Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Commit

Permalink
tls: requestCert unusable with Firefox and Chrome
Browse files Browse the repository at this point in the history
Fixes #1516.
  • Loading branch information
koichik committed Oct 14, 2011
1 parent a09b747 commit 19a8553
Show file tree
Hide file tree
Showing 6 changed files with 129 additions and 1 deletion.
3 changes: 3 additions & 0 deletions doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,9 @@ has these possibilities:
SecureContext). If `SNICallback` wasn't provided - default callback with
high-level API will be used (see below).

- `sessionIdContext`: A string containing a opaque identifier for session
resumption. If `requestCert` is `true`, the default is MD5 hash value
generated from command-line. Otherwise, the default is not provided.

#### Event: 'secureConnection'

Expand Down
4 changes: 4 additions & 0 deletions lib/crypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ exports.createCredentials = function(options, context) {
}
}

if (options.sessionIdContext) {
c.context.setSessionIdContext(options.sessionIdContext);
}

return c;
};

Expand Down
10 changes: 9 additions & 1 deletion lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,8 @@ function Server(/* [options], listener */) {
ciphers: self.ciphers,
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
crl: self.crl
crl: self.crl,
sessionIdContext: self.sessionIdContext
});

sharedCreds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
Expand Down Expand Up @@ -892,6 +893,13 @@ Server.prototype.setOptions = function(options) {
} else {
this.SNICallback = this.SNICallback.bind(this);
}
if (options.sessionIdContext) {
this.sessionIdContext = options.sessionIdContext;
} else if (this.requestCert) {
this.sessionIdContext = crypto.createHash('md5')
.update(process.argv.join(' '))
.digest('hex');
}
};

// SNI Contexts High-Level API
Expand Down
34 changes: 34 additions & 0 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ void SecureContext::Initialize(Handle<Object> target) {
NODE_SET_PROTOTYPE_METHOD(t, "addRootCerts", SecureContext::AddRootCerts);
NODE_SET_PROTOTYPE_METHOD(t, "setCiphers", SecureContext::SetCiphers);
NODE_SET_PROTOTYPE_METHOD(t, "setOptions", SecureContext::SetOptions);
NODE_SET_PROTOTYPE_METHOD(t, "setSessionIdContext",
SecureContext::SetSessionIdContext);
NODE_SET_PROTOTYPE_METHOD(t, "close", SecureContext::Close);

target->Set(String::NewSymbol("SecureContext"), t->GetFunction());
Expand Down Expand Up @@ -474,6 +476,38 @@ Handle<Value> SecureContext::SetOptions(const Arguments& args) {
return True();
}

Handle<Value> SecureContext::SetSessionIdContext(const Arguments& args) {
HandleScope scope;

SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder());

if (args.Length() != 1 || !args[0]->IsString()) {
return ThrowException(Exception::TypeError(String::New("Bad parameter")));
}

String::Utf8Value sessionIdContext(args[0]->ToString());
const unsigned char* sid_ctx = (const unsigned char*) *sessionIdContext;
unsigned int sid_ctx_len = sessionIdContext.length();

int r = SSL_CTX_set_session_id_context(sc->ctx_, sid_ctx, sid_ctx_len);
if (r != 1) {
Local<String> message;
BIO* bio;
BUF_MEM* mem;
if ((bio = BIO_new(BIO_s_mem()))) {
ERR_print_errors(bio);
BIO_get_mem_ptr(bio, &mem);
message = String::New(mem->data, mem->length);
BIO_free(bio);
} else {
message = String::New("SSL_CTX_set_session_id_context error");
}
return ThrowException(Exception::TypeError(message));
}

return True();
}

Handle<Value> SecureContext::Close(const Arguments& args) {
HandleScope scope;
SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder());
Expand Down
1 change: 1 addition & 0 deletions src/node_crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ class SecureContext : ObjectWrap {
static v8::Handle<v8::Value> AddRootCerts(const v8::Arguments& args);
static v8::Handle<v8::Value> SetCiphers(const v8::Arguments& args);
static v8::Handle<v8::Value> SetOptions(const v8::Arguments& args);
static v8::Handle<v8::Value> SetSessionIdContext(const v8::Arguments& args);
static v8::Handle<v8::Value> Close(const v8::Arguments& args);

SecureContext() : ObjectWrap() {
Expand Down
78 changes: 78 additions & 0 deletions test/simple/test-tls-session-cache.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

if (!process.versions.openssl) {
console.error("Skipping because node compiled without OpenSSL.");
process.exit(0);
}
require('child_process').exec('openssl version', function(err) {
if (err !== null) {
console.error("Skipping because openssl command is not available.");
process.exit(0);
}
doTest();
});

function doTest() {
var common = require('../common');
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');
var join = require('path').join;
var spawn = require('child_process').spawn;

var keyFile = join(common.fixturesDir, 'agent.key');
var certFile = join(common.fixturesDir, 'agent.crt');
var key = fs.readFileSync(keyFile);
var cert = fs.readFileSync(certFile);
var options = {
key: key,
cert: cert,
ca: [ cert ],
requestCert: true
};
var requestCount = 0;

var server = tls.createServer(options, function(cleartext) {
++requestCount;
cleartext.end();
});
server.listen(common.PORT, function() {
var client = spawn('openssl', [
's_client',
'-connect', 'localhost:' + common.PORT,
'-key', join(common.fixturesDir, 'agent.key'),
'-cert', join(common.fixturesDir, 'agent.crt'),
'-reconnect'
], {
customFds: [0, 1, 2]
});
client.on('exit', function(code) {
assert.equal(code, 0);
server.close();
});
});

process.on('exit', function() {
// initial request + reconnect requests (5 times)
assert.equal(requestCount, 6);
});
}

0 comments on commit 19a8553

Please sign in to comment.