Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 1a41c2c

Browse filesBrowse files
panvaaduh95
panva
authored and
aduh95
committed
test: update tls junk data error expectations
PR-URL: #62629 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
1 parent 578cf1c commit 1a41c2c
Copy full SHA for 1a41c2c

2 files changed

+16-24Lines changed: 16 additions & 24 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎test/parallel/test-tls-alert-handling.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-tls-alert-handling.js
+12-18Lines changed: 12 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ if (!common.hasCrypto) {
66
}
77

88
const {
9-
hasOpenSSL,
109
hasOpenSSL3,
1110
} = require('../common/crypto');
1211

@@ -34,18 +33,15 @@ const max_iter = 20;
3433
let iter = 0;
3534

3635
const errorHandler = common.mustCall((err) => {
37-
let expectedErrorCode = 'ERR_SSL_WRONG_VERSION_NUMBER';
38-
let expectedErrorReason = /wrong[\s_]version[\s_]number/i;
39-
if (hasOpenSSL(3, 2)) {
40-
expectedErrorCode = 'ERR_SSL_PACKET_LENGTH_TOO_LONG';
41-
expectedErrorReason = /packet[\s_]length[\s_]too[\s_]long/i;
42-
};
43-
44-
assert.strictEqual(err.code, expectedErrorCode);
36+
// Different OpenSSL versions report different errors for junk data on a
37+
// TLS connection, depending on which record validation check fires first.
38+
assert.match(err.code,
39+
/ERR_SSL_(WRONG_VERSION_NUMBER|PACKET_LENGTH_TOO_LONG|BAD_RECORD_TYPE)/);
4540
assert.strictEqual(err.library, 'SSL routines');
4641
if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
4742
assert.strictEqual(err.function, 'ssl3_get_record');
48-
assert.match(err.reason, expectedErrorReason);
43+
assert.match(err.reason,
44+
/wrong[\s_]version[\s_]number|packet[\s_]length[\s_]too[\s_]long|bad[\s_]record[\s_]type/i);
4945
errorReceived = true;
5046
if (canCloseServer())
5147
server.close();
@@ -98,16 +94,14 @@ function sendBADTLSRecord() {
9894
});
9995
}));
10096
client.on('error', common.mustCall((err) => {
101-
let expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION';
102-
let expectedErrorReason = /tlsv1[\s_]alert[\s_]protocol[\s_]version/i;
103-
if (hasOpenSSL(3, 2)) {
104-
expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW';
105-
expectedErrorReason = /tlsv1[\s_]alert[\s_]record[\s_]overflow/i;
106-
}
107-
assert.strictEqual(err.code, expectedErrorCode);
97+
// Different OpenSSL versions send different TLS alerts when the peer
98+
// receives an invalid record on an established connection.
99+
assert.match(err.code,
100+
/ERR_SSL_(TLSV1_ALERT_PROTOCOL_VERSION|TLSV1_ALERT_RECORD_OVERFLOW|SSL\/TLS_ALERT_UNEXPECTED_MESSAGE)/);
108101
assert.strictEqual(err.library, 'SSL routines');
109102
if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
110103
assert.strictEqual(err.function, 'ssl3_read_bytes');
111-
assert.match(err.reason, expectedErrorReason);
104+
assert.match(err.reason,
105+
/tlsv1[\s_]alert[\s_]protocol[\s_]version|tlsv1[\s_]alert[\s_]record[\s_]overflow|ssl\/tls[\s_]alert[\s_]unexpected[\s_]message/i);
112106
}));
113107
}
Collapse file

‎test/parallel/test-tls-junk-server.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-tls-junk-server.js
+4-6Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,6 @@ if (!common.hasCrypto) {
55
common.skip('missing crypto');
66
}
77

8-
const { hasOpenSSL } = require('../common/crypto');
9-
108
const assert = require('assert');
119
const https = require('https');
1210
const net = require('net');
@@ -23,10 +21,10 @@ server.listen(0, common.mustCall(function() {
2321
const req = https.request({ port: this.address().port });
2422
req.end();
2523

26-
let expectedErrorMessage = new RegExp('wrong version number');
27-
if (hasOpenSSL(3, 2)) {
28-
expectedErrorMessage = new RegExp('packet length too long');
29-
};
24+
// Different OpenSSL versions report different errors for junk data on a
25+
// TLS connection, depending on which record validation check fires first.
26+
const expectedErrorMessage =
27+
/wrong version number|packet length too long|bad record type/;
3028
req.once('error', common.mustCall(function(err) {
3129
assert.match(err.message, expectedErrorMessage);
3230
server.close();

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.