[PATCH] test: update tests for OpenSSL 3.0.14

Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed
to return an error reason string for bad/unknown application protocols.

Update tests to handle both the old `ECONNRESET` error on older versions
of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on
newer versions of OpenSSL.

Refs: https://github.com/openssl/openssl/pull/24338
PR-URL: https://github.com/nodejs/node/pull/53373
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Gbp-Pq: Topic build
Gbp-Pq: Name openssl-3.2.2-tests.patch

diff --git a/test/parallel/test-http2-https-fallback.js b/test/parallel/test-http2-https-fallback.js
index 8e0612375f4844685fc15c4552a7ccc8a78e103d..c75a4938425d6e18d5dbe80fb506bee42164c16a 100644 (file)
--- a/test/parallel/test-http2-https-fallback.js
+++ b/test/parallel/test-http2-https-fallback.js
@@ -151,7 +151,8 @@ function onSession(session, next) {
       // Incompatible ALPN TLS client
       tls(Object.assign({ port, ALPNProtocols: ['fake'] }, clientOptions))
         .on('error', common.mustCall((err) => {
-          strictEqual(err.code, 'ECONNRESET');
+          const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
+          ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);
           cleanup();
           testNoALPN();
         }));

diff --git a/test/parallel/test-http2-server-unknown-protocol.js b/test/parallel/test-http2-server-unknown-protocol.js
index b00ccc1b338e4758925bcf72dfaa7328f5c7116c..4a08f4552e62fd7f6ec1505cc5108fa0e0d1c28a 100644 (file)
--- a/test/parallel/test-http2-server-unknown-protocol.js
+++ b/test/parallel/test-http2-server-unknown-protocol.js
@@ -42,6 +42,7 @@ server.listen(0, function() {
     rejectUnauthorized: false,
     ALPNProtocols: ['bogus']
   }).on('error', common.mustCall((err) => {
-    assert.strictEqual(err.code, 'ECONNRESET');
+    const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
+    assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);
   }));
 });

diff --git a/test/parallel/test-tls-alpn-server-client.js b/test/parallel/test-tls-alpn-server-client.js
index a77c15b77ab254542ee6affb693b2255f41617e7..8f1a4b8e439aab5334b9269fe7892f6caa4ddb15 100644 (file)
--- a/test/parallel/test-tls-alpn-server-client.js
+++ b/test/parallel/test-tls-alpn-server-client.js
@@ -184,7 +184,8 @@ function TestFatalAlert() {
   server.listen(0, serverIP, common.mustCall(() => {
     const { port } = server.address();
 
-    // The Node.js client will just report ECONNRESET because the connection
+    // The Node.js client will just report ECONNRESET (older OpenSSL) or
+    // ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL because the connection
     // is severed before the TLS handshake completes.
     tls.connect({
       host: serverIP,
@@ -192,7 +193,8 @@ function TestFatalAlert() {
       rejectUnauthorized: false,
       ALPNProtocols: ['bar']
     }, common.mustNotCall()).on('error', common.mustCall((err) => {
-      assert.strictEqual(err.code, 'ECONNRESET');
+      const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
+      assert.ok(allowedErrors.includes(err.code), `'${err.code}' was not one of ${allowedErrors}.`);
 
       // OpenSSL's s_client should output the TLS alert number, which is 120
       // for the 'no_application_protocol' alert.
@@ -240,7 +242,8 @@ function TestALPNCallback() {
 
     // Callback picks 2nd preference => undefined => ALPN rejected:
     assert.strictEqual(results[1].server, undefined);
-    assert.strictEqual(results[1].client.error.code, 'ECONNRESET');
+    const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
+    assert.ok(allowedErrors.includes(results[1].client.error.code), `'${results[1].client.error.code}' was not one of ${allowedErrors}.`);
 
     TestBadALPNCallback();
   });
@@ -263,7 +266,8 @@ function TestBadALPNCallback() {
   runTest(clientsOptions, serverOptions, function(results) {
     // Callback returns 'http/5' => doesn't match client ALPN => error & reset
     assert.strictEqual(results[0].server, undefined);
-    assert.strictEqual(results[0].client.error.code, 'ECONNRESET');
+    const allowedErrors = ['ECONNRESET', 'ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL'];
+    assert.ok(allowedErrors.includes(results[0].client.error.code), `'${results[0].client.error.code}' was not one of ${allowedErrors}.`);
 
     TestALPNOptionsCallback();
   });