-
Notifications
You must be signed in to change notification settings - Fork 29.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When TLS Session Ticket is renewed by server - no Certificate record is to the client. We are prepared for empty certificate in this case, but this relies on the session reuse check, which was implemented incorrectly and was returning false when the TLS Session Ticket was renewed. Use session reuse check provided by OpenSSL instead. Fix: #2304 PR-URL: #2312 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
- Loading branch information
1 parent
51b6bdc
commit 581850b
Showing
2 changed files
with
57 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
'use strict'; | ||
var common = require('../common'); | ||
var fs = require('fs'); | ||
var https = require('https'); | ||
var crypto = require('crypto'); | ||
|
||
var options = { | ||
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), | ||
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'), | ||
ca: fs.readFileSync(common.fixturesDir + '/keys/ca1-cert.pem') | ||
}; | ||
|
||
var server = https.createServer(options, function(req, res) { | ||
res.end('hello'); | ||
}); | ||
|
||
var aes = new Buffer(16); | ||
aes.fill('S'); | ||
var hmac = new Buffer(16); | ||
hmac.fill('H'); | ||
|
||
server._sharedCreds.context.enableTicketKeyCallback(); | ||
server._sharedCreds.context.onticketkeycallback = function(name, iv, enc) { | ||
if (enc) { | ||
var newName = new Buffer(16); | ||
var newIV = crypto.randomBytes(16); | ||
newName.fill('A'); | ||
} else { | ||
// Renew | ||
return [ 2, hmac, aes ]; | ||
} | ||
|
||
return [ 1, hmac, aes, newName, newIV ]; | ||
}; | ||
|
||
server.listen(common.PORT, function() { | ||
var addr = this.address(); | ||
|
||
function doReq(callback) { | ||
https.request({ | ||
method: 'GET', | ||
port: addr.port, | ||
servername: 'agent1', | ||
ca: options.ca | ||
}, function(res) { | ||
res.resume(); | ||
res.once('end', callback); | ||
}).end(); | ||
} | ||
|
||
doReq(function() { | ||
doReq(function() { | ||
server.close(); | ||
}); | ||
}); | ||
}); |