From a0b217557c185bf8cd618101e74df57875cfca3a Mon Sep 17 00:00:00 2001
From: Mert Can Altin <mertgold60@gmail.com>
Date: Tue, 14 Apr 2026 07:16:01 +0100
Subject: [PATCH 1/3] test: use heapdump test for SecureContext memory tracking

---
 test/cctest/test_node_crypto.cc             | 27 ---------------
 test/pummel/test-heapdump-secure-context.js | 37 +++++++++++++++++++++
 2 files changed, 37 insertions(+), 27 deletions(-)
 create mode 100644 test/pummel/test-heapdump-secure-context.js

diff --git a/test/cctest/test_node_crypto.cc b/test/cctest/test_node_crypto.cc
index 66e31941fc477c..bb841b8690de68 100644
--- a/test/cctest/test_node_crypto.cc
+++ b/test/cctest/test_node_crypto.cc
@@ -21,30 +21,3 @@ TEST(NodeCrypto, NewRootCertStore) {
                                       "any errors on the OpenSSL error stack\n";
   X509_STORE_free(store);
 }
-
-/*
- * This test verifies that OpenSSL memory tracking constants are properly
- * defined.
- */
-TEST(NodeCrypto, MemoryTrackingConstants) {
-  // Verify that our memory tracking constants are defined and reasonable
-  EXPECT_GT(node::crypto::kSizeOf_SSL_CTX, 0)
-      << "SSL_CTX size constant should be positive";
-  EXPECT_GT(node::crypto::kSizeOf_X509, 0)
-      << "X509 size constant should be positive";
-  EXPECT_GT(node::crypto::kSizeOf_EVP_MD_CTX, 0)
-      << "EVP_MD_CTX size constant should be positive";
-
-  // Verify reasonable size ranges (basic sanity check)
-  EXPECT_LT(node::crypto::kSizeOf_SSL_CTX, 10000)
-      << "SSL_CTX size should be reasonable";
-  EXPECT_LT(node::crypto::kSizeOf_X509, 10000)
-      << "X509 size should be reasonable";
-  EXPECT_LT(node::crypto::kSizeOf_EVP_MD_CTX, 1000)
-      << "EVP_MD_CTX size should be reasonable";
-
-  // Specific values we expect based on our implementation
-  EXPECT_EQ(node::crypto::kSizeOf_SSL_CTX, 240);
-  EXPECT_EQ(node::crypto::kSizeOf_X509, 128);
-  EXPECT_EQ(node::crypto::kSizeOf_EVP_MD_CTX, 48);
-}
diff --git a/test/pummel/test-heapdump-secure-context.js b/test/pummel/test-heapdump-secure-context.js
new file mode 100644
index 00000000000000..feb100070e0535
--- /dev/null
+++ b/test/pummel/test-heapdump-secure-context.js
@@ -0,0 +1,37 @@
+'use strict';
+// This tests heap snapshot integration of SecureContext.
+
+const common = require('../common');
+
+if (!common.hasCrypto) common.skip('missing crypto');
+
+const fixtures = require('../common/fixtures');
+const assert = require('assert');
+const {
+  createJSHeapSnapshot,
+  validateByRetainingPathFromNodes,
+} = require('../common/heap');
+const tls = require('tls');
+
+{
+  const nodes = createJSHeapSnapshot();
+  const matches = nodes.filter(
+    (n) => n.name === 'Node / SecureContext' && n.type !== 'string');
+  assert.strictEqual(matches.length, 0);
+}
+
+// eslint-disable-next-line no-unused-vars
+const ctx = tls.createSecureContext({
+  cert: fixtures.readKey('agent1-cert.pem'),
+  key: fixtures.readKey('agent1-key.pem'),
+});
+
+{
+  const nodes = createJSHeapSnapshot();
+  validateByRetainingPathFromNodes(nodes, 'Node / SecureContext', [
+    { edge_name: 'ctx', node_name: 'Node / ctx' },
+  ]);
+  validateByRetainingPathFromNodes(nodes, 'Node / SecureContext', [
+    { edge_name: 'cert', node_name: 'Node / cert' },
+  ]);
+}

From 19a9d150bdaf82da8ff3201ec1db532c077813d0 Mon Sep 17 00:00:00 2001
From: Mert Can Altin <mertgold60@gmail.com>
Date: Tue, 14 Apr 2026 10:37:16 +0100
Subject: [PATCH 2/3] Update test/pummel/test-heapdump-secure-context.js

Co-authored-by: Joyee Cheung <joyeec9h3@gmail.com>
---
 test/pummel/test-heapdump-secure-context.js | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/test/pummel/test-heapdump-secure-context.js b/test/pummel/test-heapdump-secure-context.js
index feb100070e0535..ffd7b6d4ff463b 100644
--- a/test/pummel/test-heapdump-secure-context.js
+++ b/test/pummel/test-heapdump-secure-context.js
@@ -13,12 +13,6 @@ const {
 } = require('../common/heap');
 const tls = require('tls');
 
-{
-  const nodes = createJSHeapSnapshot();
-  const matches = nodes.filter(
-    (n) => n.name === 'Node / SecureContext' && n.type !== 'string');
-  assert.strictEqual(matches.length, 0);
-}
 
 // eslint-disable-next-line no-unused-vars
 const ctx = tls.createSecureContext({

From 0c3d8b38dc90811186d7ecace0ba6efea4204547 Mon Sep 17 00:00:00 2001
From: Mert Can Altin <mertgold60@gmail.com>
Date: Tue, 14 Apr 2026 13:52:39 +0100
Subject: [PATCH 3/3] lint

---
 test/pummel/test-heapdump-secure-context.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/pummel/test-heapdump-secure-context.js b/test/pummel/test-heapdump-secure-context.js
index ffd7b6d4ff463b..bc39a2a001de2c 100644
--- a/test/pummel/test-heapdump-secure-context.js
+++ b/test/pummel/test-heapdump-secure-context.js
@@ -6,7 +6,7 @@ const common = require('../common');
 if (!common.hasCrypto) common.skip('missing crypto');
 
 const fixtures = require('../common/fixtures');
-const assert = require('assert');
+
 const {
   createJSHeapSnapshot,
   validateByRetainingPathFromNodes,