crypto: disable ssl compression at build time #6582
Merged
Commits on May 4, 2016
-
crypto: disable ssl compression at build time
SSL compression was first disabled at runtime in March 2011 in commit e83c695 ("Disable compression with OpenSSL.") for performance reasons and was later shown to be vulnerable to information leakage (CRIME.) Let's stop compiling it in altogether. This commit removes a broken CHECK from src/node_crypto.cc; broken because sk_SSL_COMP_num() returns -1 for a NULL stack, not 0. As a result, node.js would abort when linked to an OPENSSL_NO_COMP build of openssl. PR-URL: nodejs#6582 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
-
src: remove pre-openssl 1.0 legacy code
SSL_CIPHER and SSL_METHOD are always const with the version of openssl that we support, no need to check OPENSSL_VERSION_NUMBER first. PR-URL: nodejs#6582 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
-
src: remove unused #include statement
strcasecmp() is not used in src/node_http_parser.cc so there is no need to include its header file. PR-URL: nodejs#6582 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
-
src: don't use locale-sensitive strcasecmp()
strcasecmp() is affected by the current locale as configured through e.g. the LC_ALL environment variable and the setlocale() libc function. It can result in unpredictable results across systems so replace it with a function that isn't susceptible to that. PR-URL: nodejs#6582 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
-
deps: update comment about PURIFY define
PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes() from using the existing contents of the destination buffer as a source of entropy, which according to some papers, is a possible attack vector for reducing the overall entropy. PR-URL: nodejs#6582 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.