Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: add --use-bundled-ca to tls-cnnic-whitelist #12394

Closed

Conversation

danbev
Copy link
Contributor

@danbev danbev commented Apr 13, 2017

If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26 ("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store. That commit will be reverted by #12391.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines
Affected core subsystem(s)

test

If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.
@nodejs-github-bot nodejs-github-bot added the test Issues and PRs related to the tests. label Apr 13, 2017
@mscdex mscdex added the tls Issues and PRs related to the tls subsystem. label Apr 13, 2017
Copy link
Contributor

@thefourtheye thefourtheye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if CI is happy.

danbev added a commit to danbev/node that referenced this pull request Apr 18, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: nodejs#12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
@danbev
Copy link
Contributor Author

danbev commented Apr 18, 2017

@danbev
Copy link
Contributor Author

danbev commented Apr 18, 2017

Landed in 3cf88a4

@danbev danbev closed this Apr 18, 2017
@danbev danbev deleted the test-tls-cnnic-whitelist-openssl-def-ca branch April 18, 2017 12:32
evanlucas pushed a commit that referenced this pull request Apr 25, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: #12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
@evanlucas evanlucas mentioned this pull request May 1, 2017
evanlucas pushed a commit that referenced this pull request May 1, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: #12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
evanlucas pushed a commit that referenced this pull request May 2, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: #12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
gibfahn pushed a commit that referenced this pull request May 16, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: #12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 18, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: #12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
@MylesBorins MylesBorins mentioned this pull request May 23, 2017
andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017
If configued with --openssl-use-def-ca-store --shared-openssl the
following error might be thrown:

assert.js:86
  throw new assert.AssertionError({
  ^
AssertionError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' === 'CERT_REVOKED'
    at TLSSocket.client.on.common.mustCall
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-tls-cnnic-whitelist.js:71:14)
    at TLSSocket.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
    at emitOne (events.js:115:13)
    at TLSSocket.emit (events.js:210:7)
    at emitErrorNT (net.js:1305:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)

In this case the CA's used will be the ones shipped with OpenSSL. For
tests though we should be able to specify --use-bundled-ca as a fix for
the above error, but this functionality was broken by me in commit
be98f26
("src: exclude node_root_certs when use-def-ca-store").

That commit removed the abilty to use --use-bundled-ca if the build was
configured --openssl-use-def-ca-store.

PR-URL: nodejs/node#12394
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
test Issues and PRs related to the tests. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants