Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Commit

Permalink
crypto: move disaling SSLv2/3 into JavaScript
Browse files Browse the repository at this point in the history
  • Loading branch information
@tjfontaine
tjfontaine committed Oct 17, 2014
1 parent 226c986 commit 6c8593d
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 12 deletions.
19 changes: 18 additions & 1 deletion lib/crypto.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ try {
var crypto = false;
}

var constants = process.binding('constants');

var stream = require('stream');
var util = require('util');

Expand All @@ -57,6 +59,8 @@ function toBuf(str, encoding) {
var assert = require('assert');
var StringDecoder = require('string_decoder').StringDecoder;

var CONTEXT_DEFAULT_OPTIONS = undefined;

function Credentials(secureProtocol, flags, context) {
if (!(this instanceof Credentials)) {
return new Credentials(secureProtocol, flags, context);
Expand All @@ -78,7 +82,20 @@ function Credentials(secureProtocol, flags, context) {
}
}

if (flags) this.context.setOptions(flags);
if (CONTEXT_DEFAULT_OPTIONS === undefined) {
CONTEXT_DEFAULT_OPTIONS = 0;

if (!binding.SSL3_ENABLE)
CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3;

if (!binding.SSL2_ENABLE)
CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2;
}

if (flags === undefined)
flags = CONTEXT_DEFAULT_OPTIONS;

this.context.setOptions(flags);
}

exports.Credentials = Credentials;
Expand Down
15 changes: 4 additions & 11 deletions src/node_crypto.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,16 +335,6 @@ Handle<Value> SecureContext::Init(const Arguments& args) {
SSL_CTX_sess_set_get_cb(sc->ctx_, GetSessionCallback);
SSL_CTX_sess_set_new_cb(sc->ctx_, NewSessionCallback);

int options = 0;

if (!SSL2_ENABLE)
options |= SSL_OP_NO_SSLv2;

if (!SSL3_ENABLE)
options |= SSL_OP_NO_SSLv3;

SSL_CTX_set_options(sc->ctx_, options);

sc->ca_store_ = NULL;
return True();
}
Expand Down Expand Up @@ -705,7 +695,7 @@ Handle<Value> SecureContext::SetOptions(const Arguments& args) {

SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder());

if (args.Length() != 1 || !args[0]->IntegerValue()) {
if (args.Length() != 1 && !args[0]->IsUint32()) {
return ThrowException(Exception::TypeError(String::New("Bad parameter")));
}

Expand Down Expand Up @@ -4295,6 +4285,9 @@ void InitCrypto(Handle<Object> target) {
name_symbol = NODE_PSYMBOL("name");
version_symbol = NODE_PSYMBOL("version");
ext_key_usage_symbol = NODE_PSYMBOL("ext_key_usage");

NODE_DEFINE_CONSTANT(target, SSL3_ENABLE);
NODE_DEFINE_CONSTANT(target, SSL2_ENABLE);
}

} // namespace crypto
Expand Down

0 comments on commit 6c8593d

Please sign in to comment.