Browse Source

gyp: build openssl-cli tool and use it in tests

fix #6663
v0.11.10-release
Fedor Indutny 11 years ago
parent
commit
6f3d60388e
  1. 178
      deps/openssl/openssl.gyp
  2. 7
      node.gyp
  3. 2
      test/common.js
  4. 7
      test/pummel/test-https-ci-reneg-attack.js
  5. 7
      test/pummel/test-tls-ci-reneg-attack.js
  6. 18
      test/pummel/test-tls-securepair-client.js
  7. 10
      test/pummel/test-tls-session-timeout.js
  8. 7
      test/simple/test-tls-ecdh-disable.js
  9. 7
      test/simple/test-tls-ecdh.js
  10. 2
      test/simple/test-tls-securepair-server.js
  11. 2
      test/simple/test-tls-server-verify.js
  12. 19
      test/simple/test-tls-session-cache.js
  13. 7
      test/simple/test-tls-set-ciphers.js

178
deps/openssl/openssl.gyp

@ -12,18 +12,6 @@
{ {
'target_name': 'openssl', 'target_name': 'openssl',
'type': '<(library)', 'type': '<(library)',
'defines': [
# No clue what these are for.
'L_ENDIAN',
'PURIFY',
'_REENTRANT',
# Heartbeat is a TLS extension, that couldn't be turned off or
# asked to be not advertised. Unfortunately this is unacceptable for
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
],
'sources': [ 'sources': [
'openssl/ssl/bio_ssl.c', 'openssl/ssl/bio_ssl.c',
'openssl/ssl/d1_both.c', 'openssl/ssl/d1_both.c',
@ -935,32 +923,12 @@
] ]
}], }],
['OS=="win"', { ['OS=="win"', {
'defines': [
'MK1MF_BUILD',
'WIN32_LEAN_AND_MEAN'
],
'link_settings': { 'link_settings': {
'libraries': [ 'libraries': [
'-lgdi32.lib', '-lgdi32.lib',
'-luser32.lib', '-luser32.lib',
] ]
} }
}, {
'defines': [
# ENGINESDIR must be defined if OPENSSLDIR is.
'ENGINESDIR="/dev/null"',
# Set to ubuntu default path for convenience. If necessary, override
# this at runtime with the SSL_CERT_DIR environment variable.
'OPENSSLDIR="/etc/ssl"',
'TERMIOS',
],
'cflags': ['-Wno-missing-field-initializers'],
}],
['is_clang==1 or gcc_version>=43', {
'cflags': ['-Wno-old-style-declaration'],
}],
['OS=="solaris"', {
'defines': ['__EXTENSIONS__'],
}], }],
['target_arch=="arm"', { ['target_arch=="arm"', {
'sources': ['openssl/crypto/armcap.c'], 'sources': ['openssl/crypto/armcap.c'],
@ -981,7 +949,153 @@
'include_dirs': ['openssl/include'], 'include_dirs': ['openssl/include'],
}, },
}, },
{
'target_name': 'openssl-cli',
'type': 'executable',
'dependencies': [
'openssl',
],
'defines': [
'MONOLITH',
],
'sources': [
'openssl/apps/app_rand.c',
'openssl/apps/apps.c',
'openssl/apps/asn1pars.c',
'openssl/apps/ca.c',
'openssl/apps/ciphers.c',
'openssl/apps/cms.c',
'openssl/apps/crl.c',
'openssl/apps/crl2p7.c',
'openssl/apps/dgst.c',
'openssl/apps/dh.c',
'openssl/apps/dhparam.c',
'openssl/apps/dsa.c',
'openssl/apps/dsaparam.c',
'openssl/apps/ec.c',
'openssl/apps/ecparam.c',
'openssl/apps/enc.c',
'openssl/apps/engine.c',
'openssl/apps/errstr.c',
'openssl/apps/gendh.c',
'openssl/apps/gendsa.c',
'openssl/apps/genpkey.c',
'openssl/apps/genrsa.c',
'openssl/apps/nseq.c',
'openssl/apps/ocsp.c',
'openssl/apps/openssl.c',
'openssl/apps/passwd.c',
'openssl/apps/pkcs12.c',
'openssl/apps/pkcs7.c',
'openssl/apps/pkcs8.c',
'openssl/apps/pkey.c',
'openssl/apps/pkeyparam.c',
'openssl/apps/pkeyutl.c',
'openssl/apps/prime.c',
'openssl/apps/rand.c',
'openssl/apps/req.c',
'openssl/apps/rsa.c',
'openssl/apps/rsautl.c',
'openssl/apps/s_cb.c',
'openssl/apps/s_client.c',
'openssl/apps/s_server.c',
'openssl/apps/s_socket.c',
'openssl/apps/s_time.c',
'openssl/apps/sess_id.c',
'openssl/apps/smime.c',
'openssl/apps/speed.c',
'openssl/apps/spkac.c',
'openssl/apps/srp.c',
'openssl/apps/ts.c',
'openssl/apps/verify.c',
'openssl/apps/version.c',
'openssl/apps/x509.c',
],
'conditions': [
['OS=="solaris"', {
'libraries': [
'-lsocket',
'-lnsl',
]
}],
['OS=="win"', {
'link_settings': {
'libraries': [
'-lws2_32.lib',
'-lgdi32.lib',
'-ladvapi32.lib',
'-lcrypt32.lib',
'-luser32.lib',
],
},
}]
]
}
],
'target_defaults': {
'include_dirs': [
'.',
'openssl',
'openssl/crypto',
'openssl/crypto/asn1',
'openssl/crypto/evp',
'openssl/crypto/md2',
'openssl/crypto/modes',
'openssl/crypto/store',
'openssl/include',
],
'defines': [
# No clue what these are for.
'L_ENDIAN',
'PURIFY',
'_REENTRANT',
# Heartbeat is a TLS extension, that couldn't be turned off or
# asked to be not advertised. Unfortunately this is unacceptable for
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
],
'conditions': [
['OS=="win"', {
'defines': [
'MK1MF_BUILD',
'WIN32_LEAN_AND_MEAN',
'OPENSSL_SYSNAME_WIN32',
],
}, {
'defines': [
# ENGINESDIR must be defined if OPENSSLDIR is.
'ENGINESDIR="/dev/null"',
'TERMIOS',
],
'cflags': ['-Wno-missing-field-initializers'],
'conditions': [
['OS=="mac"', {
'defines': [
# Set to ubuntu default path for convenience. If necessary,
# override this at runtime with the SSL_CERT_DIR environment
# variable.
'OPENSSLDIR="/System/Library/OpenSSL/"',
],
}, {
'defines': [
# Set to ubuntu default path for convenience. If necessary,
# override this at runtime with the SSL_CERT_DIR environment
# variable.
'OPENSSLDIR="/etc/ssl"',
], ],
}],
]
}],
['is_clang==1 or gcc_version>=43', {
'cflags': ['-Wno-old-style-declaration'],
}],
['OS=="solaris"', {
'defines': ['__EXTENSIONS__'],
}],
],
},
} }
# Local Variables: # Local Variables:

7
node.gyp

@ -177,7 +177,12 @@
], ],
'conditions': [ 'conditions': [
[ 'node_shared_openssl=="false"', { [ 'node_shared_openssl=="false"', {
'dependencies': [ './deps/openssl/openssl.gyp:openssl' ], 'dependencies': [
'./deps/openssl/openssl.gyp:openssl',
# For tests
'./deps/openssl/openssl.gyp:openssl-cli'
],
}]] }]]
}, { }, {
'defines': [ 'HAVE_OPENSSL=0' ] 'defines': [ 'HAVE_OPENSSL=0' ]

2
test/common.js

@ -30,8 +30,10 @@ exports.PORT = +process.env.NODE_COMMON_PORT || 12346;
if (process.platform === 'win32') { if (process.platform === 'win32') {
exports.PIPE = '\\\\.\\pipe\\libuv-test'; exports.PIPE = '\\\\.\\pipe\\libuv-test';
exports.opensslCli = path.join(process.execPath, '..', 'openssl-cli.exe');
} else { } else {
exports.PIPE = exports.tmpDir + '/test.sock'; exports.PIPE = exports.tmpDir + '/test.sock';
exports.opensslCli = path.join(process.execPath, '..', 'openssl-cli');
} }
var util = require('util'); var util = require('util');

7
test/pummel/test-https-ci-reneg-attack.js

@ -29,11 +29,6 @@ var fs = require('fs');
// renegotiation limits to test // renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16]; var LIMITS = [0, 1, 2, 3, 5, 10, 16];
if (process.platform === 'win32') {
console.log('Skipping test, you probably don\'t have openssl installed.');
process.exit();
}
(function() { (function() {
var n = 0; var n = 0;
function next() { function next() {
@ -65,7 +60,7 @@ function test(next) {
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' '); var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
var child = spawn('openssl', args); var child = spawn(common.opensslCli, args);
child.stdout.pipe(process.stdout); child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr); child.stderr.pipe(process.stderr);

7
test/pummel/test-tls-ci-reneg-attack.js

@ -28,11 +28,6 @@ var fs = require('fs');
// renegotiation limits to test // renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16]; var LIMITS = [0, 1, 2, 3, 5, 10, 16];
if (process.platform === 'win32') {
console.log('Skipping test, you probably don\'t have openssl installed.');
process.exit();
}
(function() { (function() {
var n = 0; var n = 0;
function next() { function next() {
@ -63,7 +58,7 @@ function test(next) {
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' '); var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
var child = spawn('openssl', args); var child = spawn(common.opensslCli, args);
child.stdout.pipe(process.stdout); child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr); child.stderr.pipe(process.stderr);

18
test/pummel/test-tls-securepair-client.js

@ -34,21 +34,7 @@ var tls = require('tls');
var exec = require('child_process').exec; var exec = require('child_process').exec;
var spawn = require('child_process').spawn; var spawn = require('child_process').spawn;
maybe(test1); test1();
// There is a bug with 'openssl s_server' which makes it not flush certain
// important events to stdout when done over a pipe. Therefore we skip this
// test for all openssl versions less than 1.0.0.
function maybe(cb) {
exec('openssl version', function(err, data) {
if (err) throw err;
if (/OpenSSL 0\./.test(data)) {
console.error('Skipping due to old OpenSSL version.');
return;
}
cb();
});
}
// simple/test-tls-securepair-client // simple/test-tls-securepair-client
function test1() { function test1() {
@ -81,7 +67,7 @@ function test(keyfn, certfn, check, next) {
certfn = join(common.fixturesDir, certfn); certfn = join(common.fixturesDir, certfn);
var cert = fs.readFileSync(certfn).toString(); var cert = fs.readFileSync(certfn).toString();
var server = spawn('openssl', ['s_server', var server = spawn(common.opensslCli, ['s_server',
'-accept', PORT, '-accept', PORT,
'-cert', certfn, '-cert', certfn,
'-key', keyfn]); '-key', keyfn]);

10
test/pummel/test-tls-session-timeout.js

@ -23,13 +23,7 @@ if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.'); console.error('Skipping because node compiled without OpenSSL.');
process.exit(0); process.exit(0);
} }
require('child_process').exec('openssl version', function(err) { doTest();
if (err !== null) {
console.error('Skipping because openssl command is not available.');
process.exit(0);
}
doTest();
});
// This test consists of three TLS requests -- // This test consists of three TLS requests --
// * The first one should result in a new connection because we don't have // * The first one should result in a new connection because we don't have
@ -83,7 +77,7 @@ function doTest() {
'-sess_in', sessionFileName, '-sess_in', sessionFileName,
'-sess_out', sessionFileName '-sess_out', sessionFileName
]; ];
var client = spawn('openssl', flags, { var client = spawn(common.opensslCli, flags, {
stdio: ['ignore', 'pipe', 'ignore'] stdio: ['ignore', 'pipe', 'ignore']
}); });

7
test/simple/test-tls-ecdh-disable.js

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls'); var tls = require('tls');
var fs = require('fs'); var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = { var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -49,7 +44,7 @@ var server = tls.createServer(options, function(conn) {
}); });
server.listen(common.PORT, '127.0.0.1', function() { server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers + var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT; ' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) { exec(cmd, function(err, stdout, stderr) {

7
test/simple/test-tls-ecdh.js

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls'); var tls = require('tls');
var fs = require('fs'); var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = { var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -52,7 +47,7 @@ var server = tls.createServer(options, function(conn) {
}); });
server.listen(common.PORT, '127.0.0.1', function() { server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers + var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT; ' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) { exec(cmd, function(err, stdout, stderr) {

2
test/simple/test-tls-securepair-server.js

@ -115,7 +115,7 @@ var opensslExitCode = -1;
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
// To test use: openssl s_client -connect localhost:8000 // To test use: openssl s_client -connect localhost:8000
var client = spawn('openssl', ['s_client', '-connect', '127.0.0.1:' + var client = spawn(common.opensslCli, ['s_client', '-connect', '127.0.0.1:' +
common.PORT]); common.PORT]);

2
test/simple/test-tls-server-verify.js

@ -198,7 +198,7 @@ function runClient(options, cb) {
} }
// To test use: openssl s_client -connect localhost:8000 // To test use: openssl s_client -connect localhost:8000
var client = spawn('openssl', args); var client = spawn(common.opensslCli, args);
var out = ''; var out = '';

19
test/simple/test-tls-session-cache.js

@ -23,16 +23,11 @@ if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.'); console.error('Skipping because node compiled without OpenSSL.');
process.exit(0); process.exit(0);
} }
require('child_process').exec('openssl version', function(err) {
if (err !== null) { doTest({ tickets: false } , function() {
console.error('Skipping because openssl command is not available.');
process.exit(0);
}
doTest({ tickets: false } , function() {
doTest({ tickets: true } , function() { doTest({ tickets: true } , function() {
console.error('all done'); console.error('all done');
}); });
});
}); });
function doTest(testOptions, callback) { function doTest(testOptions, callback) {
@ -56,7 +51,6 @@ function doTest(testOptions, callback) {
var requestCount = 0; var requestCount = 0;
var resumeCount = 0; var resumeCount = 0;
var session; var session;
var badOpenSSL = false;
var server = tls.createServer(options, function(cleartext) { var server = tls.createServer(options, function(cleartext) {
cleartext.on('error', function(er) { cleartext.on('error', function(er) {
@ -87,7 +81,7 @@ function doTest(testOptions, callback) {
}, 100); }, 100);
}); });
server.listen(common.PORT, function() { server.listen(common.PORT, function() {
var client = spawn('openssl', [ var client = spawn(common.opensslCli, [
's_client', 's_client',
'-tls1', '-tls1',
'-connect', 'localhost:' + common.PORT, '-connect', 'localhost:' + common.PORT,
@ -104,11 +98,6 @@ function doTest(testOptions, callback) {
}); });
client.on('exit', function(code) { client.on('exit', function(code) {
console.error('done'); console.error('done');
if (/^unknown option/.test(err)) {
// using an incompatible version of openssl
assert(code);
badOpenSSL = true;
} else
assert.equal(code, 0); assert.equal(code, 0);
server.close(function() { server.close(function() {
setTimeout(callback, 100); setTimeout(callback, 100);
@ -117,7 +106,6 @@ function doTest(testOptions, callback) {
}); });
process.on('exit', function() { process.on('exit', function() {
if (!badOpenSSL) {
if (testOptions.tickets) { if (testOptions.tickets) {
assert.equal(requestCount, 6); assert.equal(requestCount, 6);
assert.equal(resumeCount, 0); assert.equal(resumeCount, 0);
@ -127,6 +115,5 @@ function doTest(testOptions, callback) {
assert.equal(requestCount, 6); assert.equal(requestCount, 6);
assert.equal(resumeCount, 5); assert.equal(resumeCount, 5);
} }
}
}); });
} }

7
test/simple/test-tls-set-ciphers.js

@ -25,11 +25,6 @@ var exec = require('child_process').exec;
var tls = require('tls'); var tls = require('tls');
var fs = require('fs'); var fs = require('fs');
if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}
var options = { var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
@ -51,7 +46,7 @@ var server = tls.createServer(options, function(conn) {
}); });
server.listen(common.PORT, '127.0.0.1', function() { server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher ' + options.ciphers + var cmd = common.opensslCli + ' s_client -cipher ' + options.ciphers +
' -connect 127.0.0.1:' + common.PORT; ' -connect 127.0.0.1:' + common.PORT;
exec(cmd, function(err, stdout, stderr) { exec(cmd, function(err, stdout, stderr) {

Loading…
Cancel
Save