Bug ID 1207484
Summary openssl-3: regression regarding certificate path availability
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee pmonrealgonzalez@suse.com
Reporter amajer@suse.com
QA Contact security-team@suse.de
CC jsikes@suse.com, meissner@suse.com
Found By ---
Blocker --- 

While testing why nodejs18 unit tests were failing in openssl-1_1 vs.
openssl-3, I found that the errors are a result of unavailable directory

/var/lib/ca-certificates/openssl

If this directory does not exist, many unit tests are failing with errors
similar to

   'Error: error:16000069:STORE routines::unregistered scheme'


~/rpmbuild/BUILD/node-v18.13.0> ./node18 test/sequential/test-tls-connect.js
node:assert:750
    throw err;
    ^

AssertionError [ERR_ASSERTION]: The input did not match the regular expression
/no cipher match/i. Input:

'Error: error:16000069:STORE routines::unregistered scheme'

    at Object.<anonymous>
(/home/abuild/rpmbuild/BUILD/node-v18.13.0/test/sequential/test-tls-connect.js:53:10)
    at Module._compile (node:internal/modules/cjs/loader:1218:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1272:10)
    at Module.load (node:internal/modules/cjs/loader:1081:32)
    at Module._load (node:internal/modules/cjs/loader:922:12)
    at Function.executeUserEntryPoint [as runMain]
(node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:23:47 {
  generatedMessage: true,
  code: 'ERR_ASSERTION',
  actual: Error: error:16000069:STORE routines::unregistered scheme
      at configSecureContext (node:internal/tls/secure-context:230:11)
      at Object.createSecureContext (node:_tls_common:117:3)
      at Object.connect (node:_tls_wrap:1636:48)
      at
/home/abuild/rpmbuild/BUILD/node-v18.13.0/test/sequential/test-tls-connect.js:54:9
      at getActual (node:assert:757:5)
      at Function.throws (node:assert:903:24)
      at Object.<anonymous>
(/home/abuild/rpmbuild/BUILD/node-v18.13.0/test/sequential/test-tls-connect.js:53:10)
      at Module._compile (node:internal/modules/cjs/loader:1218:14)
      at Module._extensions..js (node:internal/modules/cjs/loader:1272:10)
      at Module.load (node:internal/modules/cjs/loader:1081:32) {
    opensslErrorStack: [
      'error:0A0000B9:SSL routines::no cipher match',
      'error:80000002:system library::No such file or directory'
    ],
    library: 'STORE routines',
    reason: 'unregistered scheme',
    code: 'ERR_OSSL_OSSL_STORE_UNREGISTERED_SCHEME'
  },
  expected: /no cipher match/i,
  operator: 'throws'
}

Node.js v18.13.0


If I simply create this directory, the unit tests pass as openssl-3 doesn't
generate errors.

One possible solution is to ship empty directory in the main library package.
Alternative is to track down why OpenSSL is throwing these weird errors when
this path is simply missing.

You are receiving this mail because: