{
// Error message was changed in OpenSSL 3.0.x from 3.0.12, and 3.1.x from 3.1.4.
const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 0)) ||
- (common.hasOpenSSL(3, 1, 4));
+ (common.hasOpenSSL(3, 1, 4)) || (common.hasOpenSSL32);
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
}, bufferToEncrypt);
- if (padding === constants.RSA_PKCS1_PADDING) {
+ if (padding === constants.RSA_PKCS1_PADDING && !common.hasOpenSSL32) {
if (!process.config.variables.node_shared_openssl) {
assert.throws(() => {
crypto.privateDecrypt({
let iter = 0;
const errorHandler = common.mustCall((err) => {
- assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
+ assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_PACKET_LENGTH_TOO_LONG' : 'ERR_SSL_WRONG_VERSION_NUMBER');
assert.strictEqual(err.library, 'SSL routines');
if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
- assert.strictEqual(err.reason, 'wrong version number');
+ assert.strictEqual(err.reason, common.hasOpenSSL32 ? 'packet length too long' : 'wrong version number');
errorReceived = true;
if (canCloseServer())
server.close();
});
}));
client.on('error', common.mustCall((err) => {
- assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
+ assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW' : 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
assert.strictEqual(err.library, 'SSL routines');
if (!common.hasOpenSSL3)
assert.strictEqual(err.function, 'ssl3_read_bytes');
- assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
+ assert.strictEqual(err.reason, common.hasOpenSSL32 ? 'tlsv1 alert record overflow' : 'tlsv1 alert protocol version');
}));
}
assert.strictEqual(pair.server.err.code,
'ERR_SSL_PEER_DID_NOT_RETURN_A_CERTIFICATE');
assert.strictEqual(pair.client.err.code,
- 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+ common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
return cleanup();
});
tls.createServer({
key: fixtures.readKey('agent2-key.pem'),
cert: fixtures.readKey('agent2-cert.pem'),
- ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256',
+ ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384',
maxVersion: 'TLSv1.3',
}, common.mustCall(function() {
this.close();
})).listen(0, common.mustCall(function() {
const client = tls.connect({
port: this.address().port,
- ciphers: 'TLS_AES_128_CCM_8_SHA256',
+ ciphers: 'TLS_AES_256_GCM_SHA384',
maxVersion: 'TLSv1.3',
rejectUnauthorized: false
}, common.mustCall(() => {
const cipher = client.getCipher();
- assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
+ assert.strictEqual(cipher.name, 'TLS_AES_256_GCM_SHA384');
assert.strictEqual(cipher.standardName, cipher.name);
assert.strictEqual(cipher.version, 'TLSv1.3');
client.end();
if (!common.hasCrypto)
common.skip('missing crypto');
+if (common.hasOpenSSL32)
+ common.skip('openssl 3.2 does not throw');
+
const tls = require('tls');
const net = require('net');
req.end();
req.once('error', common.mustCall(function(err) {
- assert(/wrong version number/.test(err.message));
+ assert(/packet length too long/.test(err.message));
server.close();
}));
});
// Do not have shared ciphers.
test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
- U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+ U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
-test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
+test('AES128-SHA', 'AES256-SHA', U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
'ERR_SSL_NO_SHARED_CIPHER');
test('AES128-SHA:TLS_AES_256_GCM_SHA384',
'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
- U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+ U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
// Cipher order ignored, TLS1.3 chosen before TLS1.2.
test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
// TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
// default, but work.
-test('TLS_AES_128_CCM_8_SHA256', U,
- U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+// test('TLS_AES_128_CCM_8_SHA256', U,
+// U, common.hasOpenSSL32 ? 'ERR_SSL_NO_CIPHERS_AVAILABLE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
-test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
- 'TLS_AES_128_CCM_8_SHA256');
+//test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
+// 'TLS_AES_128_CCM_8_SHA256');
// Invalid cipher values
test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U);
test-tls-psk-client: PASS,FLAKY
test-tls-securepair-client: PASS,FLAKY
+# fails on arm64, armhf, loong64 since openssl32
+test-tls-session-timeout: PASS, FLAKY
+
[$system==win32]
# https://github.com/nodejs/node/issues/47116
test-http-max-sockets: PASS, FLAKY
projects / nodejs.git / commitdiff