diff --git a/deps/openssl/openssl/apps/app_rand.c b/deps/openssl/openssl/apps/app_rand.c index 595fc7821c85e6..b6fe294a682711 100644 --- a/deps/openssl/openssl/apps/app_rand.c +++ b/deps/openssl/openssl/apps/app_rand.c @@ -124,10 +124,16 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) char buffer[200]; #ifdef OPENSSL_SYS_WINDOWS - BIO_printf(bio_e, "Loading 'screen' into random state -"); - BIO_flush(bio_e); - RAND_screen(); - BIO_printf(bio_e, " done\n"); + /* + * allocate 2 to dont_warn not to use RAND_screen() via + * -no_rand_screen option in s_client + */ + if (dont_warn != 2) { + BIO_printf(bio_e, "Loading 'screen' into random state -"); + BIO_flush(bio_e); + RAND_screen(); + BIO_printf(bio_e, " done\n"); + } #endif if (file == NULL) diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index 7112b246d1d0de..d5297d3070de92 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -236,6 +236,7 @@ static BIO *bio_c_msg = NULL; static int c_quiet = 0; static int c_ign_eof = 0; static int c_brief = 0; +static int c_no_rand_screen = 0; #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ @@ -446,6 +447,10 @@ static void sc_usage(void) " -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); +#ifdef OPENSSL_SYS_WINDOWS + BIO_printf(bio_err, + " -no_rand_screen - Do not use RAND_screen() to initialize random state\n"); +#endif } #ifndef OPENSSL_NO_TLSEXT @@ -1125,6 +1130,10 @@ int MAIN(int argc, char **argv) keymatexportlen = atoi(*(++argv)); if (keymatexportlen == 0) goto bad; +#ifdef OPENSSL_SYS_WINDOWS + } else if (strcmp(*argv, "-no_rand_screen") == 0) { + c_no_rand_screen = 1; +#endif } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; @@ -1230,7 +1239,7 @@ int MAIN(int argc, char **argv) if (!load_excert(&exc, bio_err)) goto end; - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL && !RAND_status()) { BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); diff --git a/test/parallel/test-tls-server-verify.js b/test/parallel/test-tls-server-verify.js index f30134f04ac0a5..387ede8abc3554 100644 --- a/test/parallel/test-tls-server-verify.js +++ b/test/parallel/test-tls-server-verify.js @@ -125,17 +125,20 @@ var serverKey = loadPEM('agent2-key'); var serverCert = loadPEM('agent2-cert'); -function runClient(options, cb) { +function runClient(prefix, port, options, cb) { // Client can connect in three ways: // - Self-signed cert // - Certificate, but not signed by CA. // - Certificate signed by CA. - var args = ['s_client', '-connect', '127.0.0.1:' + common.PORT]; + var args = ['s_client', '-connect', '127.0.0.1:' + port]; + // for the performance issue in s_client on Windows + if (process.platform === 'win32') + args.push('-no_rand_screen'); - console.log(' connecting with', options.name); + console.log(prefix + ' connecting with', options.name); switch (options.name) { case 'agent1': @@ -176,7 +179,7 @@ function runClient(options, cb) { break; default: - throw new Error('Unknown agent name'); + throw new Error(prefix + 'Unknown agent name'); } // To test use: openssl s_client -connect localhost:8000 @@ -193,17 +196,17 @@ function runClient(options, cb) { out += d; if (!goodbye && /_unauthed/g.test(out)) { - console.error(' * unauthed'); + console.error(prefix + ' * unauthed'); goodbye = true; - client.stdin.end('goodbye\n'); + client.kill(); authed = false; rejected = false; } if (!goodbye && /_authed/g.test(out)) { - console.error(' * authed'); + console.error(prefix + ' * authed'); goodbye = true; - client.stdin.end('goodbye\n'); + client.kill(); authed = true; rejected = false; } @@ -212,15 +215,17 @@ function runClient(options, cb) { //client.stdout.pipe(process.stdout); client.on('exit', function(code) { - //assert.equal(0, code, options.name + + //assert.equal(0, code, prefix + options.name + // ": s_client exited with error code " + code); if (options.shouldReject) { - assert.equal(true, rejected, options.name + + assert.equal(true, rejected, prefix + options.name + ' NOT rejected, but should have been'); } else { - assert.equal(false, rejected, options.name + + assert.equal(false, rejected, prefix + options.name + ' rejected, but should NOT have been'); - assert.equal(options.shouldAuth, authed); + assert.equal(options.shouldAuth, authed, prefix + + options.name + ' authed is ' + authed + + ' but should have been ' + options.shouldAuth); } cb(); @@ -230,11 +235,12 @@ function runClient(options, cb) { // Run the tests var successfulTests = 0; -function runTest(testIndex) { +function runTest(port, testIndex) { + var prefix = testIndex + ' '; var tcase = testCases[testIndex]; if (!tcase) return; - console.error("Running '%s'", tcase.title); + console.error(prefix + "Running '%s'", tcase.title); var cas = tcase.CAs.map(loadPEM); @@ -262,10 +268,16 @@ function runTest(testIndex) { var renegotiated = false; var server = tls.Server(serverOptions, function handleConnection(c) { + c.on('error', function(e) { + // child.kill() leads ECONNRESET errro in the TLS connection of + // openssl s_client via spawn(). A Test result is already + // checked by the data of client.stdout before child.kill() so + // these tls errors can be ignored. + }); if (tcase.renegotiate && !renegotiated) { renegotiated = true; setTimeout(function() { - console.error('- connected, renegotiating'); + console.error(prefix + '- connected, renegotiating'); c.write('\n_renegotiating\n'); return c.renegotiate({ requestCert: true, @@ -281,11 +293,11 @@ function runTest(testIndex) { connections++; if (c.authorized) { - console.error('- authed connection: ' + + console.error(prefix + '- authed connection: ' + c.getPeerCertificate().subject.CN); c.write('\n_authed\n'); } else { - console.error('- unauthed connection: %s', c.authorizationError); + console.error(prefix + '- unauthed connection: %s', c.authorizationError); c.write('\n_unauthed\n'); } }); @@ -293,27 +305,43 @@ function runTest(testIndex) { function runNextClient(clientIndex) { var options = tcase.clients[clientIndex]; if (options) { - runClient(options, function() { + runClient(prefix + clientIndex + ' ', port, options, function() { runNextClient(clientIndex + 1); }); } else { server.close(); successfulTests++; - runTest(testIndex + 1); + runTest(port, nextTest++); } } - server.listen(common.PORT, function() { + server.listen(port, function() { if (tcase.debug) { - console.error('TLS server running on port ' + common.PORT); + console.error(prefix + 'TLS server running on port ' + port); } else { - runNextClient(0); + if (tcase.renegotiate) { + runNextClient(0); + } else { + var clientsCompleted = 0; + for (var i = 0; i < tcase.clients.length; i++) { + runClient(prefix + i + ' ', port, tcase.clients[i], function() { + clientsCompleted++; + if (clientsCompleted === tcase.clients.length) { + server.close(); + successfulTests++; + runTest(port, nextTest++); + } + }); + } + } } }); } -runTest(0); +var nextTest = 0; +runTest(common.PORT, nextTest++); +runTest(common.PORT + 1, nextTest++); process.on('exit', function() {