diff --git a/nodejs20.changes b/nodejs20.changes index df03674..72151e5 100644 --- a/nodejs20.changes +++ b/nodejs20.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu May 10 13:09:58 UTC 2023 - Otto Hollmann + +- Adapt tests for OpenSSL 3.1 [bsc#1209430] + * Add openssl3_1-adapt_tests.patch + ------------------------------------------------------------------- Thu May 4 13:26:26 UTC 2023 - Adam Majer - 20.1.0 diff --git a/nodejs20.spec b/nodejs20.spec index 9eddb01..99b290c 100644 --- a/nodejs20.spec +++ b/nodejs20.spec @@ -172,6 +172,7 @@ Patch200: versioned.patch Patch305: qemu_timeouts_arches.patch Patch308: node-gyp-config.patch Patch309: gcc13.patch +Patch310: openssl3_1-adapt_tests.patch BuildRequires: pkg-config BuildRequires: fdupes @@ -704,6 +705,7 @@ popd %patch305 -p1 %patch309 -p1 +%patch310 -p1 %if %{node_version_number} == 12 # minimist security update - patch50 diff --git a/openssl3_1-adapt_tests.patch b/openssl3_1-adapt_tests.patch new file mode 100644 index 0000000..416c0e6 --- /dev/null +++ b/openssl3_1-adapt_tests.patch @@ -0,0 +1,104 @@ +commit 33ee7a0221b1fad07639c3c8948ad322238a52ab +Author: Otto Hollmann +Date: Wed May 10 11:07:36 2023 +0200 + + test: Adapt tests for OpenSSL 3.1 + +diff --git a/test/common/index.js b/test/common/index.js +index f3caa9d1d4..a3e317d24b 100644 +--- a/test/common/index.js ++++ b/test/common/index.js +@@ -57,7 +57,10 @@ const hasCrypto = Boolean(process.versions.openssl) && + !process.env.NODE_SKIP_CRYPTO; + + const hasOpenSSL3 = hasCrypto && +- require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368; ++ require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000; ++ ++const hasOpenSSL31 = hasCrypto && ++ require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000; + + const hasQuic = hasCrypto && !!process.config.variables.openssl_quic; + +@@ -913,6 +916,7 @@ const common = { + hasIntl, + hasCrypto, + hasOpenSSL3, ++ hasOpenSSL31, + hasQuic, + hasMultiLocalhost, + invalidArgTypeHelper, +diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js +index 20cdb870a0..da56007105 100644 +--- a/test/parallel/test-https-agent-session-eviction.js ++++ b/test/parallel/test-https-agent-session-eviction.js +@@ -56,6 +56,7 @@ function faultyServer(port) { + function second(server, session) { + const req = https.request({ + port: server.address().port, ++ ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'), + rejectUnauthorized: false + }, function(res) { + res.resume(); +diff --git a/test/parallel/test-tls-alert.js b/test/parallel/test-tls-alert.js +index 31b07104c2..9e92ccca49 100644 +--- a/test/parallel/test-tls-alert.js ++++ b/test/parallel/test-tls-alert.js +@@ -41,7 +41,7 @@ const server = tls.Server({ + key: loadPEM('agent2-key'), + cert: loadPEM('agent2-cert') + }, null).listen(0, common.mustCall(() => { +- const args = ['s_client', '-quiet', '-tls1_1', ++ const args = ['s_client', '-quiet', '-tls1_1', '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'), + '-connect', `127.0.0.1:${server.address().port}`]; + + execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => { +diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js +index d45287d671..ee33200916 100644 +--- a/test/parallel/test-tls-getprotocol.js ++++ b/test/parallel/test-tls-getprotocol.js +@@ -11,8 +11,8 @@ const tls = require('tls'); + const fixtures = require('../common/fixtures'); + + const clientConfigs = [ +- { secureProtocol: 'TLSv1_method', version: 'TLSv1' }, +- { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1' }, ++ { secureProtocol: 'TLSv1_method', version: 'TLSv1', ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT') }, ++ { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1', ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT') }, + { secureProtocol: 'TLSv1_2_method', version: 'TLSv1.2' }, + ]; + +@@ -30,6 +30,7 @@ const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.leng + tls.connect({ + host: common.localhostIPv4, + port: server.address().port, ++ ciphers: v.ciphers, + rejectUnauthorized: false, + secureProtocol: v.secureProtocol + }, common.mustCall(function() { +diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js +index 5cea41ca7e..ab351558a4 100644 +--- a/test/parallel/test-tls-min-max-version.js ++++ b/test/parallel/test-tls-min-max-version.js +@@ -22,6 +22,9 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) { + if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL') + ciphers = 'ALL@SECLEVEL=0'; + } ++ if (common.hasOpenSSL31 && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') { ++ ciphers = 'DEFAULT@SECLEVEL=0'; ++ } + // Report where test was called from. Strip leading garbage from + // at Object. (file:line) + // from the stack location, we only want the file:line part. +diff --git a/test/parallel/test-tls-session-cache.js b/test/parallel/test-tls-session-cache.js +index c4bebff2e3..e4ecb53282 100644 +--- a/test/parallel/test-tls-session-cache.js ++++ b/test/parallel/test-tls-session-cache.js +@@ -100,6 +100,7 @@ function doTest(testOptions, callback) { + const args = [ + 's_client', + '-tls1', ++ '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'), + '-connect', `localhost:${this.address().port}`, + '-servername', 'ohgod', + '-key', fixtures.path('keys/rsa_private.pem'),