Bug#1052470: [Pkg-javascript-devel] Bug#1052470: nodejs: Please fix testsuite for openssl-3.1

2023-10-18 Thread Sebastian Andrzej Siewior 
On 2023-10-17 22:08:07 [+0200], Jérémy Lal wrote:
> I did not forget about this. Really sorry for the delay.
> Currently I'd be more willing to help someone maintain nodejs than doing it
> myself.
> However, I'll probably deal with the next 18.x update very soon, including
> your patch.

Thank you. I just uploaded m2crypto to delayed-5 queue which is the
other blocker. And I might be busy otherwise the next week and week
after so no need to rush ;)

> Jérémy

Sebastian

Bug#1052470: [Pkg-javascript-devel] Bug#1052470: nodejs: Please fix testsuite for openssl-3.1

2023-10-17 Thread Jérémy Lal 
Le mar. 17 oct. 2023 à 21:37, Sebastian Andrzej Siewior <
sebast...@breakpoint.cc> a écrit :

> On 2023-09-22 22:52:48 [+0200], Jérémy Lal wrote:
> > Thanks, will include it soon.
>
> Thanks. Any update on this?
> I added two patches. The first one is a cherry-pick from upstream, the
> second has been forwarded upstream via
> https://github.com/nodejs/node/pull/49885
>
> but upstream has no interest in applying it. So you could apply it and
> drop it after new openssl migrated to testing. Another option would be
> to binNMU later on, don't want to cause too much trouble here ;)


I did not forget about this. Really sorry for the delay.
Currently I'd be more willing to help someone maintain nodejs than doing it
myself.
However, I'll probably deal with the next 18.x update very soon, including
your patch.

Jérémy

Bug#1052470: [Pkg-javascript-devel] Bug#1052470: nodejs: Please fix testsuite for openssl-3.1

2023-10-17 Thread Sebastian Andrzej Siewior 
On 2023-09-22 22:52:48 [+0200], Jérémy Lal wrote:
> Thanks, will include it soon.

Thanks. Any update on this?
I added two patches. The first one is a cherry-pick from upstream, the
second has been forwarded upstream via
https://github.com/nodejs/node/pull/49885

but upstream has no interest in applying it. So you could apply it and
drop it after new openssl migrated to testing. Another option would be
to binNMU later on, don't want to cause too much trouble here ;)

Sebastian

Bug#1052470: [Pkg-javascript-devel] Bug#1052470: nodejs: Please fix testsuite for openssl-3.1

2023-09-22 Thread Jérémy Lal 
Le ven. 22 sept. 2023 à 22:18, Sebastian Andrzej Siewior <
sebast...@breakpoint.cc> a écrit :

> On 2023-09-22 17:59:51 [+0200], To sub...@bugs.debian.org wrote:
> > Now I'm about to test this… But it looks promising ;)
>
> Okay, builds.
>

Thanks, will include it soon.

Bug#1052470: nodejs: Please fix testsuite for openssl-3.1

2023-09-22 Thread Sebastian Andrzej Siewior 
On 2023-09-22 17:59:51 [+0200], To sub...@bugs.debian.org wrote:
> Now I'm about to test this… But it looks promising ;)

Okay, builds.

Sebastian

Bug#1052470: nodejs: Please fix testsuite for openssl-3.1

2023-09-22 Thread Sebastian Andrzej Siewior 
Package: nodejs
Version: 18.13.0+dfsg1-1
Severity: important
Tags: patch

The nodejs version in unstable FTBFS against openssl 3.1 due to the
testsuite. I had something working and then looked in the upstream git
and backported their against the packaging master-18.x branch. Hopefully
this makes less work for everyone. One patch is for upstream, one I made
myself.
Now I'm about to test this… But it looks promising ;)

Sebastian
From 85aa9556000424fcde6748bed969a01e864be266 Mon Sep 17 00:00:00 2001
From: OttoHollmann 
Date: Thu, 1 Jun 2023 16:52:53 +0200
Subject: [PATCH 1/2] test: adapt tests for OpenSSL 3.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/47859
Reviewed-By: Tobias Nießen 
Reviewed-By: Richard Lau 
(cherry picked from commit 5f283722072e400234d3e15f1f2caa2ca2fd8d60)
Signed-off-by: Sebastian Andrzej Siewior 
---
 test/common/index.js |  6 +-
 .../test-https-agent-session-eviction.js |  1 +
 test/parallel/test-tls-alert.js  |  1 +
 test/parallel/test-tls-getprotocol.js| 16 +---
 test/parallel/test-tls-min-max-version.js|  3 +++
 test/parallel/test-tls-session-cache.js  |  1 +
 6 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/test/common/index.js b/test/common/index.js
index e0c6e7aa0c996..35c3eac6481b3 100644
--- a/test/common/index.js
+++ b/test/common/index.js
@@ -56,7 +56,10 @@ const hasCrypto = Boolean(process.versions.openssl) &&
   !process.env.NODE_SKIP_CRYPTO;
 
 const hasOpenSSL3 = hasCrypto &&
-require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368;
+require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x3000;
+
+const hasOpenSSL31 = hasCrypto &&
+require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x3010;
 
 const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
 
@@ -899,6 +902,7 @@ const common = {
   hasIntl,
   hasCrypto,
   hasOpenSSL3,
+  hasOpenSSL31,
   hasQuic,
   hasMultiLocalhost,
   invalidArgTypeHelper,
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
index 940c43cc40bf1..36c360a96503d 100644
--- a/test/parallel/test-https-agent-session-eviction.js
+++ b/test/parallel/test-https-agent-session-eviction.js
@@ -54,6 +54,7 @@ function faultyServer(port) {
 function second(server, session) {
   const req = https.request({
 port: server.address().port,
+ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
 rejectUnauthorized: false
   }, function(res) {
 res.resume();
diff --git a/test/parallel/test-tls-alert.js b/test/parallel/test-tls-alert.js
index 31b07104c241a..04000771aa977 100644
--- a/test/parallel/test-tls-alert.js
+++ b/test/parallel/test-tls-alert.js
@@ -42,6 +42,7 @@ const server = tls.Server({
   cert: loadPEM('agent2-cert')
 }, null).listen(0, common.mustCall(() => {
   const args = ['s_client', '-quiet', '-tls1_1',
+'-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
 '-connect', `127.0.0.1:${server.address().port}`];
 
   execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => {
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
index d45287d671d8a..7da2f60676d00 100644
--- a/test/parallel/test-tls-getprotocol.js
+++ b/test/parallel/test-tls-getprotocol.js
@@ -11,9 +11,18 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');
 
 const clientConfigs = [
-  { secureProtocol: 'TLSv1_method', version: 'TLSv1' },
-  { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1' },
-  { secureProtocol: 'TLSv1_2_method', version: 'TLSv1.2' },
+  {
+secureProtocol: 'TLSv1_method',
+version: 'TLSv1',
+ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
+  }, {
+secureProtocol: 'TLSv1_1_method',
+version: 'TLSv1.1',
+ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
+  }, {
+secureProtocol: 'TLSv1_2_method',
+version: 'TLSv1.2'
+  },
 ];
 
 const serverConfig = {
@@ -30,6 +39,7 @@ const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.leng
 tls.connect({
   host: common.localhostIPv4,
   port: server.address().port,
+  ciphers: v.ciphers,
   rejectUnauthorized: false,
   secureProtocol: v.secureProtocol
 }, common.mustCall(function() {
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
index 5cea41ca7e0bd..ab351558a4c8b 100644
--- a/test/parallel/test-tls-min-max-version.js
+++ b/test/parallel/test-tls-min-max-version.js
@@ -22,6 +22,9 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
 if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL')
   ciphers = 'ALL@SECLEVEL=0';
   }
+  if (common.hasOpenSSL31 && cerr ===