Created
October 22, 2014 19:08
-
-
Save misterdjules/0ec1f38621cf2189ceeb to your computer and use it in GitHub Desktop.
Latest SSL fixes that make all SSL tests pass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/crypto.js b/lib/crypto.js | |
index f88c55d..dedecc4 100644 | |
--- a/lib/crypto.js | |
+++ b/lib/crypto.js | |
@@ -61,6 +61,32 @@ var StringDecoder = require('string_decoder').StringDecoder; | |
var CONTEXT_DEFAULT_OPTIONS = undefined; | |
+function getSecureOptions(secureProtocol, secureOptions) { | |
+ if (CONTEXT_DEFAULT_OPTIONS === undefined) { | |
+ var binding = process.binding('crypto'); | |
+ CONTEXT_DEFAULT_OPTIONS = 0; | |
+ | |
+ if (!binding.SSL3_ENABLE) | |
+ CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3; | |
+ | |
+ if (!binding.SSL2_ENABLE) | |
+ CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2; | |
+ } | |
+ | |
+ if (secureOptions === undefined) { | |
+ if (secureProtocol === undefined || | |
+ secureProtocol === 'SSLv23_method' || | |
+ secureProtocol === 'SSLv23_server_method' || | |
+ secureProtocol === 'SSLv23_client_method') { | |
+ secureOptions |= CONTEXT_DEFAULT_OPTIONS; | |
+ } | |
+ } | |
+ | |
+ return secureOptions; | |
+} | |
+exports._getSecureOptions = getSecureOptions; | |
+ | |
+ | |
function Credentials(secureProtocol, flags, context) { | |
if (!(this instanceof Credentials)) { | |
return new Credentials(secureProtocol, flags, context); | |
@@ -82,24 +108,7 @@ function Credentials(secureProtocol, flags, context) { | |
} | |
} | |
- if (CONTEXT_DEFAULT_OPTIONS === undefined) { | |
- CONTEXT_DEFAULT_OPTIONS = 0; | |
- | |
- if (!binding.SSL3_ENABLE) | |
- CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3; | |
- | |
- if (!binding.SSL2_ENABLE) | |
- CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2; | |
- } | |
- | |
- if (flags === undefined) { | |
- if (secureProtocol === undefined || | |
- secureProtocol === 'SSLv23_method' || | |
- secureProtocol === 'SSLv23_server_method' || | |
- secureProtocol === 'SSLv23_client_method') { | |
- flags |= CONTEXT_DEFAULT_OPTIONS; | |
- } | |
- } | |
+ flags = getSecureOptions(secureProtocol, flags); | |
this.context.setOptions(flags); | |
} | |
diff --git a/lib/tls.js b/lib/tls.js | |
index 392f7ad..5133c23 100644 | |
--- a/lib/tls.js | |
+++ b/lib/tls.js | |
@@ -1145,7 +1145,11 @@ function Server(/* [options], listener */) { | |
// constructor call | |
net.Server.call(this, function(socket) { | |
- var creds = crypto.createCredentials(null, sharedCreds.context); | |
+ var creds = crypto.createCredentials({ | |
+ secureProtocol: self.secureProtocol, | |
+ secureOptions: self.secureOptions | |
+ }, | |
+ sharedCreds.context); | |
var pair = new SecurePair(creds, | |
true, | |
@@ -1239,11 +1243,16 @@ Server.prototype.setOptions = function(options) { | |
if (options.secureProtocol) this.secureProtocol = options.secureProtocol; | |
if (options.crl) this.crl = options.crl; | |
if (options.ciphers) this.ciphers = options.ciphers; | |
- var secureOptions = options.secureOptions || 0; | |
+ | |
+ var secureOptions = crypto._getSecureOptions(options.secureProtocol, | |
+ options.secureOptions); | |
+ | |
if (options.honorCipherOrder) { | |
secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE; | |
} | |
- if (secureOptions) this.secureOptions = secureOptions; | |
+ | |
+ this.secureOptions = secureOptions; | |
+ | |
if (options.NPNProtocols) convertNPNProtocols(options.NPNProtocols, this); | |
if (options.SNICallback) { | |
this.SNICallback = options.SNICallback; | |
@@ -1326,6 +1335,8 @@ exports.connect = function(/* [port, host], options, cb */) { | |
}; | |
options = util._extend(defaults, options || {}); | |
+ options.secureOptions = crypto._getSecureOptions(options.secureProtocol, | |
+ options.secureOptions); | |
var socket = options.socket ? options.socket : new net.Stream(); | |
var sslcontext = crypto.createCredentials(options); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment