src: add .code and SSL specific error properties

SSL errors have a long structured message, but lacked the standard .code
property which can be used for stable comparisons. Add a `code`
property, as well as the 3 string components of an SSL error: `reason`,
`library`, and `function`.

PR-URL: https://github.com/nodejs/node/pull/25093
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>

2 files changed, 35 insertions, 28 deletions

diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
index c686d68a18..79d2006d6b 100644
--- a/test/parallel/test-tls-alert-handling.js
+++ b/test/parallel/test-tls-alert-handling.js
@@ -7,6 +7,7 @@ if (!common.hasCrypto)
 if (!common.opensslCli)
   common.skip('node compiled without OpenSSL CLI');
 
+const assert = require('assert');
 const net = require('net');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');
@@ -29,7 +30,11 @@ const opts = {
 const max_iter = 20;
 let iter = 0;
 
-const errorHandler = common.mustCall(() => {
+const errorHandler = common.mustCall((err) => {
+  assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
+  assert.strictEqual(err.library, 'SSL routines');
+  assert.strictEqual(err.function, 'ssl3_get_record');
+  assert.strictEqual(err.reason, 'wrong version number');
   errorReceived = true;
   if (canCloseServer())
     server.close();
@@ -76,5 +81,10 @@ function sendBADTLSRecord() {
     socket.write(BAD_RECORD);
     socket.end();
   }));
-  client.on('error', common.mustCall());
+  client.on('error', common.mustCall((err) => {
+    assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
+    assert.strictEqual(err.library, 'SSL routines');
+    assert.strictEqual(err.function, 'ssl3_read_bytes');
+    assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
+  }));
 }
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
index a8367a3fe5..6b856ac59b 100644
--- a/test/parallel/test-tls-min-max-version.js
+++ b/test/parallel/test-tls-min-max-version.js
@@ -10,6 +10,7 @@ const {
 const DEFAULT_MIN_VERSION = tls.DEFAULT_MIN_VERSION;
 
 function test(cmin, cmax, cprot, smin, smax, sprot, expect) {
+  assert(expect);
   connect({
     client: {
       checkServerIdentity: (servername, cert) => { },
@@ -26,23 +27,18 @@ function test(cmin, cmax, cprot, smin, smax, sprot, expect) {
       secureProtocol: sprot,
     },
   }, common.mustCall((err, pair, cleanup) => {
-    if (expect && expect.match(/^ERR/)) {
-      assert.strictEqual(err.code, expect);
+    if (err) {
+      assert.strictEqual(err.code, expect, err + '.code !== ' + expect);
       return cleanup();
     }
 
-    if (expect) {
-      assert.ifError(pair.server.err);
-      assert.ifError(pair.client.err);
-      assert(pair.server.conn);
-      assert(pair.client.conn);
-      assert.strictEqual(pair.client.conn.getProtocol(), expect);
-      assert.strictEqual(pair.server.conn.getProtocol(), expect);
-      return cleanup();
-    }
-
-    assert(pair.server.err);
-    assert(pair.client.err);
+    assert.ifError(err);
+    assert.ifError(pair.server.err);
+    assert.ifError(pair.client.err);
+    assert(pair.server.conn);
+    assert(pair.client.conn);
+    assert.strictEqual(pair.client.conn.getProtocol(), expect);
+    assert.strictEqual(pair.server.conn.getProtocol(), expect);
     return cleanup();
   }));
 }
@@ -83,17 +79,18 @@ test(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1');
 test(U, U, 'TLSv1_2_method', U, U, 'SSLv23_method', 'TLSv1.2');
 
 if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
-  test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', null);
-  test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', null);
-  test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', null);
-  test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', null);
+  test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'ECONNRESET');
+  test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 'ECONNRESET');
+  test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
+       'ERR_SSL_VERSION_TOO_LOW');
+  test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
 }
 
 if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
   test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1');
-  test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', null);
+  test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 'ECONNRESET');
   test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
-  test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', null);
+  test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
 }
 
 if (DEFAULT_MIN_VERSION === 'TLSv1') {
@@ -111,18 +108,18 @@ test(U, U, 'TLSv1_method', U, U, 'TLSv1_method', 'TLSv1');
 
 // The default default.
 if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
-  test(U, U, 'TLSv1_1_method', U, U, U, null);
-  test(U, U, 'TLSv1_method', U, U, U, null);
-  test(U, U, U, U, U, 'TLSv1_1_method', null);
-  test(U, U, U, U, U, 'TLSv1_method', null);
+  test(U, U, 'TLSv1_1_method', U, U, U, 'ECONNRESET');
+  test(U, U, 'TLSv1_method', U, U, U, 'ECONNRESET');
+  test(U, U, U, U, U, 'TLSv1_1_method', 'ERR_SSL_VERSION_TOO_LOW');
+  test(U, U, U, U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
 }
 
 // The default with --tls-v1.1.
 if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
   test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1');
-  test(U, U, 'TLSv1_method', U, U, U, null);
+  test(U, U, 'TLSv1_method', U, U, U, 'ECONNRESET');
   test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1');
-  test(U, U, U, U, U, 'TLSv1_method', null);
+  test(U, U, U, U, U, 'TLSv1_method', 'ERR_SSL_VERSION_TOO_LOW');
 }
 
 // The default with --tls-v1.0.