src: add --use-bundled-ca --use-openssl-ca check

[danbev]

The --use-bundled-ca and --use-openssl-ca command line arguments are
mutually exclusive but can both be used on the same command line.

This commit adds a check if both options are used.

Fixes: #12083

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• commit message follows commit guidelines

Affected core subsystem(s)

src

[danbev]

CI: https://ci.nodejs.org/job/node-test-pull-request/7069/

[danbev]

test/osx/ failure looks unrelated:

not ok 1411 sequential/test-fs-readfile-tostring-fail --- duration_ms: 60.609 severity: fail stack: |- timeout ...

[bnoordhuis]

LGTM modulo nits. It's nice we can have cctests for such things now.

[bnoordhuis]

Can you line up the arguments? There should probably be an "either" in front of the error message and we prefix it with argv[0] in most cases.

[danbev]

Ah I see that now, I'll fix that. Thx

[richardlau]

Are there any pros/cons for having the test written as a cctest as opposed to JavaScript?

[danbev]

@richardlau There are some situations where it might be easier to write unit tests, one example would be like the above when need to test command line options to Node. Another that we came across was when testing a feature that was intended to be used when Node is embedded (for example Electron). At least that is my take on it. There is a section in the writing-tests.md which mentions this.

[richardlau]

For testing embedded Node.js cctest makes sense. My concerns for things like the test in this PR is:

1. If you ever want to tweak/extend it you have to recompile the cctests.
2. The portion of the community who would be willing to look at the test if it was written in JavaScript compared to if the test was written in C++.

cc @nodejs/testing

[cjihrig]

I think this PR would be simpler, and more people would maintain this code in the future if the test were written in JS.

[danbev]

I actually thought using a C++ unit test in this case was making it simpler. The motivation for that is that it is testing command line arguments that are to be passed to Node upon startup. Maybe it is my lack of experience, but I can't think of a good way of testing that from JavaScript.

[gibfahn]

@danbev couldn't you just do something like this?

constexecSync=require('child_process').execSync;constoutput=execSync(`${process.execPath} --use-bundled-ca --use-openssl-ca`);assert.strictEqual(output.toString(),"Error message...");

[cjihrig]

I think the simplest way would be to use child_process.spawnSync(process.execPath, ['--use-bundled-ca', '--use-openssl-ca']).

[gibfahn]

@cjihrig I recall that there is a reason to use one of spawnSync and execSync over the other, possibly to do with things working as expected on Windows. I can't remember which one it was though.

Is spawnSync the preferred one?

[cjihrig]

exec() runs a command to completion in a shell and then calls back with the result. execSync() is a blocking version of that. execFile() is the same, but without the shell.

spawn() is the most flexible, but usually requires the most effort/code to control. Under the hood, spawn() is used by the other asynchronous child process methods. spawnSync() takes the work out of using spawn(), if you can afford to block (which we can in a test like this). We don't need the shell in this case, so I'd go with spawnSync().

[danbev]

@gibfahn@cjihrig Thanks for that, I'll give that a go and see what people think.

[richardlau]

You can avoid having to call toString() here if you pass an encoding (e.g. utf8) option to child_process.spawnSync.

[danbev]

Ah nice, I'll do that. Thx

[danbev]

I've added a suggestion for the JavaScript test based on the suggestions from @gibfahn and @cjihrig.

My personal opinion is that the C++ unit test is just as readable/simple but I'm probably a little bias in this case :) It seems like the majority if for having this in JavaScript and I'll update the PR accordingly. Will let a few others chime and see if what the outcome is.

[cjihrig]

My personal opinion is that the C++ unit test is just as readable/simple but I'm probably a little bias in this case

I think the test itself is about equal in complexity, but it no longer requires changes to the gyp file and the fixture file. It also makes the test more accessible to a larger number of contributors.

[cjihrig]

After this line, can you add:

if(!common.hasCrypto){common.skip('missing crypto');process.exit();}

[danbev]

Ah yes, I'll add that. Thx

[danbev]

I think the test itself is about equal in complexity, but it no longer requires changes to the gyp file and the fixture file.

The change to the fixture would not normally be part of that. This was a bug that I introduced but did not discover until I actually used the arguments in this PR :( But there would still be a change required for the gyp file.

[gibfahn]

nit check -> checks

[danbev]

Fixed now, thanks!

[gibfahn]

I think the test itself is about equal in complexity, but it no longer requires changes to the gyp file and the fixture file. It also makes the test more accessible to a larger number of contributors.

For me the accessibility is key, I think the vast majority of node collaborators are more familiar with tests written in js, not least for things like using the inspector for debugging.