Package: nodejs
Version: 18.13.0+dfsg1-1
Severity: important
Tags: patch
The nodejs version in unstable FTBFS against openssl 3.1 due to the
testsuite. I had something working and then looked in the upstream git
and backported their against the packaging master-18.x branch. Hopefully
this makes less work for everyone. One patch is for upstream, one I made
myself.
Now I'm about to test this… But it looks promising ;)
Sebastian
From 85aa9556000424fcde6748bed969a01e864be266 Mon Sep 17 00:00:00 2001
From: OttoHollmann
Date: Thu, 1 Jun 2023 16:52:53 +0200
Subject: [PATCH 1/2] test: adapt tests for OpenSSL 3.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
PR-URL: https://github.com/nodejs/node/pull/47859
Reviewed-By: Tobias Nießen
Reviewed-By: Richard Lau
(cherry picked from commit 5f283722072e400234d3e15f1f2caa2ca2fd8d60)
Signed-off-by: Sebastian Andrzej Siewior
---
test/common/index.js | 6 +-
.../test-https-agent-session-eviction.js | 1 +
test/parallel/test-tls-alert.js | 1 +
test/parallel/test-tls-getprotocol.js| 16 +---
test/parallel/test-tls-min-max-version.js| 3 +++
test/parallel/test-tls-session-cache.js | 1 +
6 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/test/common/index.js b/test/common/index.js
index e0c6e7aa0c996..35c3eac6481b3 100644
--- a/test/common/index.js
+++ b/test/common/index.js
@@ -56,7 +56,10 @@ const hasCrypto = Boolean(process.versions.openssl) &&
!process.env.NODE_SKIP_CRYPTO;
const hasOpenSSL3 = hasCrypto &&
-require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368;
+require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x3000;
+
+const hasOpenSSL31 = hasCrypto &&
+require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x3010;
const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
@@ -899,6 +902,7 @@ const common = {
hasIntl,
hasCrypto,
hasOpenSSL3,
+ hasOpenSSL31,
hasQuic,
hasMultiLocalhost,
invalidArgTypeHelper,
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
index 940c43cc40bf1..36c360a96503d 100644
--- a/test/parallel/test-https-agent-session-eviction.js
+++ b/test/parallel/test-https-agent-session-eviction.js
@@ -54,6 +54,7 @@ function faultyServer(port) {
function second(server, session) {
const req = https.request({
port: server.address().port,
+ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
rejectUnauthorized: false
}, function(res) {
res.resume();
diff --git a/test/parallel/test-tls-alert.js b/test/parallel/test-tls-alert.js
index 31b07104c241a..04000771aa977 100644
--- a/test/parallel/test-tls-alert.js
+++ b/test/parallel/test-tls-alert.js
@@ -42,6 +42,7 @@ const server = tls.Server({
cert: loadPEM('agent2-cert')
}, null).listen(0, common.mustCall(() => {
const args = ['s_client', '-quiet', '-tls1_1',
+'-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
'-connect', `127.0.0.1:${server.address().port}`];
execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => {
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
index d45287d671d8a..7da2f60676d00 100644
--- a/test/parallel/test-tls-getprotocol.js
+++ b/test/parallel/test-tls-getprotocol.js
@@ -11,9 +11,18 @@ const tls = require('tls');
const fixtures = require('../common/fixtures');
const clientConfigs = [
- { secureProtocol: 'TLSv1_method', version: 'TLSv1' },
- { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1' },
- { secureProtocol: 'TLSv1_2_method', version: 'TLSv1.2' },
+ {
+secureProtocol: 'TLSv1_method',
+version: 'TLSv1',
+ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
+ }, {
+secureProtocol: 'TLSv1_1_method',
+version: 'TLSv1.1',
+ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
+ }, {
+secureProtocol: 'TLSv1_2_method',
+version: 'TLSv1.2'
+ },
];
const serverConfig = {
@@ -30,6 +39,7 @@ const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.leng
tls.connect({
host: common.localhostIPv4,
port: server.address().port,
+ ciphers: v.ciphers,
rejectUnauthorized: false,
secureProtocol: v.secureProtocol
}, common.mustCall(function() {
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
index 5cea41ca7e0bd..ab351558a4c8b 100644
--- a/test/parallel/test-tls-min-max-version.js
+++ b/test/parallel/test-tls-min-max-version.js
@@ -22,6 +22,9 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL')
ciphers = 'ALL@SECLEVEL=0';
}
+ if (common.hasOpenSSL31 && cerr ===