38NseEAhEKjy6J266F/ncMS+UJetu -zDn27MRwGEUx0ZZR4Z2g8bf10XAZSUmS7SpzSCovsCeQ9g6oH3PIMvzRCeSUwzfD -c6KyjtZ++jH3gz6FlA== +MIIEWjCCA0KgAwIBAgIUBy64GxzmlZKybD2k6yMMkhjvFoQwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTIxIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTI0MDgyNzIyNTg0NFoY +DzIyOTgwNjExMjI1ODQ0WjB0MQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBl +c3QxETAPBgNVBAoMCFRyZXNvcml0MRYwFAYDVQQDDA3DgWTDoW0gTGlwcGFpMScw +JQYJKoZIhvcNAQkBFhhhZGFtLmxpcHBhaUB0cmVzb3JpdC5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSgorTkKX8mahUEAxH9tsngQ9gZ2HcYKum +k8o1yCoa2+eaYnsIwpYvNvgUDg7jdIP8/S72Mll2Q5N+nM0yT3COtC8F5fEKJJVL +R+MNv71gOiUh+OqGz/1qs9rYUpAlxZf/b9OAGd0TDU06+6bCuS3GWBErwjHEXj/b +y5vljgqqjcMWSz+6Jwf4gieOS6MtX2G7dd89OZ7qav82Yo9roNXd+bauJvuFvLkq +TtYV+xhOIwbGXpJaEe6jJ6oriwXJwveXLyV61fwP8p/Pbt3HbME4htcANsrRp8kK +0sM5ggUESFkBiGL41YFGU/01Ct3W9PXNLb94GW8HpCoJOChfq5cRAgMBAAGjgdsw +gdgwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFI+g7kSaOiOaBhz+q3+3 +tpXdG2HtMIGhBgNVHSMEgZkwgZahfqR8MHoxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoMBkpveWVudDEQMA4GA1UECwwHTm9k +ZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRz +Lm9yZ4IUbKHjIQTDgd+EaViM+kg/1MGqqrswDQYJKoZIhvcNAQELBQADggEBAJmA +5ciG5btN3EgH7P5fcWS6SteEKAaSVlTSwsmEg+rKtCeUsVQZ0syMlVMfSwZQfWrq +dBsV1wFw61eX77HnvdoE0B5/Wj6DkjffOm3C7yzmxLo/507jN3mPzop3AMxdl9xC +sE3qEf1pNFJKyRBrc4UoD/lp0gfW4Zv6fbkZgttmynGWbyGtLyS76d/b6Wst7eRo +qkZODIi0wmJ9F8n+xWeJqRRruoqCGy3fr/NL1uCjrzXcRHOuKT8iCE0DnA9WaEs+ +hu5BxA4fZJZGYQTZREEALLUEOlpPFATt/Rel+OwNDCvYXfKaHfGLCmBxxKojzCcm +mhIiKquTKehJufrq/bY= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/ca2-cert.pem b/test/fixtures/keys/ca2-cert.pem index 0c72d6c64756fe..7ff23789d63eba 100644 --- a/test/fixtures/keys/ca2-cert.pem +++ b/test/fixtures/keys/ca2-cert.pem @@ -1,16 +1,21 @@ -----BEGIN CERTIFICATE----- -MIICbTCCAdYCCQDRrfgRk8tC1zANBgkqhkiG9w0BAQsFADB6MQswCQYDVQQGEwJV -UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAO -BgNVBAsMB05vZGUuanMxDDAKBgNVBAMMA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA -dGlueWNsb3Vkcy5vcmcwIBcNMTgxMTE2MTg0MjIwWhgPMjI5MjA4MzAxODQyMjBa -MHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNV -BAoMBkpveWVudDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJ -KoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAv61gNiLff+zxCdAwdzlVoucGu5L+LFFN9TXzcT3ZD8U1H6CiLp3Q -02IlbK1JRHwpJBXgYOFvMWd9LD6JiJgJsp61kpZShl2qZSUIfhzeExWH7kkuPHWC -IEkiP/aDp5wuqbFBkNUJu8opYr0E6/t9sIzl4IK7WNDXWgQvv8cqin8CAwEAATAN -BgkqhkiG9w0BAQsFAAOBgQB80WTJ9neA5yVaDVV+hZtOasLiZlUT8m49ImQMnInA -jdoAkxgySNOJP8IrsilleAGeHF+JPy042z8NZ5C+xL9REaB1/OaQ7+nwHP0O0f+l -kXHgZATQ3YVf6db5euK3R1mdO1Vv++R4Nu4NYBu0cmfMpdl/uKdYpXMjPVn21iB7 -5w== +MIIDfTCCAmUCFGyh4yEEw4HfhGlYjPpIP9TBqqq7MA0GCSqGSIb3DQEBCwUAMHox +CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoM +BkpveWVudDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZI +hvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzAgFw0yNDA4MjcyMjU4NDRaGA8yMjk4 +MDYxMTIyNTg0NFowejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQH +DAJTRjEPMA0GA1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQD +DANjYTIxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoq6k9bq0BgvZDesrfPPzYyA2PbxTA3hI +ziKAmglvuF1lbHVdG/7jOZV7JQpdViCRpcoO6uz1BmGnvd3UDS6Q/y/mkjE96E/y +O3h8gcn+CBzniKIYhB9QtrrVHDy5e/tOJGhGifLtver3iLf5kgiJPy4cGAD663oT +Vlzvo4U6E2j3vJw4l18pi9gpL7shU8QJka0/0F8BbhoaQK1ZqvD4p9bOMRDztfhZ +Gb5qJ+664bx80dck9a5UoLCid8tQIlOCnr9IrAwTPNpnk/xCC7nsbE0+CkMsI3+U +g+3gO0zApWy6DzSawYh6VVijFe6Q0N12duspxdpgt7Kk+8ejrAAOjwIDAQABMA0G +CSqGSIb3DQEBCwUAA4IBAQCSsx31ivZnnpAJqsF8yncin8kAvgy8YG1itguKO9sG +KQ5AIWpSRjhZjJ0JRMj2hxhoob2vZ68QbP8iEufByBJ7G1CkyHvBODaMSdydXWga +wBSKFpsiPt+Gj6rzb5yn0MuH577tWzVLi4C1KW8sFx9rtjDUHTqwf3i7/iuTA5Yo +yruWRmIXqFoIs3lnKC1f8CYmcZMT2hox8imQI8hIMjalB30WGrDudoqd67rDGWn7 +IKC12pRdgaADILx0vhdniieUwTq85r/6BaKFCJsZIaRd3aAoo3bl4qBA5Bt0uoCB +x6pEPQeypvU8qBmKKD+XQdY0Pf9Vh9Wq6g/iiw79IsY0 -----END CERTIFICATE----- diff --git a/test/fixtures/keys/ca2-crl.pem b/test/fixtures/keys/ca2-crl.pem index a07929b83d1e99..a5a9f5fb6f74ef 100644 --- a/test/fixtures/keys/ca2-crl.pem +++ b/test/fixtures/keys/ca2-crl.pem @@ -1,10 +1,14 @@ -----BEGIN X509 CRL----- -MIIBezCB5TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQGEwJVUzELMAkGA1UECAwC -Q0ExCzAJBgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAOBgNVBAsMB05vZGUu -anMxDDAKBgNVBAMMA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5v -cmcXDTIyMDkwMzE0NDY1MVoYDzIwNTAwMTE4MTQ0NjUxWjA4MBoCCQCR8AZjYGny -mhcNMTgxMTE2MTg0MjIwWjAaAgkAkfAGY2Bp8p4XDTIyMDkwMzE0NDY1MVowDQYJ -KoZIhvcNAQENBQADgYEAl59y/rB5YcIT5ySOwTfAzDFX3fZq1YPF8KF7Afqzx/x6 -b+1w511+tkixm0evIHtxlOrlFrAFBSFGMlrfKnmg5EopJ2w5yOR53ZqUwtNryZMC -WJTEN+DeXU8WdY+iEXXCmpGZhvheRwKyCcY5xHxvwbnb3UdF+IaqA0aIN1Sa3Oc= +MIICJDCCAQwwDQYJKoZIhvcNAQENBQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgM +AkNBMQswCQYDVQQHDAJTRjEPMA0GA1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2Rl +LmpzMQwwCgYDVQQDDANjYTIxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMu +b3JnFw0yNDA4MjcyMjU4NDRaGA8yMDUyMDExMjIyNTg0NFowXzAaAgkAkfAGY2Bp +8poXDTE4MTExNjE4NDIyMFowGgIJAJHwBmNgafKeFw0yMjA5MDMxNDQ2NTFaMCUC +FHgwBvqNdb1OlQRe4+wC7gYJ0ELCFw0yNDA4MjcyMjU4NDRaMA0GCSqGSIb3DQEB +DQUAA4IBAQCbkvSL9eK6ejgu9I8h7idZ6kgmIT0NdURz0UqAptlHAWgCb5Qr9mnm +2WJCh7J8ohYRb1x16iB0mhJbkc/A/n81oNNIrvCPOsuZqM75mIwFS+jqzJ0FgaiW +qCcXWZxmx+4e3jqtwOc+sCZN5E1thqvVkJEuWNdOOj4gsW3wWL/MDTu2G/MCbnQY +MV5Nq27ipebpdPRpxzpYpt9j44C+L1GmsiU0mxqFx3VH9WeeAreA1NQSIBXWGLPg +Xmgf3s6B0t2he4IuSQvU+R2gAPugaHYOVuV0qMdhPE9QC0BTi8g4EwpEoZIJ+Oqw +zCTkq36a+NiDV2p1HIT4STHfe616o5DD -----END X509 CRL----- diff --git a/test/fixtures/keys/ca2-database.txt b/test/fixtures/keys/ca2-database.txt index bd8668521055c7..3efd0b7af56ee5 100644 --- a/test/fixtures/keys/ca2-database.txt +++ b/test/fixtures/keys/ca2-database.txt @@ -1,2 +1,3 @@ R 22920830184220Z 181116184220Z 91F006636069F29A unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org R 22960617144651Z 220903144651Z 91F006636069F29E unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org +R 22980611225844Z 240827225844Z 783006FA8D75BD4E95045EE3EC02EE0609D042C2 unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org diff --git a/test/fixtures/keys/ca2-database.txt.old b/test/fixtures/keys/ca2-database.txt.old index 3981127cab0db4..bd8668521055c7 100644 --- a/test/fixtures/keys/ca2-database.txt.old +++ b/test/fixtures/keys/ca2-database.txt.old @@ -1 +1,2 @@ R 22920830184220Z 181116184220Z 91F006636069F29A unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org +R 22960617144651Z 220903144651Z 91F006636069F29E unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org diff --git a/test/fixtures/keys/ca2-key.pem b/test/fixtures/keys/ca2-key.pem index 2efd44d78c3b6a..e2aea23f18223f 100644 --- a/test/fixtures/keys/ca2-key.pem +++ b/test/fixtures/keys/ca2-key.pem @@ -1,18 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0/0Q5tLDQW0CAggA -MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHCRfosVTaMUBIICgHq2VKpOxq8W -+KZ7bVFuWx/gJvE1FAJokIZogK52LH3oEk9kMlEujwYAMovEew4lPMgAnyQh5Mbx -BXIm8Arww9hUZlRPuHmeQQuikbz/Sy5LVFbrzRsM0xGZxeWkpq3iKj3Z4W1OneRd -HAtBADAlID1a4r5f/BxiuNBGn5X54x66qbC94mJ2b02zHJJaRVd6OQM5iZURlcbi -N1E/LtQ3/I9qWqGYfiVCZf39ItxbrBkIEk65BbCackpDpVxzOfEbvC8RdBZcHxZm -8g4XZ6p1rCmzLi22l7usgEhd4QSMQyT9JTnMfM1QFzaqAVTqWr4ZFP108a2vH574 -T/HFKBkI+DEUsKQTLmYqZ05mg0wx80KGP/+1jOB1yx0tGnxCihGJVhqqGoFqgBSm -aqC5arQIZSUt2eN4OamakgU4iLzrKFb6bWGwTNUoHZNh4TsYz4CvFkPcM5tOyX+l -RoUyPAyfu348Z2IKBzUwYUfXJ5WFW2xq+RiOmlt4zF1Lym+aktEP6REQZYTGZZZx -l1YsvIUDd0pj5AJ3/PSTZN+VzkKz5lJdKEDEqpoOkEZnE/FL5VJHnRLOANyNf1zl -qZFgLGRZgZQwGkwj2hAF3auRJWJyvjuQW57v86F3U6XKKKejgBVb2ohMk7U6WW8B -wPtYyEa2zW1hSCLWhMEaek5Y2/2NX/dPryHNZ5XJ1UD0SGrPumN4lbErKDWGmAoK -jH6bpX/xVdmur2BwgGdqt6S1BW9B2F+cXz46UNiFKPYL49iBe13xM5EFKk9N9DL3 -HWPWrExlmi+p4PASL6cR5t9sDw8wUYp5cyC/M1RHDJPvjgBX987F17fI6GkNNToE -ZIbM6M/EuKg= +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQITamLkHox9jMCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIoxHzl7vHD+BIIEyEs0UE67+Yq5 +jEEvXy5nsAUOlJROurdaK5TCfR/PFiPmotRbS6dUdQrNRT2qicKjudYmVHlss5z7 +yCd9Q2WSpOClTDeuJ6uyGPkvRnWQOFKhzeAQ4I/pDdddQCw61MmZHC5BKVc9a/3J +AHJkQlXLXEb3O/Pc32YdUmFDpYB0VZMhWJdYripODX669miPu46W9E9Fz+9DaVkg +j+F+2jwkww310frsxMUhMAI/DFYQ+LemAwWpUxv7MCVGKpMV0QU0iUeSfhIvOcaC +zQy8tG5ftUtOLGgf53Ol8YFuTMwFx0+w6NxGtB7mskk9bNVitI7w1yWTS3SvCz6g +vyhRu9D4w4VRQEpvz0quooqlJFN9lpNBkNY1hDk0PymQ3mXQLQMXITlTwUb5tHHM +nJtOad1ztJLQBG7+28J1YVnm/e45hz8GgbaACBUZVIwW0z71AMsmo8JUXBncI874 +3xppj2CGCxrKAtz5ZDCotWk7FucdgAhHNsF/a6bIiOXULnMLFRQ0afYrZW4iEady +W5lXBpZvQzrsWZiq7X3EWjhlnfPl1sLo+Rc9OGFE6znMyR5xqgjJhcIP4tM6FOO5 +ko1MFCaA0qBpH66TredvooQL7cYSbhStCICc5XJpJw1beqIj5/No2NfI/viv0yIq +O9ebIzZ2muKuP21a72K0xjrquoO6JmFs6Fu4uytEDtAyQduBJ+xBma5KTDa9YjjG +bd5nGuEGpwQRnUPPoHDkZSqQ8IiBS5Pam2KIW5xReK3afUID8Dr01J/blk22lc+l +/fP2zSfVeJzxK0XscfZWlUu8d0LnRoOwUjpGhOLrQEXKMjxfGNzbuOXSJLsTAHu/ +nc2ozCmAMjjRb74E8GoNv8Sbo4L3/elT4IpKcWlhOb+mlJEz5oj6Z4qycAcfxwZz +m4BRhOTskJXBTwCAlOmTiz9IwzjEVeJ7nN6ayTFCMYHJlpmoEH7vOP0ovYL9TRKm +vWH5kzLCatQ7EBKMbaG/isCFw85ylmqbYth9wEBDq+vN9T+rNSM16uiTJXo8+Vo0 +hNPEfnqkdpCdTA0RgTpQHkjBx43ySzEtteEfNQyKLpHdHb12O8A3PdlL+u+0nq+l +Gx7LmwB2NJVmkRSac4Od1zt1EWMdRHik/VHaIayi16MLyWWo38pDlMVAzSfcMO9v +fFzKwxPTv+1y7R+2yaZwkD2VPzFy4DO2Wk5V31VAlxWmgebs7c5zcto5/MfHebAz +xurjZ0nq/ok3qjWsQSWOMxJcE8IE6JkBvv+o4v+klxuyjYxveUDSltyfOxgYlD8w +Cr0qGhshPCk5r/OSR3vfYTMMDNvaO4UTltNiyD4FpcWktSFuN+Sgurm0S1gSpj5e +4GZz5YjNYd7bR/YH9UwLp+IISGZ1CkpuTrnv7LP3DL4G5vmGx8+DvnVlQd1rL667 +fzIjtRKZTpo8fY8PMXzABzo2f8t7thpqXqRRKMWpz0VxuBrvsVjrHNLJma5J0+fv +O6ByHDzhEfZWhTDbHyKX1zq9cw9y6jHwyvSwxIBZ+w4i4UhI6xKy5t7OFEK2ESnS +vtRPMt92QXTS2soNe5/quQwKafMWaWdbQdPcuSacOOVcBpR5oeNPKJE4A3xtupBp +acjYoSoRCu1yxjWJRlLD9w== -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/fixtures/keys/ca4-cert.pem b/test/fixtures/keys/ca4-cert.pem index c38dcf9f72ef9f..b72dc9dbd6f564 100644 --- a/test/fixtures/keys/ca4-cert.pem +++ b/test/fixtures/keys/ca4-cert.pem @@ -1,19 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIDFzCCAoCgAwIBAgIJAJHwBmNgafKfMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDzANBgNVBAoMBkpveWVu -dDEQMA4GA1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2EyMSAwHgYJKoZIhvcNAQkB -FhFyeUB0aW55Y2xvdWRzLm9yZzAgFw0yMjA5MDMxNDQ2NTFaGA8yMjk2MDYxNzE0 -NDY1MVowgYgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0Yx -HzAdBgNVBAoMFlRoZSBOb2RlLmpzIEZvdW5kYXRpb24xEDAOBgNVBAsMB05vZGUu -anMxDDAKBgNVBAMMA2NhNDEeMBwGCSqGSIb3DQEJARYPY2E0QGV4YW1wbGUub3Jn -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HnUahyfA25t8kaziu0i -vVMkTWntm0pJ8oemeO7yCGaY4QHEwN+QUzrzO7y7ngl2Dt76eEvj0mrgaW8Ao7Ns -ePfp3663g8RrBsb4cR1da2Tc8kpXCqgwbcTlm8HI/7OAdHGA2YDLNv7iyVk9meHM -gYfO9dVgrZ7RxfnGwNMJdNjYJrd02xeU6euoKl9j/ZWCG5xHAM2xAXOKHGm8toIm -+Ss6iZXY8kypy7Fjwyv7jMT8V+pzIWu24xd3Y3s07r59nkFmQ29nHMTaLP7Tf3TY -MBI5mp8fet732aBoywpQ/w05LR9gdM1jpUvIlmhj4qGskv17AMEmRecwic3opq/b -yQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADsFOR+N -Bcm2FyHOutoFpQn70qAFg0xlO3NTH87uubbs6rf3LDrsskhjskfs6wpUk56IJOoU -H7+F7aDDtSrnxzxxC5eZeGyaN05T5N01OdK3xvqUnr7mg/Ce0jnxrZhxHI8SHOqs -Kwrg4fRasUHGhH286Y13xOj2pLSrVoSbkXsA +MIIEaDCCA1CgAwIBAgIUDxaIwCfB2vttbQL/LlnVg4mwMUAwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTIxIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTI0MDgyNzIyNTg0NFoY +DzIyOTgwNjExMjI1ODQ0WjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw +CQYDVQQHDAJTRjEfMB0GA1UECgwWVGhlIE5vZGUuanMgRm91bmRhdGlvbjEQMA4G +A1UECwwHTm9kZS5qczEMMAoGA1UEAwwDY2E0MR4wHAYJKoZIhvcNAQkBFg9jYTRA +ZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQedRq +HJ8Dbm3yRrOK7SK9UyRNae2bSknyh6Z47vIIZpjhAcTA35BTOvM7vLueCXYO3vp4 +S+PSauBpbwCjs2x49+nfrreDxGsGxvhxHV1rZNzySlcKqDBtxOWbwcj/s4B0cYDZ +gMs2/uLJWT2Z4cyBh8711WCtntHF+cbA0wl02Ngmt3TbF5Tp66gqX2P9lYIbnEcA +zbEBc4ocaby2gib5KzqJldjyTKnLsWPDK/uMxPxX6nMha7bjF3djezTuvn2eQWZD +b2ccxNos/tN/dNgwEjmanx963vfZoGjLClD/DTktH2B0zWOlS8iWaGPioayS/XsA +wSZF5zCJzeimr9vJAgMBAAGjgdQwgdEwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU +Tc8o3KouldTCYNQHvW09ZBv9sW0wgaEGA1UdIwSBmTCBlqF+pHwwejELMAkGA1UE +BhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0GA1UECgwGSm95ZW50 +MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTIxIDAeBgkqhkiG9w0BCQEW +EXJ5QHRpbnljbG91ZHMub3JnghRsoeMhBMOB34RpWIz6SD/UwaqquzANBgkqhkiG +9w0BAQsFAAOCAQEAKtd7q+5123jVDzpydg4o3FO84u/1gzlkQ9gAc0q48/ePD/0g +GTeTLz3fODq84l0Nx0g2XbcnrnH/07dzykZokAI6TFhv9qioeMmZa5UhwLSFynXJ +tqP26jA2/dpofGrVV2up/dJ9nw/jmvsRTigvIjkPyofFyxyssNmUIOXgEB6szthQ +mg0VKqgcF3yPDFiSMNh7YnxKd6Rsw1uujtRR+dbkLJs3m0sk+MNra7+LIfqVU5Iv +UyieguUmYYtW9rWTjxVCEl84teryIFJK81GlX/wiq1Nx3DZj+DCSwJMdl5DDzvH8 +EnE1L+MapqCnP0eAmNdWwF5SVxfKUwtt6uPpYw== -----END CERTIFICATE----- diff --git a/test/fixtures/keys/dh3072.pem b/test/fixtures/keys/dh3072.pem new file mode 100644 index 00000000000000..50e0533d891b8c --- /dev/null +++ b/test/fixtures/keys/dh3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEAmV6aZ8ADnmRQoF9aGlV1AmajCkoc2eEltua1KpGFrxM0cr99gcS9 +/zxTDo8ixwPoHBOOBD+9MN6KbSJ+61xvu9yQ2qt8HfNcUI7QZxdVQ4ZHCQM3Jw8h +BPHFgjpx8w/pteZ3+L42felUxbd8/qfDv+gKsfuxrm6Ht7zzKLfbX9oNdJwpxX7N +yGP3nNadYDM/ZmvmEY8xh2dwLHSMaAP1gxuWiitdYXX60Yg6EFgIotznqbdW075D +KccGTTseFx9gNbxYkW33qX/p5IAf3wRFmptiRWCol88NHTDqtQRs0nhVQ1R28tiL +rQhSJLHLSa4esF+whfC64oXECr2AtarcKWG+LX1dEWI4SXqurnBPiBoyqfVWHS4b +PVgR90LlBJoXqblhsVrd+CkJI7ULDJmSA/cpgCqXH6vSvhb40yr5rpU4vZz+zhHY +CTXVpH95JD35PiZOfQYhfDA4LGvfICPLIH7E8YL5v2F6Xxsf8trI5KiAs1S3TN8b +lsLV6og5VoPXAgEC +-----END DH PARAMETERS----- diff --git a/test/fixtures/keys/dh_private.pem b/test/fixtures/keys/dh_private.pem new file mode 100644 index 00000000000000..25c4edc5ea5a3b --- /dev/null +++ b/test/fixtures/keys/dh_private.pem @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBPgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAP//////////rfhUWKK7Spqv +3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT +3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId +8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu +Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD +/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C +AQIEHgIcKNGyhQRxIhVXoyktdymwbN6MgXv85vPax+8eqQ== +-----END PRIVATE KEY----- diff --git a/test/fixtures/keys/dh_public.pem b/test/fixtures/keys/dh_public.pem new file mode 100644 index 00000000000000..b32815e88acc8c --- /dev/null +++ b/test/fixtures/keys/dh_public.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICJTCCARcGCSqGSIb3DQEDATCCAQgCggEBAP//////////rfhUWKK7Spqv3FYg +Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V +1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih +Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n +Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb +TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQID +ggEGAAKCAQEA2whDVdYtNbr/isSFdw7rOSdbmcWrxiX6ppqDZ6yp8XjUj3/CEf/P +60X7HndX+nXD7YaPtVZxktkIpArI7C+AH7fZxBduuv2eLnvYwK82jFHKe7zvfdMr +26akMCV0kBA3ktgcftHlqYsIj52BaJlG37FRha3SDOL2yJOij3hNQhHCXTWLg7tP +GtXmD202OoZ6Ll+LxBzBCFnxVauiKnzBGeawy4gDycUEHmq5oDRR68I2gmxmsLg5 +MQVAP5ljp+FEu4+TZm6hR4wQ5PRjCQ+teq+VqMro7EbbvZpn+X9kAgKSl2WDu0fT +FbUnBn3HPBmUa/Fv/ooXrlckTUDjLkbWZQ== +-----END PUBLIC KEY----- diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index 3b738b7f47ec59..8ae0a002fec094 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -86,8 +86,9 @@ const crypto = require('crypto'); } { - const v = crypto.constants.OPENSSL_VERSION_NUMBER; - const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000); + // Error message was changed in OpenSSL 3.0.x from 3.0.12, and 3.1.x from 3.1.4. + const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 0)) || + (common.hasOpenSSL(3, 1, 4)); assert.throws(() => { dh3.computeSecret(''); }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ? diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js index 74c0ff53eb18b7..1d742c6801c233 100644 --- a/test/parallel/test-crypto-sign-verify.js +++ b/test/parallel/test-crypto-sign-verify.js @@ -774,3 +774,41 @@ assert.throws( }, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ }); } } + +{ + // Ed25519 and Ed448 must use the one-shot methods + const keys = [{ privateKey: fixtures.readKey('ed25519_private.pem', 'ascii'), + publicKey: fixtures.readKey('ed25519_public.pem', 'ascii') }, + { privateKey: fixtures.readKey('ed448_private.pem', 'ascii'), + publicKey: fixtures.readKey('ed448_public.pem', 'ascii') }]; + + for (const { publicKey, privateKey } of keys) { + assert.throws(() => { + crypto.createSign('SHA256').update('Test123').sign(privateKey); + }, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' }); + assert.throws(() => { + crypto.createVerify('SHA256').update('Test123').verify(privateKey, 'sig'); + }, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' }); + assert.throws(() => { + crypto.createVerify('SHA256').update('Test123').verify(publicKey, 'sig'); + }, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' }); + } +} + +{ + // Dh, x25519 and x448 should not be used for signing/verifying + // https://github.com/nodejs/node/issues/53742 + for (const algo of ['dh', 'x25519', 'x448']) { + const privateKey = fixtures.readKey(`${algo}_private.pem`, 'ascii'); + const publicKey = fixtures.readKey(`${algo}_public.pem`, 'ascii'); + assert.throws(() => { + crypto.createSign('SHA256').update('Test123').sign(privateKey); + }, { code: 'ERR_OSSL_EVP_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE', message: /operation not supported for this keytype/ }); + assert.throws(() => { + crypto.createVerify('SHA256').update('Test123').verify(privateKey, 'sig'); + }, { code: 'ERR_OSSL_EVP_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE', message: /operation not supported for this keytype/ }); + assert.throws(() => { + crypto.createVerify('SHA256').update('Test123').verify(publicKey, 'sig'); + }, { code: 'ERR_OSSL_EVP_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE', message: /operation not supported for this keytype/ }); + } +} diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js index bd86149bc5ac22..67680099da07f4 100644 --- a/test/parallel/test-tls-alert-handling.js +++ b/test/parallel/test-tls-alert-handling.js @@ -31,10 +31,17 @@ const max_iter = 20; let iter = 0; const errorHandler = common.mustCall((err) => { - assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER'); + let expectedErrorCode = 'ERR_SSL_WRONG_VERSION_NUMBER'; + let expectedErrorReason = 'wrong version number'; + if (common.hasOpenSSL(3, 2)) { + expectedErrorCode = 'ERR_SSL_PACKET_LENGTH_TOO_LONG'; + expectedErrorReason = 'packet length too long'; + } + + assert.strictEqual(err.code, expectedErrorCode); assert.strictEqual(err.library, 'SSL routines'); if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record'); - assert.strictEqual(err.reason, 'wrong version number'); + assert.strictEqual(err.reason, expectedErrorReason); errorReceived = true; if (canCloseServer()) server.close(); @@ -87,10 +94,16 @@ function sendBADTLSRecord() { }); })); client.on('error', common.mustCall((err) => { - assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION'); + let expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION'; + let expectedErrorReason = 'tlsv1 alert protocol version'; + if (common.hasOpenSSL(3, 2)) { + expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW'; + expectedErrorReason = 'tlsv1 alert record overflow'; + } + assert.strictEqual(err.code, expectedErrorCode); assert.strictEqual(err.library, 'SSL routines'); if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_read_bytes'); - assert.strictEqual(err.reason, 'tlsv1 alert protocol version'); + assert.strictEqual(err.reason, expectedErrorReason); })); } diff --git a/test/parallel/test-tls-cert-regression.js b/test/parallel/test-tls-cert-regression.js index 478402772eb0df..5dab23401302ed 100644 --- a/test/parallel/test-tls-cert-regression.js +++ b/test/parallel/test-tls-cert-regression.js @@ -21,52 +21,31 @@ 'use strict'; const common = require('../common'); +const fixtures = require('../common/fixtures'); +const assert = require('assert'); if (!common.hasCrypto) common.skip('missing crypto'); const tls = require('tls'); -const cert = -`-----BEGIN CERTIFICATE----- -MIIDNDCCAp2gAwIBAgIJAJvXLQpGPpm7MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAkdCMRAwDgYDVQQIEwdHd3luZWRkMREwDwYDVQQHEwhXYXVuZmF3cjEUMBIG -A1UEChMLQWNrbmFjayBMdGQxEjAQBgNVBAsTCVRlc3QgQ2VydDESMBAGA1UEAxMJ -bG9jYWxob3N0MB4XDTA5MTEwMjE5MzMwNVoXDTEwMTEwMjE5MzMwNVowcDELMAkG -A1UEBhMCR0IxEDAOBgNVBAgTB0d3eW5lZGQxETAPBgNVBAcTCFdhdW5mYXdyMRQw -EgYDVQQKEwtBY2tuYWNrIEx0ZDESMBAGA1UECxMJVGVzdCBDZXJ0MRIwEAYDVQQD -Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdym7nGe2yw -6LlJfJrQtC5TmKOGrSXiyolYCbGOy4xZI4KD31d3097jhlQFJyF+10gwkE62DuJe -fLvBZDUsvLe1R8bzlVhZnBVn+3QJyUIWQAL+DsRj8P3KoD7k363QN5dIaA1GOAg2 -vZcPy1HCUsvOgvDXGRUCZqNLAyt+h/cpAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4s -VBV4shKUj3UX/fvSJnFaaPBjMIGiBgNVHSMEgZowgZeAFK4sVBV4shKUj3UX/fvS -JnFaaPBjoXSkcjBwMQswCQYDVQQGEwJHQjEQMA4GA1UECBMHR3d5bmVkZDERMA8G -A1UEBxMIV2F1bmZhd3IxFDASBgNVBAoTC0Fja25hY2sgTHRkMRIwEAYDVQQLEwlU -ZXN0IENlcnQxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAJvXLQpGPpm7MAwGA1UdEwQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAFxR7BA1mUlsYqPiogtxSIfLzHWh+s0bJ -SBuhNrHes4U8QxS8+x/KWjd/81gzsf9J1C2VzTlFaydAgigz3SkQYgs+TMnFkT2o -9jqoJrcdf4WpZ2DQXUALaZgwNzPumMUSx8Ac5gO+BY/RHyP6fCodYvdNwyKslnI3 -US7eCSHZsVo= ------END CERTIFICATE-----`; +let key = fixtures.readKey('rsa_private.pem'); +let cert = fixtures.readKey('rsa_cert.crt'); -const key = -`-----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDXcpu5xntssOi5SXya0LQuU5ijhq0l4sqJWAmxjsuMWSOCg99X -d9Pe44ZUBSchftdIMJBOtg7iXny7wWQ1LLy3tUfG85VYWZwVZ/t0CclCFkAC/g7E -Y/D9yqA+5N+t0DeXSGgNRjgINr2XD8tRwlLLzoLw1xkVAmajSwMrfof3KQIDAQAB -AoGBAIBHR/tT93ce2mJAJAXV0AJpWc+7x2pwX2FpXtQujnlxNZhnRlrBCRCD7h4m -t0bVS/86kyGaesBDvAbavfx/N5keYzzmmSp5Ht8IPqKPydGWdigk4x90yWvktai7 -dWuRKF94FXr0GUuBONb/dfHdp4KBtzN7oIF9WydYGGXA9ZmBAkEA8/k01bfwQZIu -AgcdNEM94Zcug1gSspXtUu8exNQX4+PNVbadghZb1+OnUO4d3gvWfqvAnaXD3KV6 -N4OtUhQQ0QJBAOIRbKMfaymQ9yE3CQQxYfKmEhHXWARXVwuYqIFqjmhSjSXx0l/P -7mSHz1I9uDvxkJev8sQgu1TKIyTOdqPH1tkCQQDPa6H1yYoj1Un0Q2Qa2Mg1kTjk -Re6vkjPQ/KcmJEOjZjtekgFbZfLzmwLXFXqjG2FjFFaQMSxR3QYJSJQEYjbhAkEA -sy7OZcjcXnjZeEkv61Pc57/7qIp/6Aj2JGnefZ1gvI1Z9Q5kCa88rA/9Iplq8pA4 -ZBKAoDW1ZbJGAsFmxc/6mQJAdPilhci0qFN86IGmf+ZBnwsDflIwHKDaVofti4wQ -sPWhSOb9VQjMXekI4Y2l8fqAVTS2Fn6+8jkVKxXBywSVCw== ------END RSA PRIVATE KEY-----`; +// This test validates that we accept certificates and keys which +// do not end with a newline. If a newline exists at the end +// of the key or cert being used remove it +let i = 0; +while (key[key.length - 1 - i] === 0x0a) i++; +if (i !== 0) key = key.slice(0, key.length - i); + +i = 0; +while (cert[cert.length - 1 - i] === 0x0a) i++; +if (i !== 0) cert = cert.slice(0, cert.length - i); function test(cert, key, cb) { + assert.notStrictEqual(cert.at(-1), 0x0a); + assert.notStrictEqual(key.at(-1), 0x0a); const server = tls.createServer({ cert, key diff --git a/test/parallel/test-tls-client-auth.js b/test/parallel/test-tls-client-auth.js index 04756924e5e0e6..de4c8f038ec073 100644 --- a/test/parallel/test-tls-client-auth.js +++ b/test/parallel/test-tls-client-auth.js @@ -79,8 +79,10 @@ connect({ }, function(err, pair, cleanup) { assert.strictEqual(pair.server.err.code, 'ERR_SSL_PEER_DID_NOT_RETURN_A_CERTIFICATE'); + const expectedErr = common.hasOpenSSL(3, 2) ? + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; assert.strictEqual(pair.client.err.code, - 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'); + expectedErr); return cleanup(); }); diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js index 82ed1e27f49e6c..0bacd8702fc650 100644 --- a/test/parallel/test-tls-client-getephemeralkeyinfo.js +++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js @@ -67,11 +67,15 @@ function test(size, type, name, cipher) { })); } -test(undefined, undefined, undefined, 'AES128-SHA256'); -test('auto', 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); -test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); -test(2048, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); -test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES128-GCM-SHA256'); -test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256'); -test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256'); -test(448, 'ECDH', 'X448', 'ECDHE-RSA-AES128-GCM-SHA256'); +test(undefined, undefined, undefined, 'AES256-SHA256'); +test('auto', 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384'); +if (!common.hasOpenSSL(3, 2)) { + test(1024, 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384'); +} else { + test(3072, 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384'); +} +test(2048, 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384'); +test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES256-GCM-SHA384'); +test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES256-GCM-SHA384'); +test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES256-GCM-SHA384'); +test(448, 'ECDH', 'X448', 'ECDHE-RSA-AES256-GCM-SHA384'); diff --git a/test/parallel/test-tls-client-mindhsize.js b/test/parallel/test-tls-client-mindhsize.js index 92ac995936825d..2295f1f064f3ad 100644 --- a/test/parallel/test-tls-client-mindhsize.js +++ b/test/parallel/test-tls-client-mindhsize.js @@ -35,11 +35,12 @@ function test(size, err, next) { }); server.listen(0, function() { - // Client set minimum DH parameter size to 2048 bits so that - // it fails when it make a connection to the tls server where - // dhparams is 1024 bits + // Client set minimum DH parameter size to 2048 or 3072 bits + // so that it fails when it makes a connection to the tls + // server where is too small + const minDHSize = common.hasOpenSSL(3, 2) ? 3072 : 2048; const client = tls.connect({ - minDHSize: 2048, + minDHSize: minDHSize, port: this.address().port, rejectUnauthorized: false, maxVersion: 'TLSv1.2', @@ -60,16 +61,27 @@ function test(size, err, next) { // A client connection fails with an error when a client has an // 2048 bits minDHSize option and a server has 1024 bits dhparam function testDHE1024() { - test(1024, true, testDHE2048); + test(1024, true, testDHE2048(false, null)); +} + +// Test a client connection when a client has an +// 2048 bits minDHSize option +function testDHE2048(expect_to_fail, next) { + test(2048, expect_to_fail, next); } // A client connection successes when a client has an -// 2048 bits minDHSize option and a server has 2048 bits dhparam -function testDHE2048() { - test(2048, false, null); +// 3072 bits minDHSize option and a server has 3072 bits dhparam +function testDHE3072() { + test(3072, false, null); } -testDHE1024(); +if (common.hasOpenSSL(3, 2)) { + // Minimum size for OpenSSL 3.2 is 2048 by default + testDHE2048(true, testDHE3072); +} else { + testDHE1024(); +} assert.throws(() => test(512, true, common.mustNotCall()), /DH parameter is less than 1024 bits/); diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index 46779b09ff6b8f..21739ce42428eb 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -43,9 +43,12 @@ const dheCipher = 'DHE-RSA-AES128-SHA256'; const ecdheCipher = 'ECDHE-RSA-AES128-SHA256'; const ciphers = `${dheCipher}:${ecdheCipher}`; -// Test will emit a warning because the DH parameter size is < 2048 bits -common.expectWarning('SecurityWarning', - 'DH parameter is less than 2048 bits'); +if (!common.hasOpenSSL(3, 2)) { + // Test will emit a warning because the DH parameter size is < 2048 bits + // when the test is run on versions lower than OpenSSL32 + common.expectWarning('SecurityWarning', + 'DH parameter is less than 2048 bits'); +} function loadDHParam(n) { const keyname = `dh${n}.pem`; @@ -104,7 +107,11 @@ function testCustomParam(keylen, expectedCipher) { }, /DH parameter is less than 1024 bits/); // Custom DHE parameters are supported (but discouraged). - await testCustomParam(1024, dheCipher); + if (!common.hasOpenSSL(3, 2)) { + await testCustomParam(1024, dheCipher); + } else { + await testCustomParam(3072, dheCipher); + } await testCustomParam(2048, dheCipher); // Invalid DHE parameters are discarded. ECDHE remains enabled. diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js index 87219976a1ebda..3424e057bdef46 100644 --- a/test/parallel/test-tls-empty-sni-context.js +++ b/test/parallel/test-tls-empty-sni-context.js @@ -26,6 +26,8 @@ const server = tls.createServer(options, (c) => { }, common.mustNotCall()); c.on('error', common.mustCall((err) => { - assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'); + const expectedErr = common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; + assert.strictEqual(err.code, expectedErr); })); })); diff --git a/test/parallel/test-tls-enable-trace-cli.js b/test/parallel/test-tls-enable-trace-cli.js index 7b6f7e22397af6..634ce950dadef2 100644 --- a/test/parallel/test-tls-enable-trace-cli.js +++ b/test/parallel/test-tls-enable-trace-cli.js @@ -36,7 +36,7 @@ child.on('close', common.mustCall((code, signal) => { assert.strictEqual(signal, null); assert.strictEqual(stdout.trim(), ''); assert.match(stderr, /Warning: Enabling --trace-tls can expose sensitive/); - assert.match(stderr, /Sent Record/); + assert.match(stderr, /Sent (?:TLS )?Record/); })); function test() { diff --git a/test/parallel/test-tls-enable-trace.js b/test/parallel/test-tls-enable-trace.js index 9126f58ee17314..28c78e13371096 100644 --- a/test/parallel/test-tls-enable-trace.js +++ b/test/parallel/test-tls-enable-trace.js @@ -23,7 +23,7 @@ let stderr = ''; child.stderr.setEncoding('utf8'); child.stderr.on('data', (data) => stderr += data); child.on('close', common.mustCall(() => { - assert.match(stderr, /Received Record/); + assert.match(stderr, /Received (?:TLS )?Record/); assert.match(stderr, /ClientHello/); })); diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js index 2a234d59016c1c..4d5042d6e6beab 100644 --- a/test/parallel/test-tls-getcipher.js +++ b/test/parallel/test-tls-getcipher.js @@ -47,13 +47,13 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { tls.connect({ host: '127.0.0.1', port: this.address().port, - ciphers: 'AES128-SHA256', + ciphers: 'AES256-SHA256', rejectUnauthorized: false, maxVersion: 'TLSv1.2', }, common.mustCall(function() { const cipher = this.getCipher(); - assert.strictEqual(cipher.name, 'AES128-SHA256'); - assert.strictEqual(cipher.standardName, 'TLS_RSA_WITH_AES_128_CBC_SHA256'); + assert.strictEqual(cipher.name, 'AES256-SHA256'); + assert.strictEqual(cipher.standardName, 'TLS_RSA_WITH_AES_256_CBC_SHA256'); assert.strictEqual(cipher.version, 'TLSv1.2'); this.end(); })); @@ -62,14 +62,14 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { tls.connect({ host: '127.0.0.1', port: this.address().port, - ciphers: 'ECDHE-RSA-AES128-GCM-SHA256', + ciphers: 'ECDHE-RSA-AES256-GCM-SHA384', rejectUnauthorized: false, maxVersion: 'TLSv1.2', }, common.mustCall(function() { const cipher = this.getCipher(); - assert.strictEqual(cipher.name, 'ECDHE-RSA-AES128-GCM-SHA256'); + assert.strictEqual(cipher.name, 'ECDHE-RSA-AES256-GCM-SHA384'); assert.strictEqual(cipher.standardName, - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'); + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'); assert.strictEqual(cipher.version, 'TLSv1.2'); this.end(); })); @@ -78,19 +78,19 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { tls.createServer({ key: fixtures.readKey('agent2-key.pem'), cert: fixtures.readKey('agent2-cert.pem'), - ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256', + ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384', maxVersion: 'TLSv1.3', }, common.mustCall(function() { this.close(); })).listen(0, common.mustCall(function() { const client = tls.connect({ port: this.address().port, - ciphers: 'TLS_AES_128_CCM_8_SHA256', + ciphers: 'TLS_AES_256_GCM_SHA384', maxVersion: 'TLSv1.3', rejectUnauthorized: false }, common.mustCall(() => { const cipher = client.getCipher(); - assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256'); + assert.strictEqual(cipher.name, 'TLS_AES_256_GCM_SHA384'); assert.strictEqual(cipher.standardName, cipher.name); assert.strictEqual(cipher.version, 'TLSv1.3'); client.end(); diff --git a/test/parallel/test-tls-junk-closes-server.js b/test/parallel/test-tls-junk-closes-server.js index 06fa57267a9104..08c2d39c6844f6 100644 --- a/test/parallel/test-tls-junk-closes-server.js +++ b/test/parallel/test-tls-junk-closes-server.js @@ -39,6 +39,22 @@ const server = tls.createServer(options, common.mustNotCall()); server.listen(0, common.mustCall(function() { const c = net.createConnection(this.address().port); + c.on('data', function() { + // We must consume all data sent by the server. Otherwise the + // end event will not be sent and the test will hang. + // For example, when compiled with OpenSSL32 we see the + // following response '15 03 03 00 02 02 16' which + // decodes as a fatal (0x02) TLS error alert number 22 (0x16), + // which corresponds to TLS1_AD_RECORD_OVERFLOW which matches + // the error we see if NODE_DEBUG is turned on. + // Some earlier OpenSSL versions did not seem to send a response + // but the TLS spec seems to indicate there should be one + // https://datatracker.ietf.org/doc/html/rfc8446#page-85 + // and error handling seems to have been re-written/improved + // in OpenSSL32. Consuming the data allows the test to pass + // either way. + }); + c.on('connect', common.mustCall(function() { c.write('blah\nblah\nblah\n'); })); diff --git a/test/parallel/test-tls-junk-server.js b/test/parallel/test-tls-junk-server.js index 273fe9def4ecb4..2226ac93d283af 100644 --- a/test/parallel/test-tls-junk-server.js +++ b/test/parallel/test-tls-junk-server.js @@ -20,8 +20,12 @@ server.listen(0, function() { const req = https.request({ port: this.address().port }); req.end(); + let expectedErrorMessage = new RegExp('wrong version number'); + if (common.hasOpenSSL(3, 2)) { + expectedErrorMessage = new RegExp('packet length too long'); + } req.once('error', common.mustCall(function(err) { - assert(/wrong version number/.test(err.message)); + assert(expectedErrorMessage.test(err.message)); server.close(); })); }); diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js index cef6735032ea6e..2b49161df8326c 100644 --- a/test/parallel/test-tls-psk-circuit.js +++ b/test/parallel/test-tls-psk-circuit.js @@ -62,9 +62,11 @@ test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' }); test({ psk: USERS.UserB, identity: 'UserB' }); test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' }); // Unrecognized user should fail handshake -test({ psk: USERS.UserB, identity: 'UserC' }, {}, - 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'); +const expectedHandshakeErr = common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; +test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr); // Recognized user but incorrect secret should fail handshake -test({ psk: USERS.UserA, identity: 'UserB' }, {}, - 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'); +const expectedIllegalParameterErr = common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'; +test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr); test({ psk: USERS.UserB, identity: 'UserB' }); diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js index b66c419cf5f4d1..268a2af6344b59 100644 --- a/test/parallel/test-tls-set-ciphers.js +++ b/test/parallel/test-tls-set-ciphers.js @@ -79,6 +79,11 @@ function test(cciphers, sciphers, cipher, cerr, serr, options) { const U = undefined; +let expectedTLSAlertError = 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; +if (common.hasOpenSSL(3, 2)) { + expectedTLSAlertError = 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE'; +} + // Have shared ciphers. test(U, 'AES256-SHA', 'AES256-SHA'); test('AES256-SHA', U, 'AES256-SHA'); @@ -88,13 +93,13 @@ test('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384'); // Do not have shared ciphers. test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256', - U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); + U, expectedTLSAlertError, 'ERR_SSL_NO_SHARED_CIPHER'); -test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', +test('AES256-SHA', 'AES256-SHA256', U, expectedTLSAlertError, 'ERR_SSL_NO_SHARED_CIPHER'); -test('AES128-SHA:TLS_AES_256_GCM_SHA384', - 'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA', - U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); +test('AES256-SHA:TLS_AES_256_GCM_SHA384', + 'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA256', + U, expectedTLSAlertError, 'ERR_SSL_NO_SHARED_CIPHER'); // Cipher order ignored, TLS1.3 chosen before TLS1.2. test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384'); @@ -109,11 +114,15 @@ test(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' }) // TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by // default, but work. -test('TLS_AES_128_CCM_8_SHA256', U, - U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); - -test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256', - 'TLS_AES_128_CCM_8_SHA256'); +// However, for OpenSSL32 AES_128 is not enabled due to the +// default security level +if (!common.hasOpenSSL(3, 2)) { + test('TLS_AES_128_CCM_8_SHA256', U, + U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); + + test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256', + 'TLS_AES_128_CCM_8_SHA256'); +} // Invalid cipher values test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U); diff --git a/test/parallel/test-tls-set-sigalgs.js b/test/parallel/test-tls-set-sigalgs.js index 59dc2ca0c786cf..3f3d152f4d877e 100644 --- a/test/parallel/test-tls-set-sigalgs.js +++ b/test/parallel/test-tls-set-sigalgs.js @@ -9,13 +9,6 @@ const { assert, connect, keys } = require(fixtures.path('tls-connect')); -function assert_arrays_equal(left, right) { - assert.strictEqual(left.length, right.length); - for (let i = 0; i < left.length; i++) { - assert.strictEqual(left[i], right[i]); - } -} - function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) { assert(shared_sigalgs || serr || cerr, 'test missing any expectations'); connect({ @@ -43,16 +36,19 @@ function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) { assert.ifError(pair.client.err); assert(pair.server.conn); assert(pair.client.conn); - assert_arrays_equal(pair.server.conn.getSharedSigalgs(), shared_sigalgs); + assert.deepStrictEqual( + pair.server.conn.getSharedSigalgs(), + shared_sigalgs + ); } else { if (serr) { assert(pair.server.err); - assert(pair.server.err.code, serr); + assert.strictEqual(pair.server.err.code, serr); } if (cerr) { assert(pair.client.err); - assert(pair.client.err.code, cerr); + assert.strictEqual(pair.client.err.code, cerr); } } @@ -67,8 +63,12 @@ test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256', ['RSA-PSS+SHA256', 'ECDSA+SHA256']); // Do not have shared sigalgs. +const handshakeErr = common.hasOpenSSL(3, 2) ? + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; test('RSA-PSS+SHA384', 'ECDSA+SHA256', - undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS'); + undefined, handshakeErr, + 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS'); test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256', - undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS'); + undefined, handshakeErr, + 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS');