Skip to content

Commit e70a5e1

Browse files
sam-githubsam-github
committed
test: assert on client and server side seperately
This gets better coverage of the codes, and is more explicit. It also works around ordering differences in the errors produced by openssl. The approach was tested with 1.1.0 and 1.1.1, as well as TLSv1.2 vs TLSv1.3. OpenSSL 1.1.0 is relevant when node is built against a shared openssl.
1 parent d0390c5 commit e70a5e1

File tree

1 file changed

+69
-28
lines changed

1 file changed

+69
-28
lines changed

test/parallel/test-tls-min-max-version.js

Lines changed: 69 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,11 @@ const {
88
assert, connect, keys, tls
99
} = require(fixtures.path('tls-connect'));
1010
const DEFAULT_MIN_VERSION = tls.DEFAULT_MIN_VERSION;
11+
const DEFAULT_MAX_VERSION = tls.DEFAULT_MAX_VERSION;
1112

12-
function test(cmin, cmax, cprot, smin, smax, sprot, expect) {
13-
assert(expect);
13+
14+
function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
15+
assert(proto || cerr || serr, 'test missing any expectations');
1416
connect({
1517
client: {
1618
checkServerIdentity: (servername, cert) => { },
@@ -27,8 +29,20 @@ function test(cmin, cmax, cprot, smin, smax, sprot, expect) {
2729
secureProtocol: sprot,
2830
},
2931
}, common.mustCall((err, pair, cleanup) => {
30-
if (err) {
31-
assert.strictEqual(err.code, expect, err + '.code !== ' + expect);
32+
function u(_) { return _ === undefined ? 'U' : _; }
33+
console.log('test:', u(cmin), u(cmax), u(cprot), u(smin), u(smax), u(sprot),
34+
'expect', u(proto), u(cerr), u(serr));
35+
if (!proto) {
36+
console.log('client', pair.client.err ? pair.client.err.code : undefined);
37+
console.log('server', pair.server.err ? pair.server.err.code : undefined);
38+
if (cerr) {
39+
assert(pair.client.err);
40+
assert.strictEqual(pair.client.err.code, cerr);
41+
}
42+
if (serr) {
43+
assert(pair.server.err);
44+
assert.strictEqual(pair.server.err.code, serr);
45+
}
3246
return cleanup();
3347
}
3448

@@ -37,8 +51,8 @@ function test(cmin, cmax, cprot, smin, smax, sprot, expect) {
3751
assert.ifError(pair.client.err);
3852
assert(pair.server.conn);
3953
assert(pair.client.conn);
40-
assert.strictEqual(pair.client.conn.getProtocol(), expect);
41-
assert.strictEqual(pair.server.conn.getProtocol(), expect);
54+
assert.strictEqual(pair.client.conn.getProtocol(), proto);
55+
assert.strictEqual(pair.server.conn.getProtocol(), proto);
4256
return cleanup();
4357
}));
4458
}
@@ -49,22 +63,28 @@ const U = undefined;
4963
test(U, U, U, U, U, U, 'TLSv1.2');
5064

5165
// Insecure or invalid protocols cannot be enabled.
52-
test(U, U, U, U, U, 'SSLv2_method', 'ERR_TLS_INVALID_PROTOCOL_METHOD');
53-
test(U, U, U, U, U, 'SSLv3_method', 'ERR_TLS_INVALID_PROTOCOL_METHOD');
54-
test(U, U, 'SSLv2_method', U, U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
55-
test(U, U, 'SSLv3_method', U, U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
56-
test(U, U, 'hokey-pokey', U, U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
57-
test(U, U, U, U, U, 'hokey-pokey', 'ERR_TLS_INVALID_PROTOCOL_METHOD');
66+
test(U, U, U, U, U, 'SSLv2_method',
67+
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
68+
test(U, U, U, U, U, 'SSLv3_method',
69+
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
70+
test(U, U, 'SSLv2_method', U, U, U,
71+
U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
72+
test(U, U, 'SSLv3_method', U, U, U,
73+
U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
74+
test(U, U, 'hokey-pokey', U, U, U,
75+
U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
76+
test(U, U, U, U, U, 'hokey-pokey',
77+
U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD');
5878

5979
// Cannot use secureProtocol and min/max versions simultaneously.
6080
test(U, U, U, U, 'TLSv1.2', 'TLS1_2_method',
61-
'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
81+
U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
6282
test(U, U, U, 'TLSv1.2', U, 'TLS1_2_method',
63-
'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
83+
U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
6484
test(U, 'TLSv1.2', 'TLS1_2_method', U, U, U,
65-
'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
85+
U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
6686
test('TLSv1.2', U, 'TLS1_2_method', U, U, U,
67-
'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
87+
U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT');
6888

6989
// TLS_method means "any supported protocol".
7090
test(U, U, 'TLSv1_2_method', U, U, 'TLS_method', 'TLSv1.2');
@@ -79,18 +99,23 @@ test(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1');
7999
test(U, U, 'TLSv1_2_method', U, U, 'SSLv23_method', 'TLSv1.2');
80100

81101
if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
82-
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'ECONNRESET');
83-
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 'ECONNRESET');
102+
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
103+
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
104+
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
105+
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
84106
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
85-
'ERR_SSL_VERSION_TOO_LOW');
86-
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
107+
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
108+
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
109+
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
87110
}
88111

89112
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
90113
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1');
91-
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 'ECONNRESET');
114+
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
115+
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
92116
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
93-
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
117+
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
118+
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
94119
}
95120

96121
if (DEFAULT_MIN_VERSION === 'TLSv1') {
@@ -108,18 +133,34 @@ test(U, U, 'TLSv1_method', U, U, 'TLSv1_method', 'TLSv1');
108133

109134
// The default default.
110135
if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
111-
test(U, U, 'TLSv1_1_method', U, U, U, 'ECONNRESET');
112-
test(U, U, 'TLSv1_method', U, U, U, 'ECONNRESET');
113-
test(U, U, U, U, U, 'TLSv1_1_method', 'ERR_SSL_VERSION_TOO_LOW');
114-
test(U, U, U, U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
136+
test(U, U, 'TLSv1_1_method', U, U, U,
137+
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
138+
test(U, U, 'TLSv1_method', U, U, U,
139+
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
140+
141+
if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
142+
test(U, U, U, U, U, 'TLSv1_1_method',
143+
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
144+
test(U, U, U, U, U, 'TLSv1_method',
145+
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
146+
} else {
147+
assert(false, 'unreachable');
148+
}
115149
}
116150

117151
// The default with --tls-v1.1.
118152
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
119153
test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1');
120-
test(U, U, 'TLSv1_method', U, U, U, 'ECONNRESET');
154+
test(U, U, 'TLSv1_method', U, U, U,
155+
U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
121156
test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1');
122-
test(U, U, U, U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
157+
158+
if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
159+
test(U, U, U, U, U, 'TLSv1_method',
160+
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
161+
} else {
162+
assert(false, 'unreachable');
163+
}
123164
}
124165

125166
// The default with --tls-v1.0.

0 commit comments

Comments
 (0)