Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tls: fix negative sessionTimeout handling
For historical reasons, the second argument of SSL_CTX_set_timeout is a signed integer, and Node.js has so far passed arbitrary (signed) int32_t values. However, new versions of OpenSSL have changed the handling of negative values inside SSL_CTX_set_timeout, and we should shield users of Node.js from both the old and the new behavior. Hence, reject any negative values by throwing an error from within createSecureContext. Refs: openssl/openssl#19082 PR-URL: nodejs#53002 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tim Perry <pimterry@gmail.com>
- Loading branch information