Skip to content

v9.8.0 proposal #19181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MylesBorins merged 73 commits into from
Mar 8, 2018
Merged

v9.8.0 proposal #19181

Changes from 1 commit
Commits
Show all changes
73 commits
Select commit Hold shift + click to select a range
c943cd0
test: fix repl-tab-complete --without-ssl
danbev Dec 26, 2017
9510540
doc: lowercase primitives in test/common/README.md
vsemozhetbyt Feb 19, 2018
e74e422
crypto: add cert.fingerprint256 as SHA256 fingerprint
bjori Dec 14, 2017
ef8f90f
http2: fix condition where data is lost
mcollina Feb 19, 2018
28a5362
build: fix lint-md-build dependency
joyeecheung Feb 24, 2018
71d09ec
doc: make the background section concise and improve its formality
Feb 22, 2018
4d5cd5c
src: fix error message in async_hooks constructor
danbev Feb 26, 2018
44d80c5
build: fix coverage after gcovr update
killagu Feb 23, 2018
59547cc
loader: fix --inspect-brk
devsnek Feb 23, 2018
ae4d83f
http: prevent aborted event when already completed
billywhizz Feb 17, 2018
0789eec
http: prevent aborted event when already completed
billywhizz Feb 17, 2018
eca333a
test: refactor test after review
billywhizz Feb 27, 2018
fd27165
test: specify 'dir' for directory symlinks
kfarnung Feb 27, 2018
68c1337
doc: add RegExp Unicode Property Escapes to intl
vsemozhetbyt Feb 28, 2018
12856b0
lib: change hook -> hooks in code comment
danbev Feb 28, 2018
4471369
http2: send error text in case of ALPN mismatch
addaleax Feb 25, 2018
a455006
test: allow running with `NODE_PENDING_DEPRECATION`
addaleax Feb 25, 2018
aa0fca9
http2: use original error for cancelling pending streams
addaleax Feb 25, 2018
8bc930c
http2: fix endless loop when writing empty string
addaleax Feb 22, 2018
8d595bb
test: check endless loop while writing empty string
XadillaX Feb 11, 2018
08b83ee
src: refactor setting JS properties on WriteWrap
addaleax Feb 23, 2018
1b32fc3
n-api: fix object test
Feb 27, 2018
459f209
doc: Readable unpipe on Writable error event
GeorgeSapkin Feb 8, 2018
77154cd
doc: update list of re-exported symbols
richardlau Feb 26, 2018
cc90bbd
test: fix flaky inspector-stop-profile-after-done
Trott Mar 2, 2018
551d975
http2: fix flaky test-http2-https-fallback
mcollina Mar 2, 2018
bfa894c
doc: add MoonBall to collaborators
MoonBall Mar 3, 2018
a4462b7
doc: fix n-api asynchronous threading docs
ebickle Mar 1, 2018
6d17383
buffer: fix typo in lib/buffer.js
ryzokuken Mar 4, 2018
23107ba
test: remove assert message and add block scope
wuweiweiwu Feb 28, 2018
d883376
test: refactor test-async-wrap-getasyncid
santigimeno Feb 12, 2018
cab6c8e
doc: add URL.format() example
zeke Feb 20, 2018
f864509
test,benchmark: use new Buffer API where appropriate
ChALkeR Feb 24, 2018
a938e52
build: disable openssl build warnings on macos
bnoordhuis Feb 27, 2018
db8d197
lib,test: remove yoda statements
BridgeAR Mar 2, 2018
5b8c97f
events: show throw stack trace for uncaught exception
addaleax Feb 26, 2018
5c4f703
n-api: update reference test
Mar 2, 2018
96f0bec
repl: make last error available as `_error`
addaleax Feb 21, 2018
e584113
lib: re-fix v8_prof_processor
addaleax Feb 28, 2018
479b622
tls,http2: handle writes after SSL destroy more gracefully
addaleax Feb 25, 2018
4ecf5bb
doc: fix a typo in util.isDeepStrictEqual
Feb 14, 2018
e42600f
doc: add missing `Returns` in fs & util
Feb 14, 2018
3d4cda3
trace_events: add file pattern cli option
AndreasMadsen Jan 31, 2018
6ae2caf
buffer: coerce offset to integer
BridgeAR Jan 17, 2018
5bbf009
test: check symbols in shared lib
yhwang Feb 15, 2018
89edbae
src: clean up process.dlopen()
bnoordhuis Feb 22, 2018
4fae6e3
src: make process.dlopen() load well-known symbol
bnoordhuis Feb 22, 2018
4b34b2e
build: fix gocvr version used for coverage
mhdawson Mar 2, 2018
95f6467
module: fix cyclical dynamic import
bmeck Feb 23, 2018
0e4f426
doc: add simple example to rename function
punteek Feb 16, 2018
ae2dabb
doc: new team for bundlers or delivery of Node.js
mhdawson Mar 2, 2018
056001d
deps: cherry-pick 0bcb1d6f from upstream V8
jakobkummerow Dec 5, 2017
9d2de16
doc: add introduced_in metadata to _toc.md
Trott Mar 4, 2018
f03079f
doc: update cc list
BridgeAR Mar 2, 2018
d3a70e9
doc: remove tentativeness in pull-requests.md
Trott Mar 4, 2018
6852461
doc: remove subsystem from pull request template
Trott Mar 4, 2018
f10470c
src: refactor GetPeerCertificate
danbev Mar 2, 2018
2f17c52
src: use std::unique_ptr for STACK_OF(X509)
bnoordhuis Mar 2, 2018
ee653ec
test: move require http2 to after crypto check
danbev Mar 3, 2018
cc52dae
src: #include <stdio.h>" to iculslocs
srl295 Mar 5, 2018
28880cf
perf_hooks: fix timing
TimothyGu Feb 25, 2018
6787913
test: add more information to assert.strictEqual
ryzokuken Mar 6, 2018
08bcdde
src: handle exceptions in env->SetImmediates
jasnell Jan 26, 2018
67a9742
src: prevent persistent handle resource leaks
bnoordhuis Feb 21, 2018
f89f659
src: remove unnecessary Reset() calls
bnoordhuis Feb 21, 2018
420d56c
src: don't touch js object in Http2Session dtor
bnoordhuis Feb 21, 2018
50d1233
http2: no stream destroy while its data is on the wire
addaleax Feb 26, 2018
f3e3429
module: support main w/o extension, pjson cache
guybedford Feb 12, 2018
39e032f
module: fix main lookup regression from #18728
guybedford Feb 14, 2018
3e8e152
util: use blue on non-windows systems for number
devsnek Feb 22, 2018
1fadb2e
doc: fix/add link to Android info
vsemozhetbyt Feb 26, 2018
ef4714c
net: inline and simplify onSocketEnd
addaleax Feb 6, 2018
27ba6e2
2018-03-07, Version 9.8.0 (Current)
MylesBorins Mar 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
src: refactor GetPeerCertificate 
PR-URL: #19087
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
  • Loading branch information
@danbev @MylesBorins
danbev authored and MylesBorins committed Mar 7, 2018
commit f10470ce2d4666f0663d221a83cb4dc959018fa2
172 changes: 100 additions & 72 deletions src/node_crypto.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2002,7 +2002,89 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
}


// TODO(indutny): Split it into multiple smaller functions
static Local<Object> AddIssuerChainToObject(X509** cert,
Local<Object> object,
STACK_OF(X509)* const peer_certs,
Environment* const env) {
Local<Context> context = env->isolate()->GetCurrentContext();
*cert = sk_X509_delete(peer_certs, 0);
for (;;) {
int i;
for (i = 0; i < sk_X509_num(peer_certs); i++) {
X509* ca = sk_X509_value(peer_certs, i);
if (X509_check_issued(ca, *cert) != X509_V_OK)
continue;

Local<Object> ca_info = X509ToObject(env, ca);
object->Set(context, env->issuercert_string(), ca_info).FromJust();
object = ca_info;

// NOTE: Intentionally freeing cert that is not used anymore.
X509_free(*cert);

// Delete cert and continue aggregating issuers.
*cert = sk_X509_delete(peer_certs, i);
break;
}

// Issuer not found, break out of the loop.
if (i == sk_X509_num(peer_certs))
break;
}
sk_X509_pop_free(peer_certs, X509_free);
return object;
}


static bool CloneSSLCerts(X509** cert,
const STACK_OF(X509)* const ssl_certs,
STACK_OF(X509)** peer_certs) {
*peer_certs = sk_X509_new(nullptr);
bool result = true;
if (*cert != nullptr)
sk_X509_push(*peer_certs, *cert);
for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
*cert = X509_dup(sk_X509_value(ssl_certs, i));
if (*cert == nullptr) {
result = false;
break;
}
if (!sk_X509_push(*peer_certs, *cert)) {
result = false;
break;
}
}
if (!result) {
sk_X509_pop_free(*peer_certs, X509_free);
}
return result;
}


static Local<Object> GetLastIssuedCert(X509** cert,
const SSL* const ssl,
Local<Object> issuer_chain,
Environment* const env) {
Local<Context> context = env->isolate()->GetCurrentContext();
while (X509_check_issued(*cert, *cert) != X509_V_OK) {
X509* ca;
if (SSL_CTX_get_issuer(SSL_get_SSL_CTX(ssl), *cert, &ca) <= 0)
break;

Local<Object> ca_info = X509ToObject(env, ca);
issuer_chain->Set(context, env->issuercert_string(), ca_info).FromJust();
issuer_chain = ca_info;

// NOTE: Intentionally freeing cert that is not used anymore.
X509_free(*cert);

// Delete cert and continue aggregating issuers.
*cert = ca;
}
return issuer_chain;
}


template <class Base>
void SSLWrap<Base>::GetPeerCertificate(
const FunctionCallbackInfo<Value>& args) {
Expand All @@ -2014,97 +2096,43 @@ void SSLWrap<Base>::GetPeerCertificate(
ClearErrorOnReturn clear_error_on_return;

Local<Object> result;
Local<Object> info;
// Used to build the issuer certificate chain.
Local<Object> issuer_chain;

// NOTE: This is because of the odd OpenSSL behavior. On client `cert_chain`
// contains the `peer_certificate`, but on server it doesn't
// contains the `peer_certificate`, but on server it doesn't.
X509* cert = w->is_server() ? SSL_get_peer_certificate(w->ssl_) : nullptr;
STACK_OF(X509)* ssl_certs = SSL_get_peer_cert_chain(w->ssl_);
STACK_OF(X509)* peer_certs = nullptr;
if (cert == nullptr && ssl_certs == nullptr)
if (cert == nullptr && (ssl_certs == nullptr || sk_X509_num(ssl_certs) == 0))
goto done;

if (cert == nullptr && sk_X509_num(ssl_certs) == 0)
goto done;

// Short result requested
// Short result requested.
if (args.Length() < 1 || !args[0]->IsTrue()) {
result = X509ToObject(env,
cert == nullptr ? sk_X509_value(ssl_certs, 0) : cert);
goto done;
}

// Clone `ssl_certs`, because we are going to destruct it
peer_certs = sk_X509_new(nullptr);
if (cert != nullptr)
sk_X509_push(peer_certs, cert);
for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
cert = X509_dup(sk_X509_value(ssl_certs, i));
if (cert == nullptr)
goto done;
if (!sk_X509_push(peer_certs, cert))
goto done;
}

// First and main certificate
cert = sk_X509_value(peer_certs, 0);
result = X509ToObject(env, cert);
info = result;

// Put issuer inside the object
cert = sk_X509_delete(peer_certs, 0);
while (sk_X509_num(peer_certs) > 0) {
int i;
for (i = 0; i < sk_X509_num(peer_certs); i++) {
X509* ca = sk_X509_value(peer_certs, i);
if (X509_check_issued(ca, cert) != X509_V_OK)
continue;

Local<Object> ca_info = X509ToObject(env, ca);
info->Set(context, env->issuercert_string(), ca_info).FromJust();
info = ca_info;

// NOTE: Intentionally freeing cert that is not used anymore
X509_free(cert);

// Delete cert and continue aggregating issuers
cert = sk_X509_delete(peer_certs, i);
break;
}

// Issuer not found, break out of the loop
if (i == sk_X509_num(peer_certs))
break;
}

// Last certificate should be self-signed
while (X509_check_issued(cert, cert) != X509_V_OK) {
X509* ca;
if (SSL_CTX_get_issuer(SSL_get_SSL_CTX(w->ssl_), cert, &ca) <= 0)
break;

Local<Object> ca_info = X509ToObject(env, ca);
info->Set(context, env->issuercert_string(), ca_info).FromJust();
info = ca_info;
if (CloneSSLCerts(&cert, ssl_certs, &peer_certs)) {
// First and main certificate.
cert = sk_X509_value(peer_certs, 0);
result = X509ToObject(env, cert);

// NOTE: Intentionally freeing cert that is not used anymore
X509_free(cert);
issuer_chain = AddIssuerChainToObject(&cert, result, peer_certs, env);
issuer_chain = GetLastIssuedCert(&cert, w->ssl_, issuer_chain, env);
// Last certificate should be self-signed.
if (X509_check_issued(cert, cert) == X509_V_OK)
issuer_chain->Set(env->context(),
env->issuercert_string(),
issuer_chain).FromJust();

// Delete cert and continue aggregating issuers
cert = ca;
CHECK_NE(cert, nullptr);
}

// Self-issued certificate
if (X509_check_issued(cert, cert) == X509_V_OK)
info->Set(context, env->issuercert_string(), info).FromJust();

CHECK_NE(cert, nullptr);

done:
if (cert != nullptr)
X509_free(cert);
if (peer_certs != nullptr)
sk_X509_pop_free(peer_certs, X509_free);
if (result.IsEmpty())
result = Object::New(env->isolate());
args.GetReturnValue().Set(result);
Expand Down