undici icon indicating copy to clipboard operation
undici copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Nightly tests are failing

Open github-actions[bot] opened this issue 1 year ago • 24 comments

github-actions[bot] avatar Aug 16 '24 10:08 github-actions[bot]

Tests against nightly failed, see: https://github.com/nodejs/undici/actions/runs/10418179441

github-actions[bot] avatar Aug 16 '24 10:08 github-actions[bot]

@metcoder95

 test at test/http2.js:370:1
✖ [v20] Request should fail if allowH2 is false and server advertises h1 only (8.785301ms)
  AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
  + actual - expected
  
  + '80E807C2167F0000:error:0A000460:SSL routines:ssl3_read_bytes:tlsv1 alert no application protocol:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 120\n'
  - 'Client network socket disconnected before secure TLS connection was established'
      at res.<computed> [as strictEqual] (/home/runner/work/undici/undici/node_modules/@matteo.collina/tspl/tspl.js:52:35)
      at TestContext.<anonymous> (/home/runner/work/undici/undici/test/http2.js:408:9)
      at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
      at async Test.run (node:internal/test_runner/test:879:9)
      at async Test.processPendingSubtests (node:internal/test_runner/test:590:7) {
    generatedMessage: true,
    code: 'ERR_ASSERTION',
    actual: '80E807C2167F0000:error:0A000460:SSL routines:ssl3_read_bytes:tlsv1 alert no application protocol:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 120\n',
    expected: 'Client network socket disconnected before secure TLS connection was established',
    operator: 'strictEqual'
  }

KhafraDev avatar Aug 16 '24 16:08 KhafraDev

Tests against nightly failed, see: https://github.com/nodejs/undici/actions/runs/10431397022

github-actions[bot] avatar Aug 17 '24 10:08 github-actions[bot]

Tests against nightly failed, see: https://github.com/nodejs/undici/actions/runs/10439694412

github-actions[bot] avatar Aug 18 '24 10:08 github-actions[bot]

I'll take a look later this week, maybe we can skip it for now; did something changed within the OpenSSL that is causing that failure on nightly?

metcoder95 avatar Aug 18 '24 19:08 metcoder95

@KhafraDev by the test name (v20) shouldn't it execute only on v20.x?

RafaelGSS avatar Aug 21 '24 14:08 RafaelGSS

It executes on versions >= 20 https://github.com/nodejs/undici/blob/69cfd97591c0a1eec563590df862caeed304f1c3/test/http2.js#L372

KhafraDev avatar Aug 21 '24 14:08 KhafraDev

Is this failing on the nightly build only (nodejs#main) or has it failed since Node.js 22.6.0?

RafaelGSS avatar Aug 21 '24 14:08 RafaelGSS

Only on the nightly. It seems related to the way OpenSSL handles the missing of ALPN response. Tried to do bisect Today but didn’t have the time.

metcoder95 avatar Aug 21 '24 14:08 metcoder95

Did something changed on that regard for v23?

metcoder95 avatar Aug 21 '24 14:08 metcoder95

Can someone test it using the v22.7.0-proposal but removing https://github.com/nodejs/node/pull/54452/commits/a8c78c6f5014e68946be56caaf50fb3c6e7ce25a and https://github.com/nodejs/node/pull/54452/commits/df3e6bbfed2897389dc3fbf83e76907ab9fbb430?

RafaelGSS avatar Aug 21 '24 14:08 RafaelGSS

I'm sorry I don't have any time to test.

KhafraDev avatar Aug 21 '24 20:08 KhafraDev

I can confirm dropping OpenSSL update passes the test. I'll remove it for the next release and for main branch. Let's discuss the reason in the PR.

RafaelGSS avatar Aug 21 '24 20:08 RafaelGSS

https://github.com/nodejs/node/pull/54491

RafaelGSS avatar Aug 21 '24 20:08 RafaelGSS

It seems undici needs to update its test suite for Node.js 22.8.0 (https://github.com/nodejs/node/pull/54491#issuecomment-2303008950)

RafaelGSS avatar Aug 21 '24 21:08 RafaelGSS

Why though?

Doesnt it need to be wrapped again in nodejs, as it is done before?

https://github.com/nodejs/node/blob/8b0c699f2aafdf81bc4834b9bd2a4923741d3a6f/lib/_tls_wrap.js#L1732

Now we get the openssl warning directly.

Uzlopak avatar Aug 21 '24 21:08 Uzlopak

@RafaelGSS

Please see https://github.com/nodejs/node/pull/54492

With that PR the undici tests pass again.

Uzlopak avatar Aug 22 '24 02:08 Uzlopak

It seems undici needs to update its test suite for Node.js 22.8.0 (nodejs/node#54491 (comment))

This might depend on the outcome of this new behaviour from OpenSSL, isn't it? If moving forward with the update, we will need to at least document this gotcha when attempting to use ALPN

metcoder95 avatar Aug 22 '24 06:08 metcoder95

I might not be the best person to discuss it, but looks like not wrapping it on Node.js would make more sense, it gives the library the ability to decide what to do on OpenSSL error codes. As mentioned by Richard, this is a bug fix from OpenSSL, but I can see why this is problematic as it can be considered semver-major on error code changes.

RafaelGSS avatar Aug 22 '24 14:08 RafaelGSS

Just one argument for the wrapping is that ECONNRESET is a posix error and ERR_SSL_WRONG_VERSION_NUMBER not.

Uzlopak avatar Aug 22 '24 14:08 Uzlopak

@richardlau what's your thought on this? I don't think we can hold the OpenSSL update for too long. Our choice is either accept https://github.com/nodejs/node/pull/54492 as an expected approach or clarify that users should rely on OpenSSL error codes.

RafaelGSS avatar Aug 27 '24 15:08 RafaelGSS

Also keep in mind the error has the very descriptive error message 0E807C2167F0000:error:0A000460:SSL routines:ssl3_read_bytes:tlsv1 alert no application protocol:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 120\n

Uzlopak avatar Aug 27 '24 16:08 Uzlopak

From the perspective of the issue, I'd like to rely on OpenSSL error codes if they were more descriptive compared to what currently throws.

The wrap made by @Uzlopak seems like a good step forward but it might require a wider consensus (I guess?)

metcoder95 avatar Aug 27 '24 20:08 metcoder95

ugh...

Uzlopak avatar Oct 19 '24 00:10 Uzlopak