lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

gyp: build openssl-cli tool and use it in tests 

fix #6663
v0.11.10-release
Fedor Indutny 11 years ago
parent
153784b348
commit
6f3d60388e
13 changed files with 182 additions and 119 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 178
      deps/openssl/openssl.gyp
  2. 7
      node.gyp
  3. 2
      test/common.js
  4. 7
      test/pummel/test-https-ci-reneg-attack.js
  5. 7
      test/pummel/test-tls-ci-reneg-attack.js
  6. 24
      test/pummel/test-tls-securepair-client.js
  7. 10
      test/pummel/test-tls-session-timeout.js
  8. 7
      test/simple/test-tls-ecdh-disable.js
  9. 7
      test/simple/test-tls-ecdh.js
  10. 2
      test/simple/test-tls-securepair-server.js
  11. 2
      test/simple/test-tls-server-verify.js
  12. 41
      test/simple/test-tls-session-cache.js
  13. 7
      test/simple/test-tls-set-ciphers.js

178
deps/openssl/openssl.gyp
View File

@ -12,18 +12,6 @@
{
'target_name': 'openssl',
'type': '<(library)',
'defines': [
# No clue what these are for.
'L_ENDIAN',
'PURIFY',
'_REENTRANT',
# Heartbeat is a TLS extension, that couldn't be turned off or
# asked to be not advertised. Unfortunately this is unacceptable for
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
],
'sources': [
'openssl/ssl/bio_ssl.c',
'openssl/ssl/d1_both.c',
@ -935,32 +923,12 @@
]
}],
['OS=="win"', {
'defines': [
'MK1MF_BUILD',
'WIN32_LEAN_AND_MEAN'
],
'link_settings': {
'libraries': [
'-lgdi32.lib',
'-luser32.lib',
]
}
}, {
'defines': [
# ENGINESDIR must be defined if OPENSSLDIR is.
'ENGINESDIR="/dev/null"',
# Set to ubuntu default path for convenience. If necessary, override
# this at runtime with the SSL_CERT_DIR environment variable.
'OPENSSLDIR="/etc/ssl"',
'TERMIOS',
],
'cflags': ['-Wno-missing-field-initializers'],
}],
['is_clang==1 or gcc_version>=43', {
'cflags': ['-Wno-old-style-declaration'],
}],
['OS=="solaris"', {
'defines': ['__EXTENSIONS__'],
}],
['target_arch=="arm"', {
'sources': ['openssl/crypto/armcap.c'],
@ -981,7 +949,153 @@
'include_dirs': ['openssl/include'],
},
},
{
'target_name': 'openssl-cli',
'type': 'executable',
'dependencies': [
'openssl',
],
'defines': [
'MONOLITH',
],
'sources': [
'openssl/apps/app_rand.c',
'openssl/apps/apps.c',
'openssl/apps/asn1pars.c',
'openssl/apps/ca.c',
'openssl/apps/ciphers.c',
'openssl/apps/cms.c',
'openssl/apps/crl.c',
'openssl/apps/crl2p7.c',
'openssl/apps/dgst.c',
'openssl/apps/dh.c',
'openssl/apps/dhparam.c',
'openssl/apps/dsa.c',
'openssl/apps/dsaparam.c',
'openssl/apps/ec.c',
'openssl/apps/ecparam.c',
'openssl/apps/enc.c',
'openssl/apps/engine.c',
'openssl/apps/errstr.c',
'openssl/apps/gendh.c',
'openssl/apps/gendsa.c',
'openssl/apps/genpkey.c',
'openssl/apps/genrsa.c',
'openssl/apps/nseq.c',
'openssl/apps/ocsp.c',
'openssl/apps/openssl.c',
'openssl/apps/passwd.c',
'openssl/apps/pkcs12.c',
'openssl/apps/pkcs7.c',
'openssl/apps/pkcs8.c',
'openssl/apps/pkey.c',
'openssl/apps/pkeyparam.c',
'openssl/apps/pkeyutl.c',
'openssl/apps/prime.c',
'openssl/apps/rand.c',
'openssl/apps/req.c',
'openssl/apps/rsa.c',
'openssl/apps/rsautl.c',
'openssl/apps/s_cb.c',
'openssl/apps/s_client.c',
'openssl/apps/s_server.c',
'openssl/apps/s_socket.c',
'openssl/apps/s_time.c',
'openssl/apps/sess_id.c',
'openssl/apps/smime.c',
'openssl/apps/speed.c',
'openssl/apps/spkac.c',
'openssl/apps/srp.c',
'openssl/apps/ts.c',
'openssl/apps/verify.c',
'openssl/apps/version.c',
'openssl/apps/x509.c',
],
'conditions': [
['OS=="solaris"', {
'libraries': [
'-lsocket',
'-lnsl',
]
}],
['OS=="win"', {
'link_settings': {
'libraries': [
'-lws2_32.lib',
'-lgdi32.lib',
'-ladvapi32.lib',
'-lcrypt32.lib',
'-luser32.lib',
],
},
}]
]
}
],
'target_defaults': {
'include_dirs': [
'.',
'openssl',
'openssl/crypto',
'openssl/crypto/asn1',
'openssl/crypto/evp',
'openssl/crypto/md2',
'openssl/crypto/modes',
'openssl/crypto/store',
'openssl/include',
],
'defines': [
# No clue what these are for.
'L_ENDIAN',
'PURIFY',
'_REENTRANT',
# Heartbeat is a TLS extension, that couldn't be turned off or
# asked to be not advertised. Unfortunately this is unacceptable for
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
],
'conditions': [
['OS=="win"', {
'defines': [
'MK1MF_BUILD',
'WIN32_LEAN_AND_MEAN',
'OPENSSL_SYSNAME_WIN32',
],
}, {
'defines': [
# ENGINESDIR must be defined if OPENSSLDIR is.
'ENGINESDIR="/dev/null"',
'TERMIOS',
],
'cflags': ['-Wno-missing-field-initializers'],
'conditions': [
['OS=="mac"', {
'defines': [
# Set to ubuntu default path for convenience. If necessary,
# override this at runtime with the SSL_CERT_DIR environment
# variable.
'OPENSSLDIR="/System/Library/OpenSSL/"',
],
}, {
'defines': [
# Set to ubuntu default path for convenience. If necessary,
# override this at runtime with the SSL_CERT_DIR environment
# variable.
'OPENSSLDIR="/etc/ssl"',
],
}],
]
}],
['is_clang==1 or gcc_version>=43', {
'cflags': ['-Wno-old-style-declaration'],
}],
['OS=="solaris"', {
'defines': ['__EXTENSIONS__'],
}],
],
},
}
# Local Variables:

7
node.gyp
View File

@ -177,7 +177,12 @@
],
'conditions': [
[ 'node_shared_openssl=="false"', {
'dependencies': [ './deps/openssl/openssl.gyp:openssl' ],
'dependencies': [
'./deps/openssl/openssl.gyp:openssl',
# For tests
'./deps/openssl/openssl.gyp:openssl-cli'
],
}]]
}, {
'defines': [ 'HAVE_OPENSSL=0' ]

2
test/common.js
View File

@ -30,8 +30,10 @@ exports.PORT = +process.env.NODE_COMMON_PORT || 12346;
if (process.platform === 'win32') {
exports.PIPE = '\\\\.\\pipe\\libuv-test';
exports.opensslCli = path.join(process.execPath, '..', 'openssl-cli.exe');
} else {
exports.PIPE = exports.tmpDir + '/test.sock';
exports.opensslCli = path.join(process.execPath, '..', 'openssl-cli');
}
var util = require('util');

7
test/pummel/test-https-ci-reneg-attack.js
View File

@ -29,11 +29,6 @@ var fs = require('fs');
// renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16];
if (process.platform === 'win32') {
console.log('Skipping test, you probably don\'t have openssl installed.');
process.exit();
}
(function() {
var n = 0;
function next() {
@ -65,7 +60,7 @@ function test(next) {
server.listen(common.PORT, function() {
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
var child = spawn('openssl', args);
var child = spawn(common.opensslCli, args);
child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr);

7
test/pummel/test-tls-ci-reneg-attack.js
View File

@ -28,11 +28,6 @@ var fs = require('fs');
// renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16];
if (process.platform === 'win32') {
console.log('Skipping test, you probably don\'t have openssl installed.');
process.exit();
}
(function() {
var n = 0;
function next() {
@ -63,7 +58,7 @@ function test(next) {
server.listen(common.PORT, function() {
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
var child = spawn('openssl', args);
var child = spawn(common.opensslCli, args);
child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr);

24
test/pummel/test-tls-securepair-client.js
View File

@ -34,21 +34,7 @@ var tls = require('tls');
var exec = require('child_process').exec;
var spawn = require('child_process').spawn;
maybe(test1);
// There is a bug with 'openssl s_server' which makes it not flush certain
// important events to stdout when done over a pipe. Therefore we skip this
// test for all openssl versions less than 1.0.0.
function maybe(cb) {
exec('openssl version', function(err, data) {
if (err) throw err;
if (/OpenSSL 0\./.test(data)) {
console.error('Skipping due to old OpenSSL version.');
return;
}
cb();
});
}
test1();
// simple/test-tls-securepair-client
function test1() {
@ -81,10 +67,10 @@ function test(keyfn, certfn, check, next) {
certfn = join(common.fixturesDir, certfn);
var cert = fs.readFileSync(certfn).toString();
var server = spawn('openssl', ['s_server',
'-accept', PORT,
'-cert', certfn,
'-key', keyfn]);
var server = spawn(common.opensslCli, ['s_server',
'-accept', PORT,
'-cert', certfn,
'-key', keyfn]);
server.stdout.pipe(process.stdout);
server.stderr.pipe(process.stdout);

10
test/pummel/test-tls-session-timeout.js
View File

@ -23,13 +23,7 @@ if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.');
process.exit(0);
}
require('child_process').exec('openssl version', function(err) {
if (err !== null) {
console.error('Skipping because openssl command is not available.');
process.exit(0);
}
doTest();
});
doTest();
// This test consists of three TLS requests --
// * The first one should result in a new connection because we don't have
@ -83,7 +77,7 @@ function doTest() {
'-sess_in', sessionFileName,
'-sess_out', sessionFileName
];
var client = spawn('openssl', flags, {
var client = spawn(common.opensslCli, flags, {
stdio: ['ignore', 'pipe', 'ignore']
});

7
test/simple/test-tls-ecdh-disable.js
View File

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls');
var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -49,7 +44,7 @@ var server = tls.createServer(options, function(conn) {
});
server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers +
var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) {

7
test/simple/test-tls-ecdh.js
View File

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls');
var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -52,7 +47,7 @@ var server = tls.createServer(options, function(conn) {
});
server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers +
var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) {

2
test/simple/test-tls-securepair-server.js
View File

@ -115,7 +115,7 @@ var opensslExitCode = -1;
server.listen(common.PORT, function() {
// To test use: openssl s_client -connect localhost:8000
var client = spawn('openssl', ['s_client', '-connect', '127.0.0.1:' +
var client = spawn(common.opensslCli, ['s_client', '-connect', '127.0.0.1:' +
common.PORT]);

2
test/simple/test-tls-server-verify.js
View File

@ -198,7 +198,7 @@ function runClient(options, cb) {
}
// To test use: openssl s_client -connect localhost:8000
var client = spawn('openssl', args);
var client = spawn(common.opensslCli, args);
var out = '';

41
test/simple/test-tls-session-cache.js
View File

@ -23,15 +23,10 @@ if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.');
process.exit(0);
}
require('child_process').exec('openssl version', function(err) {
if (err !== null) {
console.error('Skipping because openssl command is not available.');
process.exit(0);
}
doTest({ tickets: false } , function() {
doTest({ tickets: true } , function() {
console.error('all done');
});
doTest({ tickets: false } , function() {
doTest({ tickets: true } , function() {
console.error('all done');
});
});
@ -56,7 +51,6 @@ function doTest(testOptions, callback) {
var requestCount = 0;
var resumeCount = 0;
var session;
var badOpenSSL = false;
var server = tls.createServer(options, function(cleartext) {
cleartext.on('error', function(er) {
@ -87,7 +81,7 @@ function doTest(testOptions, callback) {
}, 100);
});
server.listen(common.PORT, function() {
var client = spawn('openssl', [
var client = spawn(common.opensslCli, [
's_client',
'-tls1',
'-connect', 'localhost:' + common.PORT,
@ -104,12 +98,7 @@ function doTest(testOptions, callback) {
});
client.on('exit', function(code) {
console.error('done');
if (/^unknown option/.test(err)) {
// using an incompatible version of openssl
assert(code);
badOpenSSL = true;
} else
assert.equal(code, 0);
assert.equal(code, 0);
server.close(function() {
setTimeout(callback, 100);
});
@ -117,16 +106,14 @@ function doTest(testOptions, callback) {
});
process.on('exit', function() {
if (!badOpenSSL) {
if (testOptions.tickets) {
assert.equal(requestCount, 6);
assert.equal(resumeCount, 0);
} else {
// initial request + reconnect requests (5 times)
assert.ok(session);
assert.equal(requestCount, 6);
assert.equal(resumeCount, 5);
}
if (testOptions.tickets) {
assert.equal(requestCount, 6);
assert.equal(resumeCount, 0);
} else {
// initial request + reconnect requests (5 times)
assert.ok(session);
assert.equal(requestCount, 6);
assert.equal(resumeCount, 5);
}
});
}

7
test/simple/test-tls-set-ciphers.js
View File

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls');
var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -51,7 +46,7 @@ var server = tls.createServer(options, function(conn) {
});
server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers +
var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) {

Write Preview
Loading…
Cancel
Save