From 99bd1cf98b59776bdcf8b1537f8889e2cab17bb3 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Mon, 16 Sep 2024 16:20:00 +0000 Subject: [PATCH 1/2] test: update test to support OpenSSL32 Refs: https://github.com/nodejs/node/issues/53382 This test fails on OpenSSL32 because it complains the key being used is too short. It seems to have been missed when the test suite was udpated to have a Makefile to generate key material as the keys are hard coded in the test as opposed to being read in from the fixtures/key directory. Update the test to use keys/certs from the fixtures directory and to remove newlines at the end of the key and cert to retain the inteded test. Signed-off-by: Michael Dawson --- test/parallel/test-tls-cert-regression.js | 50 ++++++----------------- 1 file changed, 13 insertions(+), 37 deletions(-) diff --git a/test/parallel/test-tls-cert-regression.js b/test/parallel/test-tls-cert-regression.js index 478402772eb0df..38a9ce5f0bdc40 100644 --- a/test/parallel/test-tls-cert-regression.js +++ b/test/parallel/test-tls-cert-regression.js @@ -21,50 +21,26 @@ 'use strict'; const common = require('../common'); +const fixtures = require('../common/fixtures'); if (!common.hasCrypto) common.skip('missing crypto'); const tls = require('tls'); -const cert = -`-----BEGIN CERTIFICATE----- -MIIDNDCCAp2gAwIBAgIJAJvXLQpGPpm7MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAkdCMRAwDgYDVQQIEwdHd3luZWRkMREwDwYDVQQHEwhXYXVuZmF3cjEUMBIG -A1UEChMLQWNrbmFjayBMdGQxEjAQBgNVBAsTCVRlc3QgQ2VydDESMBAGA1UEAxMJ -bG9jYWxob3N0MB4XDTA5MTEwMjE5MzMwNVoXDTEwMTEwMjE5MzMwNVowcDELMAkG -A1UEBhMCR0IxEDAOBgNVBAgTB0d3eW5lZGQxETAPBgNVBAcTCFdhdW5mYXdyMRQw -EgYDVQQKEwtBY2tuYWNrIEx0ZDESMBAGA1UECxMJVGVzdCBDZXJ0MRIwEAYDVQQD -Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdym7nGe2yw -6LlJfJrQtC5TmKOGrSXiyolYCbGOy4xZI4KD31d3097jhlQFJyF+10gwkE62DuJe -fLvBZDUsvLe1R8bzlVhZnBVn+3QJyUIWQAL+DsRj8P3KoD7k363QN5dIaA1GOAg2 -vZcPy1HCUsvOgvDXGRUCZqNLAyt+h/cpAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4s -VBV4shKUj3UX/fvSJnFaaPBjMIGiBgNVHSMEgZowgZeAFK4sVBV4shKUj3UX/fvS -JnFaaPBjoXSkcjBwMQswCQYDVQQGEwJHQjEQMA4GA1UECBMHR3d5bmVkZDERMA8G -A1UEBxMIV2F1bmZhd3IxFDASBgNVBAoTC0Fja25hY2sgTHRkMRIwEAYDVQQLEwlU -ZXN0IENlcnQxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAJvXLQpGPpm7MAwGA1UdEwQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAFxR7BA1mUlsYqPiogtxSIfLzHWh+s0bJ -SBuhNrHes4U8QxS8+x/KWjd/81gzsf9J1C2VzTlFaydAgigz3SkQYgs+TMnFkT2o -9jqoJrcdf4WpZ2DQXUALaZgwNzPumMUSx8Ac5gO+BY/RHyP6fCodYvdNwyKslnI3 -US7eCSHZsVo= ------END CERTIFICATE-----`; +let key = fixtures.readKey('rsa_private.pem'); +let cert = fixtures.readKey('rsa_cert.crt'); -const key = -`-----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDXcpu5xntssOi5SXya0LQuU5ijhq0l4sqJWAmxjsuMWSOCg99X -d9Pe44ZUBSchftdIMJBOtg7iXny7wWQ1LLy3tUfG85VYWZwVZ/t0CclCFkAC/g7E -Y/D9yqA+5N+t0DeXSGgNRjgINr2XD8tRwlLLzoLw1xkVAmajSwMrfof3KQIDAQAB -AoGBAIBHR/tT93ce2mJAJAXV0AJpWc+7x2pwX2FpXtQujnlxNZhnRlrBCRCD7h4m -t0bVS/86kyGaesBDvAbavfx/N5keYzzmmSp5Ht8IPqKPydGWdigk4x90yWvktai7 -dWuRKF94FXr0GUuBONb/dfHdp4KBtzN7oIF9WydYGGXA9ZmBAkEA8/k01bfwQZIu -AgcdNEM94Zcug1gSspXtUu8exNQX4+PNVbadghZb1+OnUO4d3gvWfqvAnaXD3KV6 -N4OtUhQQ0QJBAOIRbKMfaymQ9yE3CQQxYfKmEhHXWARXVwuYqIFqjmhSjSXx0l/P -7mSHz1I9uDvxkJev8sQgu1TKIyTOdqPH1tkCQQDPa6H1yYoj1Un0Q2Qa2Mg1kTjk -Re6vkjPQ/KcmJEOjZjtekgFbZfLzmwLXFXqjG2FjFFaQMSxR3QYJSJQEYjbhAkEA -sy7OZcjcXnjZeEkv61Pc57/7qIp/6Aj2JGnefZ1gvI1Z9Q5kCa88rA/9Iplq8pA4 -ZBKAoDW1ZbJGAsFmxc/6mQJAdPilhci0qFN86IGmf+ZBnwsDflIwHKDaVofti4wQ -sPWhSOb9VQjMXekI4Y2l8fqAVTS2Fn6+8jkVKxXBywSVCw== ------END RSA PRIVATE KEY-----`; +// This test validates that we accept certificates and keys which +// do not end with a newline. If a newline exists at the end +// of the key or cert being used remove it +if (key[key.length - 1] === 0x0A) { + key = key.slice(0, key.length - 1); +} + +if (cert[cert.length - 1] === 0x0A) { + cert = cert.slice(0, cert.length - 1); +} function test(cert, key, cb) { const server = tls.createServer({ From a2373be597b2eecc365434a1cdd88a68c80e13d4 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Mon, 16 Sep 2024 19:54:18 +0000 Subject: [PATCH 2/2] sqauash: address review comments Signed-off-by: Michael Dawson --- test/parallel/test-tls-cert-regression.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/parallel/test-tls-cert-regression.js b/test/parallel/test-tls-cert-regression.js index 38a9ce5f0bdc40..c58998e594ba58 100644 --- a/test/parallel/test-tls-cert-regression.js +++ b/test/parallel/test-tls-cert-regression.js @@ -34,13 +34,13 @@ let cert = fixtures.readKey('rsa_cert.crt'); // This test validates that we accept certificates and keys which // do not end with a newline. If a newline exists at the end // of the key or cert being used remove it -if (key[key.length - 1] === 0x0A) { - key = key.slice(0, key.length - 1); -} +let i = 0; +while (key[key.length - 1 - i] === 0x0a) i++; +if (i !== 0) key = key.slice(0, key.length - i); -if (cert[cert.length - 1] === 0x0A) { - cert = cert.slice(0, cert.length - 1); -} +i = 0; +while (cert[cert.length - 1 - i] === 0x0a) i++; +if (i !== 0) cert = cert.slice(0, cert.length - i); function test(cert, key, cb) { const server = tls.createServer({