Skip to content

Commit

Permalink
tls: supported shared openssl 1.1.0
Browse files Browse the repository at this point in the history
PR-URL: #26951
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
  • Loading branch information
sam-github authored and BethGriggs committed Apr 15, 2019
1 parent fa6f0f1 commit 7aeca27
Show file tree
Hide file tree
Showing 8 changed files with 35 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lib/_tls_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ function toV(which, v, def) {
if (v === 'TLSv1') return TLS1_VERSION;
if (v === 'TLSv1.1') return TLS1_1_VERSION;
if (v === 'TLSv1.2') return TLS1_2_VERSION;
if (v === 'TLSv1.3') return TLS1_3_VERSION;
if (v === 'TLSv1.3' && TLS1_3_VERSION) return TLS1_3_VERSION;
throw new ERR_TLS_INVALID_PROTOCOL_VERSION(v, which);
}

Expand Down
2 changes: 2 additions & 0 deletions src/node_constants.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1245,7 +1245,9 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, TLS1_VERSION);
NODE_DEFINE_CONSTANT(target, TLS1_1_VERSION);
NODE_DEFINE_CONSTANT(target, TLS1_2_VERSION);
#ifdef TLS1_3_VERSION
NODE_DEFINE_CONSTANT(target, TLS1_3_VERSION);
#endif
#endif
NODE_DEFINE_CONSTANT(target, INT_MAX);
}
Expand Down
9 changes: 7 additions & 2 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,12 @@ void SecureContext::New(const FunctionCallbackInfo<Value>& args) {

// A maxVersion of 0 means "any", but OpenSSL may support TLS versions that
// Node.js doesn't, so pin the max to what we do support.
const int MAX_SUPPORTED_VERSION = TLS1_3_VERSION;
const int MAX_SUPPORTED_VERSION =
#ifdef TLS1_3_VERSION
TLS1_3_VERSION;
#else
TLS1_2_VERSION;
#endif

void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
SecureContext* sc;
Expand Down Expand Up @@ -947,7 +952,7 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {

void SecureContext::SetCipherSuites(const FunctionCallbackInfo<Value>& args) {
// BoringSSL doesn't allow API config of TLS1.3 cipher suites.
#ifndef OPENSSL_IS_BORINGSSL
#if defined(TLS1_3_VERSION) && !defined(OPENSSL_IS_BORINGSSL)
SecureContext* sc;
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
Environment* env = sc->env();
Expand Down
3 changes: 3 additions & 0 deletions test/parallel/test-tls-client-renegotiation-13.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
const common = require('../common');
const fixtures = require('../common/fixtures');

if (!require('constants').TLS1_3_VERSION)
common.skip(`openssl ${process.versions.openssl} does not support TLSv1.3`);

// Confirm that for TLSv1.3, renegotiate() is disallowed.

const {
Expand Down
3 changes: 3 additions & 0 deletions test/parallel/test-tls-getcipher.js
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
}));
}));

if (!require('constants').TLS1_3_VERSION)
return console.log('cannot test TLSv1.3 against 1.3-incapable shared lib');

tls.createServer({
key: fixtures.readKey('agent2-key.pem'),
cert: fixtures.readKey('agent2-cert.pem'),
Expand Down
12 changes: 12 additions & 0 deletions test/parallel/test-tls-min-max-version.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,25 @@ const {
} = require(fixtures.path('tls-connect'));
const DEFAULT_MIN_VERSION = tls.DEFAULT_MIN_VERSION;
const DEFAULT_MAX_VERSION = tls.DEFAULT_MAX_VERSION;
const tls13 = !!require('constants').TLS1_3_VERSION;

if (!tls13 && (
DEFAULT_MAX_VERSION === 'TLSv1.3' ||
DEFAULT_MIN_VERSION === 'TLSv1.3')) {
return common.skip('cannot test TLSv1.3 against 1.3-incapable shared lib');
}

function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
assert(proto || cerr || serr, 'test missing any expectations');
// Report where test was called from. Strip leading garbage from
// at Object.<anonymous> (file:line)
// from the stack location, we only want the file:line part.
const where = (new Error()).stack.split('\n')[2].replace(/[^(]*/, '');
if (Array.prototype.includes.call(arguments, 'TLSv1.3')) {
console.log('test: skip because TLSv1.3 is not supported');
console.log(' ', where);
return;
}
connect({
client: {
checkServerIdentity: (servername, cert) => { },
Expand Down
3 changes: 3 additions & 0 deletions test/parallel/test-tls-set-ciphers-error.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');

if (!require('constants').TLS1_3_VERSION)
return common.skip('openssl before TLS1.3 does not check for failure');

const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
Expand Down
4 changes: 4 additions & 0 deletions test/parallel/test-tls-set-ciphers.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ if (tls13)
tls.DEFAULT_MAX_VERSION = 'TLSv1.3';

function test(cciphers, sciphers, cipher, cerr, serr) {
if (!tls13 && (/TLS_/.test(cciphers) || /TLS_/.test(sciphers))) {
// Test relies on TLS1.3, skip it.
return;
}
assert(cipher || cerr || serr, 'test missing any expectations');
const where = (new Error()).stack.split('\n')[2].replace(/[^(]*/, '');
connect({
Expand Down

0 comments on commit 7aeca27

Please sign in to comment.