Skip to content

Commit 000a2ea

Browse files
wltsmrzwltsmrz
committed
Abort server connection on unrecoverable TLS error
1 parent 6be84bf commit 000a2ea

File tree

1 file changed

+31
-4
lines changed

1 file changed

+31
-4
lines changed

src/js/ripple/server.js

+31-4
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ function Server(remote, opts) {
3434
throw new TypeError('Server configuration is not an Object');
3535
}
3636

37-
if (!Server.domainRE.test(opts.host)) {
37+
if (!Server.DOMAIN_RE.test(opts.host)) {
3838
throw new Error('Server host is malformed, use "host" and "port" server configuration');
3939
}
4040

@@ -128,7 +128,22 @@ function Server(remote, opts) {
128128

129129
util.inherits(Server, EventEmitter);
130130

131-
Server.domainRE = /^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|[-_]){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|[-_]){0,61}[0-9A-Za-z])?)*\.?$/;
131+
Server.DOMAIN_RE = /^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|[-_]){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|[-_]){0,61}[0-9A-Za-z])?)*\.?$/;
132+
133+
Server.TLS_ERRORS = [
134+
'UNABLE_TO_GET_ISSUER_CERT', 'UNABLE_TO_GET_CRL',
135+
'UNABLE_TO_DECRYPT_CERT_SIGNATURE', 'UNABLE_TO_DECRYPT_CRL_SIGNATURE',
136+
'UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY', 'CERT_SIGNATURE_FAILURE',
137+
'CRL_SIGNATURE_FAILURE', 'CERT_NOT_YET_VALID', 'CERT_HAS_EXPIRED',
138+
'CRL_NOT_YET_VALID', 'CRL_HAS_EXPIRED', 'ERROR_IN_CERT_NOT_BEFORE_FIELD',
139+
'ERROR_IN_CERT_NOT_AFTER_FIELD', 'ERROR_IN_CRL_LAST_UPDATE_FIELD',
140+
'ERROR_IN_CRL_NEXT_UPDATE_FIELD', 'OUT_OF_MEM',
141+
'DEPTH_ZERO_SELF_SIGNED_CERT', 'SELF_SIGNED_CERT_IN_CHAIN',
142+
'UNABLE_TO_GET_ISSUER_CERT_LOCALLY', 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
143+
'CERT_CHAIN_TOO_LONG', 'CERT_REVOKED', 'INVALID_CA',
144+
'PATH_LENGTH_EXCEEDED', 'INVALID_PURPOSE', 'CERT_UNTRUSTED',
145+
'CERT_REJECTED'
146+
];
132147

133148
/**
134149
* Server states that we will treat as the server being online.
@@ -434,6 +449,11 @@ Server.prototype.connect = function() {
434449
log.info(self.getServerID(), 'onerror:', e.data || e);
435450
}
436451

452+
if (Server.TLS_ERRORS.indexOf(e.message) !== -1) {
453+
// Unrecoverable
454+
throw e;
455+
}
456+
437457
// Most connection errors for WebSockets are conveyed as 'close' events with
438458
// code 1006. This is done for security purposes and therefore unlikely to
439459
// ever change.
@@ -636,14 +656,21 @@ Server.prototype._handlePathFind = function(message) {
636656
};
637657

638658
/**
639-
* Handle subscription response messages. Subscription response
640-
* messages indicate that a connection to the server is ready
659+
* Handle initial subscription response message. The server is considered
660+
* `connected` after it has received a response to initial subscription to
661+
* ledger and server streams
641662
*
642663
* @param {Object} message
643664
* @api private
644665
*/
645666

646667
Server.prototype._handleResponseSubscribe = function(message) {
668+
if (this.isConnected()) {
669+
// This function only concerns initializing the server's internal
670+
// state after a connection
671+
return;
672+
}
673+
647674
if (!this._remote._allow_partial_history
648675
&& !Server.hasFullLedgerHistory(message)) {
649676
// Server has partial history and Remote has been configured to disallow

0 commit comments

Comments
 (0)