◐ Shell
clean mode source ↗

test: update tls junk data error expectations · nodejs/node@0b4e0d3

@@ -6,7 +6,6 @@ if (!common.hasCrypto) {

66

}

7788

const {

9-

hasOpenSSL,

109

hasOpenSSL3,

1110

} = require('../common/crypto');

1211

@@ -34,18 +33,15 @@ const max_iter = 20;

3433

let iter = 0;

35343635

const errorHandler = common.mustCall((err) => {

37-

let expectedErrorCode = 'ERR_SSL_WRONG_VERSION_NUMBER';

38-

let expectedErrorReason = /wrong[\s_]version[\s_]number/i;

39-

if (hasOpenSSL(3, 2)) {

40-

expectedErrorCode = 'ERR_SSL_PACKET_LENGTH_TOO_LONG';

41-

expectedErrorReason = /packet[\s_]length[\s_]too[\s_]long/i;

42-

};

43-44-

assert.strictEqual(err.code, expectedErrorCode);

36+

// Different OpenSSL versions report different errors for junk data on a

37+

// TLS connection, depending on which record validation check fires first.

38+

assert.match(err.code,

39+

/ERR_SSL_(WRONG_VERSION_NUMBER|PACKET_LENGTH_TOO_LONG|BAD_RECORD_TYPE)/);

4540

assert.strictEqual(err.library, 'SSL routines');

4641

if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)

4742

assert.strictEqual(err.function, 'ssl3_get_record');

48-

assert.match(err.reason, expectedErrorReason);

43+

assert.match(err.reason,

44+

/wrong[\s_]version[\s_]number|packet[\s_]length[\s_]too[\s_]long|bad[\s_]record[\s_]type/i);

4945

errorReceived = true;

5046

if (canCloseServer())

5147

server.close();

@@ -98,16 +94,14 @@ function sendBADTLSRecord() {

9894

});

9995

}));

10096

client.on('error', common.mustCall((err) => {

101-

let expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION';

102-

let expectedErrorReason = /tlsv1[\s_]alert[\s_]protocol[\s_]version/i;

103-

if (hasOpenSSL(3, 2)) {

104-

expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW';

105-

expectedErrorReason = /tlsv1[\s_]alert[\s_]record[\s_]overflow/i;

106-

}

107-

assert.strictEqual(err.code, expectedErrorCode);

97+

// Different OpenSSL versions send different TLS alerts when the peer

98+

// receives an invalid record on an established connection.

99+

assert.match(err.code,

100+

/ERR_SSL_(TLSV1_ALERT_PROTOCOL_VERSION|TLSV1_ALERT_RECORD_OVERFLOW|SSL\/TLS_ALERT_UNEXPECTED_MESSAGE)/);

108101

assert.strictEqual(err.library, 'SSL routines');

109102

if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)

110103

assert.strictEqual(err.function, 'ssl3_read_bytes');

111-

assert.match(err.reason, expectedErrorReason);

104+

assert.match(err.reason,

105+

/tlsv1[\s_]alert[\s_]protocol[\s_]version|tlsv1[\s_]alert[\s_]record[\s_]overflow|ssl\/tls[\s_]alert[\s_]unexpected[\s_]message/i);

112106

}));

113107

}