lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

gyp: build openssl-cli tool and use it in tests 

fix #6663
v0.11.10-release
Fedor Indutny 11 years ago
parent
153784b348
commit
6f3d60388e
13 changed files with 182 additions and 119 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 178
      deps/openssl/openssl.gyp
  2. 7
      node.gyp
  3. 2
      test/common.js
  4. 7
      test/pummel/test-https-ci-reneg-attack.js
  5. 7
      test/pummel/test-tls-ci-reneg-attack.js
  6. 18
      test/pummel/test-tls-securepair-client.js
  7. 8
      test/pummel/test-tls-session-timeout.js
  8. 7
      test/simple/test-tls-ecdh-disable.js
  9. 7
      test/simple/test-tls-ecdh.js
  10. 2
      test/simple/test-tls-securepair-server.js
  11. 2
      test/simple/test-tls-server-verify.js
  12. 17
      test/simple/test-tls-session-cache.js
  13. 7
      test/simple/test-tls-set-ciphers.js

178
deps/openssl/openssl.gyp
View File

@ -12,18 +12,6 @@
{ {
'target_name': 'openssl', 'target_name': 'openssl',
'type': '<(library)', 'type': '<(library)',
'defines': [
# No clue what these are for.
'L_ENDIAN',
'PURIFY',
'_REENTRANT',
# Heartbeat is a TLS extension, that couldn't be turned off or
# asked to be not advertised. Unfortunately this is unacceptable for
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
],
'sources': [ 'sources': [
'openssl/ssl/bio_ssl.c', 'openssl/ssl/bio_ssl.c',
'openssl/ssl/d1_both.c', 'openssl/ssl/d1_both.c',
@ -935,32 +923,12 @@
] ]
}], }],
['OS=="win"', { ['OS=="win"', {
'defines': [
'MK1MF_BUILD',
'WIN32_LEAN_AND_MEAN'
],
'link_settings': { 'link_settings': {
'libraries': [ 'libraries': [
'-lgdi32.lib', '-lgdi32.lib',
'-luser32.lib', '-luser32.lib',
] ]
} }
}, {
'defines': [
# ENGINESDIR must be defined if OPENSSLDIR is.
'ENGINESDIR="/dev/null"',
# Set to ubuntu default path for convenience. If necessary, override
# this at runtime with the SSL_CERT_DIR environment variable.
'OPENSSLDIR="/etc/ssl"',
'TERMIOS',
],
'cflags': ['-Wno-missing-field-initializers'],
}],
['is_clang==1 or gcc_version>=43', {
'cflags': ['-Wno-old-style-declaration'],
}],
['OS=="solaris"', {
'defines': ['__EXTENSIONS__'],
}], }],
['target_arch=="arm"', { ['target_arch=="arm"', {
'sources': ['openssl/crypto/armcap.c'], 'sources': ['openssl/crypto/armcap.c'],
@ -981,7 +949,153 @@
'include_dirs': ['openssl/include'], 'include_dirs': ['openssl/include'],
}, },
}, },
{
'target_name': 'openssl-cli',
'type': 'executable',
'dependencies': [
'openssl',
],
'defines': [
'MONOLITH',
],
'sources': [
'openssl/apps/app_rand.c',
'openssl/apps/apps.c',
'openssl/apps/asn1pars.c',
'openssl/apps/ca.c',
'openssl/apps/ciphers.c',
'openssl/apps/cms.c',
'openssl/apps/crl.c',
'openssl/apps/crl2p7.c',
'openssl/apps/dgst.c',
'openssl/apps/dh.c',
'openssl/apps/dhparam.c',
'openssl/apps/dsa.c',
'openssl/apps/dsaparam.c',
'openssl/apps/ec.c',
'openssl/apps/ecparam.c',
'openssl/apps/enc.c',
'openssl/apps/engine.c',
'openssl/apps/errstr.c',
'openssl/apps/gendh.c',
'openssl/apps/gendsa.c',
'openssl/apps/genpkey.c',
'openssl/apps/genrsa.c',
'openssl/apps/nseq.c',
'openssl/apps/ocsp.c',
'openssl/apps/openssl.c',
'openssl/apps/passwd.c',
'openssl/apps/pkcs12.c',
'openssl/apps/pkcs7.c',
'openssl/apps/pkcs8.c',
'openssl/apps/pkey.c',
'openssl/apps/pkeyparam.c',
'openssl/apps/pkeyutl.c',
'openssl/apps/prime.c',
'openssl/apps/rand.c',
'openssl/apps/req.c',
'openssl/apps/rsa.c',
'openssl/apps/rsautl.c',
'openssl/apps/s_cb.c',
'openssl/apps/s_client.c',
'openssl/apps/s_server.c',
'openssl/apps/s_socket.c',
'openssl/apps/s_time.c',
'openssl/apps/sess_id.c',
'openssl/apps/smime.c',
'openssl/apps/speed.c',
'openssl/apps/spkac.c',
'openssl/apps/srp.c',
'openssl/apps/ts.c',
'openssl/apps/verify.c',
'openssl/apps/version.c',
'openssl/apps/x509.c',
],
'conditions': [
['OS=="solaris"', {
'libraries': [
'-lsocket',
'-lnsl',
]
}],
['OS=="win"', {
'link_settings': {
'libraries': [
'-lws2_32.lib',
'-lgdi32.lib',
'-ladvapi32.lib',
'-lcrypt32.lib',
'-luser32.lib',
],
},
}]
]
}
],
'target_defaults': {
'include_dirs': [
'.',
'openssl',
'openssl/crypto',
'openssl/crypto/asn1',
'openssl/crypto/evp',
'openssl/crypto/md2',
'openssl/crypto/modes',
'openssl/crypto/store',
'openssl/include',
],
'defines': [
# No clue what these are for.
'L_ENDIAN',
'PURIFY',
'_REENTRANT',
# Heartbeat is a TLS extension, that couldn't be turned off or
# asked to be not advertised. Unfortunately this is unacceptable for
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
],
'conditions': [
['OS=="win"', {
'defines': [
'MK1MF_BUILD',
'WIN32_LEAN_AND_MEAN',
'OPENSSL_SYSNAME_WIN32',
],
}, {
'defines': [
# ENGINESDIR must be defined if OPENSSLDIR is.
'ENGINESDIR="/dev/null"',
'TERMIOS',
],
'cflags': ['-Wno-missing-field-initializers'],
'conditions': [
['OS=="mac"', {
'defines': [
# Set to ubuntu default path for convenience. If necessary,
# override this at runtime with the SSL_CERT_DIR environment
# variable.
'OPENSSLDIR="/System/Library/OpenSSL/"',
],
}, {
'defines': [
# Set to ubuntu default path for convenience. If necessary,
# override this at runtime with the SSL_CERT_DIR environment
# variable.
'OPENSSLDIR="/etc/ssl"',
], ],
}],
]
}],
['is_clang==1 or gcc_version>=43', {
'cflags': ['-Wno-old-style-declaration'],
}],
['OS=="solaris"', {
'defines': ['__EXTENSIONS__'],
}],
],
},
} }
# Local Variables: # Local Variables:

7
node.gyp
View File

@ -177,7 +177,12 @@
], ],
'conditions': [ 'conditions': [
[ 'node_shared_openssl=="false"', { [ 'node_shared_openssl=="false"', {
'dependencies': [ './deps/openssl/openssl.gyp:openssl' ], 'dependencies': [
'./deps/openssl/openssl.gyp:openssl',
# For tests
'./deps/openssl/openssl.gyp:openssl-cli'
],
}]] }]]
}, { }, {
'defines': [ 'HAVE_OPENSSL=0' ] 'defines': [ 'HAVE_OPENSSL=0' ]

2
test/common.js
View File

@ -30,8 +30,10 @@ exports.PORT = +process.env.NODE_COMMON_PORT || 12346;
if (process.platform === 'win32') { if (process.platform === 'win32') {
exports.PIPE = '\\\\.\\pipe\\libuv-test'; exports.PIPE = '\\\\.\\pipe\\libuv-test';
exports.opensslCli = path.join(process.execPath, '..', 'openssl-cli.exe');
} else { } else {
exports.PIPE = exports.tmpDir + '/test.sock'; exports.PIPE = exports.tmpDir + '/test.sock';
exports.opensslCli = path.join(process.execPath, '..', 'openssl-cli');
} }
var util = require('util'); var util = require('util');

7
test/pummel/test-https-ci-reneg-attack.js
View File

@ -29,11 +29,6 @@ var fs = require('fs');
// renegotiation limits to test // renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16]; var LIMITS = [0, 1, 2, 3, 5, 10, 16];
if (process.platform === 'win32') {
console.log('Skipping test, you probably don\'t have openssl installed.');
process.exit();
}
(function() { (function() {
var n = 0; var n = 0;
function next() { function next() {
@ -65,7 +60,7 @@ function test(next) {
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' '); var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
var child = spawn('openssl', args); var child = spawn(common.opensslCli, args);
child.stdout.pipe(process.stdout); child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr); child.stderr.pipe(process.stderr);

7
test/pummel/test-tls-ci-reneg-attack.js
View File

@ -28,11 +28,6 @@ var fs = require('fs');
// renegotiation limits to test // renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16]; var LIMITS = [0, 1, 2, 3, 5, 10, 16];
if (process.platform === 'win32') {
console.log('Skipping test, you probably don\'t have openssl installed.');
process.exit();
}
(function() { (function() {
var n = 0; var n = 0;
function next() { function next() {
@ -63,7 +58,7 @@ function test(next) {
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' '); var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
var child = spawn('openssl', args); var child = spawn(common.opensslCli, args);
child.stdout.pipe(process.stdout); child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr); child.stderr.pipe(process.stderr);

18
test/pummel/test-tls-securepair-client.js
View File

@ -34,21 +34,7 @@ var tls = require('tls');
var exec = require('child_process').exec; var exec = require('child_process').exec;
var spawn = require('child_process').spawn; var spawn = require('child_process').spawn;
maybe(test1); test1();
// There is a bug with 'openssl s_server' which makes it not flush certain
// important events to stdout when done over a pipe. Therefore we skip this
// test for all openssl versions less than 1.0.0.
function maybe(cb) {
exec('openssl version', function(err, data) {
if (err) throw err;
if (/OpenSSL 0\./.test(data)) {
console.error('Skipping due to old OpenSSL version.');
return;
}
cb();
});
}
// simple/test-tls-securepair-client // simple/test-tls-securepair-client
function test1() { function test1() {
@ -81,7 +67,7 @@ function test(keyfn, certfn, check, next) {
certfn = join(common.fixturesDir, certfn); certfn = join(common.fixturesDir, certfn);
var cert = fs.readFileSync(certfn).toString(); var cert = fs.readFileSync(certfn).toString();
var server = spawn('openssl', ['s_server', var server = spawn(common.opensslCli, ['s_server',
'-accept', PORT, '-accept', PORT,
'-cert', certfn, '-cert', certfn,
'-key', keyfn]); '-key', keyfn]);

8
test/pummel/test-tls-session-timeout.js
View File

@ -23,13 +23,7 @@ if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.'); console.error('Skipping because node compiled without OpenSSL.');
process.exit(0); process.exit(0);
} }
require('child_process').exec('openssl version', function(err) {
if (err !== null) {
console.error('Skipping because openssl command is not available.');
process.exit(0);
}
doTest(); doTest();
});
// This test consists of three TLS requests -- // This test consists of three TLS requests --
// * The first one should result in a new connection because we don't have // * The first one should result in a new connection because we don't have
@ -83,7 +77,7 @@ function doTest() {
'-sess_in', sessionFileName, '-sess_in', sessionFileName,
'-sess_out', sessionFileName '-sess_out', sessionFileName
]; ];
var client = spawn('openssl', flags, { var client = spawn(common.opensslCli, flags, {
stdio: ['ignore', 'pipe', 'ignore'] stdio: ['ignore', 'pipe', 'ignore']
}); });

7
test/simple/test-tls-ecdh-disable.js
View File

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls'); var tls = require('tls');
var fs = require('fs'); var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = { var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -49,7 +44,7 @@ var server = tls.createServer(options, function(conn) {
}); });
server.listen(common.PORT, '127.0.0.1', function() { server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers + var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT; ' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) { exec(cmd, function(err, stdout, stderr) {

7
test/simple/test-tls-ecdh.js
View File

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls'); var tls = require('tls');
var fs = require('fs'); var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = { var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -52,7 +47,7 @@ var server = tls.createServer(options, function(conn) {
}); });
server.listen(common.PORT, '127.0.0.1', function() { server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers + var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT; ' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) { exec(cmd, function(err, stdout, stderr) {

2
test/simple/test-tls-securepair-server.js
View File

@ -115,7 +115,7 @@ var opensslExitCode = -1;
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
// To test use: openssl s_client -connect localhost:8000 // To test use: openssl s_client -connect localhost:8000
var client = spawn('openssl', ['s_client', '-connect', '127.0.0.1:' + var client = spawn(common.opensslCli, ['s_client', '-connect', '127.0.0.1:' +
common.PORT]); common.PORT]);

2
test/simple/test-tls-server-verify.js
View File

@ -198,7 +198,7 @@ function runClient(options, cb) {
} }
// To test use: openssl s_client -connect localhost:8000 // To test use: openssl s_client -connect localhost:8000
var client = spawn('openssl', args); var client = spawn(common.opensslCli, args);
var out = ''; var out = '';

17
test/simple/test-tls-session-cache.js
View File

@ -23,17 +23,12 @@ if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.'); console.error('Skipping because node compiled without OpenSSL.');
process.exit(0); process.exit(0);
} }
require('child_process').exec('openssl version', function(err) {
if (err !== null) {
console.error('Skipping because openssl command is not available.');
process.exit(0);
}
doTest({ tickets: false } , function() { doTest({ tickets: false } , function() {
doTest({ tickets: true } , function() { doTest({ tickets: true } , function() {
console.error('all done'); console.error('all done');
}); });
}); });
});
function doTest(testOptions, callback) { function doTest(testOptions, callback) {
var common = require('../common'); var common = require('../common');
@ -56,7 +51,6 @@ function doTest(testOptions, callback) {
var requestCount = 0; var requestCount = 0;
var resumeCount = 0; var resumeCount = 0;
var session; var session;
var badOpenSSL = false;
var server = tls.createServer(options, function(cleartext) { var server = tls.createServer(options, function(cleartext) {
cleartext.on('error', function(er) { cleartext.on('error', function(er) {
@ -87,7 +81,7 @@ function doTest(testOptions, callback) {
}, 100); }, 100);
}); });
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
var client = spawn('openssl', [ var client = spawn(common.opensslCli, [
's_client', 's_client',
'-tls1', '-tls1',
'-connect', 'localhost:' + common.PORT, '-connect', 'localhost:' + common.PORT,
@ -104,11 +98,6 @@ function doTest(testOptions, callback) {
}); });
client.on('exit', function(code) { client.on('exit', function(code) {
console.error('done'); console.error('done');
if (/^unknown option/.test(err)) {
// using an incompatible version of openssl
assert(code);
badOpenSSL = true;
} else
assert.equal(code, 0); assert.equal(code, 0);
server.close(function() { server.close(function() {
setTimeout(callback, 100); setTimeout(callback, 100);
@ -117,7 +106,6 @@ function doTest(testOptions, callback) {
}); });
process.on('exit', function() { process.on('exit', function() {
if (!badOpenSSL) {
if (testOptions.tickets) { if (testOptions.tickets) {
assert.equal(requestCount, 6); assert.equal(requestCount, 6);
assert.equal(resumeCount, 0); assert.equal(resumeCount, 0);
@ -127,6 +115,5 @@ function doTest(testOptions, callback) {
assert.equal(requestCount, 6); assert.equal(requestCount, 6);
assert.equal(resumeCount, 5); assert.equal(resumeCount, 5);
} }
}
}); });
} }

7
test/simple/test-tls-set-ciphers.js
View File

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls'); var tls = require('tls');
var fs = require('fs'); var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = { var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -51,7 +46,7 @@ var server = tls.createServer(options, function(conn) {
}); });
server.listen(common.PORT, '127.0.0.1', function() { server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers + var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT; ' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) { exec(cmd, function(err, stdout, stderr) {

Write Preview
Loading…
Cancel
Save