From cc182417a12cfa72747f2f78b3a378dd60191691 Mon Sep 17 00:00:00 2001 From: Adrien Nader Date: Tue, 17 Dec 2024 17:29:38 +0100 Subject: [PATCH] test: openssl 3.4 returns decrypt_error upon PSK binder validation failure According to RFC 8446 (TLS 1.3), a PSK binder validation failure should result in decrypt_error rather than illegal_parameter which openssl had been using. Update the tests to match openssl's fix. Refs: https://github.com/openssl/openssl/commit/02b8b7b83698d1c7ddfef274f16c039c8cca7988 Refs: https://www.rfc-editor.org/rfc/rfc8446 --- test/parallel/test-tls-psk-circuit.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js index e93db3eb1b4923..690628758f7358 100644 --- a/test/parallel/test-tls-psk-circuit.js +++ b/test/parallel/test-tls-psk-circuit.js @@ -66,7 +66,11 @@ const expectedHandshakeErr = common.hasOpenSSL(3, 2) ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr); // Recognized user but incorrect secret should fail handshake -const expectedIllegalParameterErr = common.hasOpenSSL(3, 2) ? - 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'; +const expectedIllegalParameterErr = + common.hasOpenSSL(3, 4) + ? 'ERR_SSL_TLSV1_ALERT_DECRYPT_ERROR' + : (common.hasOpenSSL(3, 2) + ? 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' + : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'); test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr); test({ psk: USERS.UserB, identity: 'UserB' });