Last active
August 29, 2015 14:07
-
-
Save misterdjules/71d24e6df69647272e40 to your computer and use it in GitHub Desktop.
SSLv3 client with --enable-ssl3 connecting to server without specific cmd line option/SSL protocol set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var tls = require('tls'); | |
var fs = require('fs'); | |
var path = require('path'); | |
var fork = require('child_process').fork; | |
var assert = require('assert'); | |
var constants = require('constants'); | |
var common = require('../common'); | |
if (process.argv[2] === 'child') { | |
process.on('message', function(msg) { | |
if (msg === 'go') { | |
var con = tls.connect(common.PORT, | |
{ | |
rejectUnauthorized: false, | |
secureProtocol: 'SSLv3_method' | |
}, | |
function() { | |
assert.equal(con.getVersion(), 'SSLv3'); | |
process.send('done'); | |
}); | |
con.on('error', function(err) { | |
assert.ok(false, | |
"Client using SSLv3_method and enabling SSLv3 with " + | |
"--enable-ssl3 must be able to connect to any SSL " + | |
"server but failed with error: " + err); | |
process.send('done'); | |
}); | |
} | |
}); | |
} else { | |
var keyPath = path.join(common.fixturesDir, 'agent.key'); | |
var certPath = path.join(common.fixturesDir, 'agent.crt'); | |
var key = fs.readFileSync(keyPath).toString(); | |
var cert = fs.readFileSync(certPath).toString(); | |
var child; | |
if (child = fork(process.argv[1], | |
['child'], | |
{ execArgv: ['--enable-ssl3'] })) { | |
var server = tls.Server({ key: key, | |
cert: cert, | |
ca: [], | |
secureOptions: 0, | |
}); | |
server.listen(common.PORT, function() { | |
child.on('message', function onChildMsg(msg) { | |
if (msg === 'done') { | |
server.close(); | |
child.kill(); | |
} | |
}); | |
child.send('go'); | |
}); | |
} else { | |
assert.throws("Could not create child process"); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/crypto.js b/lib/crypto.js | |
index d1c9eb5..c33cd6d 100644 | |
--- a/lib/crypto.js | |
+++ b/lib/crypto.js | |
@@ -78,7 +78,9 @@ function Credentials(secureProtocol, flags, context) { | |
} | |
} | |
- if (flags) this.context.setOptions(flags); | |
+ if (flags != null) { | |
+ this.context.setOptions(flags); | |
+ } | |
} | |
exports.Credentials = Credentials; | |
diff --git a/lib/tls.js b/lib/tls.js | |
index 392f7ad..7e4bd9d 100644 | |
--- a/lib/tls.js | |
+++ b/lib/tls.js | |
@@ -616,7 +616,7 @@ CryptoStream.prototype.isSessionReused = function() { | |
return null; | |
}; | |
-CryptoStream.prototype.getCipher = function(err) { | |
+CryptoStream.prototype.getCipher = function() { | |
if (this.pair.ssl) { | |
return this.pair.ssl.getCurrentCipher(); | |
} else { | |
@@ -624,6 +624,14 @@ CryptoStream.prototype.getCipher = function(err) { | |
} | |
}; | |
+CryptoStream.prototype.getVersion = function() { | |
+ if (this.pair.ssl) { | |
+ return this.pair.ssl.getCurrentVersion(); | |
+ } else { | |
+ return null; | |
+ } | |
+} | |
+ | |
CryptoStream.prototype.end = function(chunk, encoding) { | |
if (this === this.pair.cleartext) { | |
@@ -1239,11 +1247,10 @@ Server.prototype.setOptions = function(options) { | |
if (options.secureProtocol) this.secureProtocol = options.secureProtocol; | |
if (options.crl) this.crl = options.crl; | |
if (options.ciphers) this.ciphers = options.ciphers; | |
- var secureOptions = options.secureOptions || 0; | |
if (options.honorCipherOrder) { | |
secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE; | |
} | |
- if (secureOptions) this.secureOptions = secureOptions; | |
+ this.secureOptions = options.secureOptions; | |
if (options.NPNProtocols) convertNPNProtocols(options.NPNProtocols, this); | |
if (options.SNICallback) { | |
this.SNICallback = options.SNICallback; | |
diff --git a/src/node_crypto.cc b/src/node_crypto.cc | |
index fbcdf86..36e3ac2 100644 | |
--- a/src/node_crypto.cc | |
+++ b/src/node_crypto.cc | |
@@ -705,11 +705,15 @@ Handle<Value> SecureContext::SetOptions(const Arguments& args) { | |
SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder()); | |
- if (args.Length() != 1 || !args[0]->IntegerValue()) { | |
+ if (args.Length() != 1 || !args[0]->IsInt32()) { | |
return ThrowException(Exception::TypeError(String::New("Bad parameter"))); | |
} | |
- SSL_CTX_set_options(sc->ctx_, args[0]->IntegerValue()); | |
+ if (args[0]->IntegerValue() == 0) { | |
+ SSL_CTX_clear_options(sc->ctx_, SSL_CTX_get_options(sc->ctx_));; | |
+ } else { | |
+ SSL_CTX_set_options(sc->ctx_, args[0]->IntegerValue()); | |
+ } | |
return True(); | |
} | |
@@ -1122,6 +1126,7 @@ void Connection::Initialize(Handle<Object> target) { | |
NODE_SET_PROTOTYPE_METHOD(t, "isInitFinished", Connection::IsInitFinished); | |
NODE_SET_PROTOTYPE_METHOD(t, "verifyError", Connection::VerifyError); | |
NODE_SET_PROTOTYPE_METHOD(t, "getCurrentCipher", Connection::GetCurrentCipher); | |
+ NODE_SET_PROTOTYPE_METHOD(t, "getCurrentVersion", Connection::GetCurrentVersion); | |
NODE_SET_PROTOTYPE_METHOD(t, "start", Connection::Start); | |
NODE_SET_PROTOTYPE_METHOD(t, "shutdown", Connection::Shutdown); | |
NODE_SET_PROTOTYPE_METHOD(t, "close", Connection::Close); | |
@@ -2043,6 +2048,14 @@ Handle<Value> Connection::GetCurrentCipher(const Arguments& args) { | |
return scope.Close(info); | |
} | |
+Handle<Value> Connection::GetCurrentVersion(const Arguments& args) { | |
+ HandleScope scope; | |
+ | |
+ Connection *ss = Connection::Unwrap(args); | |
+ Local<String> version = String::New(SSL_get_version(ss->ssl_)); | |
+ return scope.Close(version); | |
+} | |
+ | |
Handle<Value> Connection::Close(const Arguments& args) { | |
HandleScope scope; | |
diff --git a/src/node_crypto.h b/src/node_crypto.h | |
index 54b9b88..7467dc7 100644 | |
--- a/src/node_crypto.h | |
+++ b/src/node_crypto.h | |
@@ -199,6 +199,7 @@ class Connection : ObjectWrap { | |
static v8::Handle<v8::Value> IsInitFinished(const v8::Arguments& args); | |
static v8::Handle<v8::Value> VerifyError(const v8::Arguments& args); | |
static v8::Handle<v8::Value> GetCurrentCipher(const v8::Arguments& args); | |
+ static v8::Handle<v8::Value> GetCurrentVersion(const v8::Arguments& args); | |
static v8::Handle<v8::Value> Shutdown(const v8::Arguments& args); | |
static v8::Handle<v8::Value> Start(const v8::Arguments& args); | |
static v8::Handle<v8::Value> Close(const v8::Arguments& args); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment