Skip to content

Cleanup old ssl code #28085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sam-github wants to merge 2 commits into from
Closed

Cleanup old ssl code #28085

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
147d5ed
src: remove TLS code for unsupported OpenSSLs
sam-github Jun 2, 2019
cd8cf1a
test: remove workaround for unsupported OpenSSLs
sam-github Jun 2, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
test: remove workaround for unsupported OpenSSLs 
Workaround added in d9b9229 is no longer needed, since OpenSSL
versions lower than 1.1.1 are unsupported.
  • Loading branch information
@sam-github
sam-github committed Jun 7, 2019
commit cd8cf1a3bdd06cbfe9590f29a429293af14e5f1c
42 changes: 7 additions & 35 deletions test/parallel/test-https-agent-session-eviction.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,8 @@ const { readKey } = require('../common/fixtures');
if (!common.hasCrypto)
common.skip('missing crypto');

const assert = require('assert');
const https = require('https');
const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =
require('crypto').constants;
const { SSL_OP_NO_TICKET } = require('crypto').constants;

const options = {
key: readKey('agent1-key.pem'),
Expand Down Expand Up @@ -60,38 +58,12 @@ function second(server, session) {
res.resume();
});

if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
// Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
// connection to the TLS 1.0 server should work.
req.on('response', common.mustCall(function(res) {
// The test is now complete for OpenSSL 1.1.0.
server.close();
}));
} else {
// OpenSSL 1.0.x mistakenly locked versions based on the session it was
// offering. This causes this sequent request to fail. Let it fail, but
// test that this is mitigated on the next try by invalidating the session.
req.on('error', common.mustCall(function(err) {
assert(/wrong version number/.test(err.message));

req.on('close', function() {
third(server);
});
}));
}
req.end();
}

// Try one more time - session should be evicted!
function third(server) {
const req = https.request({
port: server.address().port,
rejectUnauthorized: false
}, function(res) {
res.resume();
assert(!req.socket.isSessionReused());
// Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
// connection to the TLS 1.0 server should work.
req.on('response', common.mustCall(function(res) {
// The test is now complete for OpenSSL 1.1.0.
server.close();
});
req.on('error', common.mustNotCall());
}));

req.end();
}