From 57c9850b169e5f825570e8fbef127329b5f82a09 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Mon, 27 Apr 2020 13:40:30 -0700 Subject: [PATCH 1/2] src: crypto::UseSNIContext to use BaseObjectPtr Extracted from the QUIC PR. Not specific to QUIC. Signed-off-by: James M Snell --- src/node_crypto.cc | 2 +- src/node_crypto_common.cc | 3 ++- src/node_crypto_common.h | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 348d407f0eb13a..6ecfafeb74ec36 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2486,7 +2486,7 @@ void SSLWrap::CertCbDone(const FunctionCallbackInfo& args) { // Store the SNI context for later use. w->sni_context_ = BaseObjectPtr(sc); - if (UseSNIContext(w->ssl_, sc) && !w->SetCACerts(sc)) { + if (UseSNIContext(w->ssl_, w->sni_context_) && !w->SetCACerts(sc)) { // Not clear why sometimes we throw error, and sometimes we call // onerror(). Both cause .destroy(), but onerror does a bit more. unsigned long err = ERR_get_error(); // NOLINT(runtime/int) diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc index 197bc5cd5913a4..9358edb66b3cb9 100644 --- a/src/node_crypto_common.cc +++ b/src/node_crypto_common.cc @@ -1,3 +1,4 @@ +#include "base_object-inl.h" #include "env-inl.h" #include "node_buffer.h" #include "node_crypto.h" @@ -223,7 +224,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int) return err; } -int UseSNIContext(const SSLPointer& ssl, SecureContext* context) { +int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr context) { SSL_CTX* ctx = context->ctx_.get(); X509* x509 = SSL_CTX_get0_certificate(ctx); EVP_PKEY* pkey = SSL_CTX_get0_privatekey(ctx); diff --git a/src/node_crypto_common.h b/src/node_crypto_common.h index 8d40052bcca2f9..c373a97e4763a4 100644 --- a/src/node_crypto_common.h +++ b/src/node_crypto_common.h @@ -71,7 +71,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int) const SSLPointer& ssl, long def = X509_V_ERR_UNSPECIFIED); // NOLINT(runtime/int) -int UseSNIContext(const SSLPointer& ssl, SecureContext* context); +int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr context); const char* GetClientHelloALPN(const SSLPointer& ssl); From cb3ec20a9c5d391657e0a9a51d5cf13a4ff4e4a4 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Mon, 27 Apr 2020 13:43:50 -0700 Subject: [PATCH 2/2] src: return undefined when validation err == 0 Extracted from the QUIC PR. Not specific to QUIC even if the behavior is currently only used there. --- src/node_crypto_common.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc index 9358edb66b3cb9..3b35ee1ff7ba8a 100644 --- a/src/node_crypto_common.cc +++ b/src/node_crypto_common.cc @@ -34,6 +34,7 @@ using v8::NewStringType; using v8::Null; using v8::Object; using v8::String; +using v8::Undefined; using v8::Value; namespace crypto { @@ -330,11 +331,15 @@ const char* X509ErrorCode(long err) { // NOLINT(runtime/int) } MaybeLocal GetValidationErrorReason(Environment* env, int err) { + if (err == 0) + return Undefined(env->isolate()); const char* reason = X509_verify_cert_error_string(err); return OneByteString(env->isolate(), reason); } MaybeLocal GetValidationErrorCode(Environment* env, int err) { + if (err == 0) + return Undefined(env->isolate()); return OneByteString(env->isolate(), X509ErrorCode(err)); }