tls: fix empty issuer/subject/infoAccess parsing

Also issuerCertificate but that did not fit on the status line. Fixes: https://github.com/nodejs/node/issues/11771 PR-URL: https://github.com/nodejs/node/pull/14473 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Refael Ackermann <refack@gmail.com>
2017-07-24 14:36:36 +02:00 · 2017-07-24 14:36:36 +02:00 · 06a684aab4
commit 06a684aab4
parent 1b7372f2fb
2 changed files with 59 additions and 4 deletions
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@ -169,12 +169,12 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
  if (!c)
    return null;

-  if (c.issuer) c.issuer = tls.parseCertString(c.issuer);
-  if (c.issuerCertificate && c.issuerCertificate !== c) {
+  if (c.issuer != null) c.issuer = tls.parseCertString(c.issuer);
+  if (c.issuerCertificate != null && c.issuerCertificate !== c) {
    c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);
  }
-  if (c.subject) c.subject = tls.parseCertString(c.subject);
-  if (c.infoAccess) {
+  if (c.subject != null) c.subject = tls.parseCertString(c.subject);
+  if (c.infoAccess != null) {
    var info = c.infoAccess;
    c.infoAccess = {};

--- a/test/parallel/test-tls-translate-peer-certificate.js
+++ b/test/parallel/test-tls-translate-peer-certificate.js
@ -0,0 +1,55 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const { strictEqual, deepStrictEqual } = require('assert');
+const { translatePeerCertificate } = require('_tls_common');
+
+const certString = 'A=1\nB=2\nC=3';
+const certObject = { A: '1', B: '2', C: '3' };
+
+strictEqual(translatePeerCertificate(null), null);
+strictEqual(translatePeerCertificate(undefined), null);
+
+strictEqual(translatePeerCertificate(0), null);
+strictEqual(translatePeerCertificate(1), 1);
+
+deepStrictEqual(translatePeerCertificate({}), {});
+
+deepStrictEqual(translatePeerCertificate({ issuer: '' }),
+                { issuer: {} });
+deepStrictEqual(translatePeerCertificate({ issuer: null }),
+                { issuer: null });
+deepStrictEqual(translatePeerCertificate({ issuer: certString }),
+                { issuer: certObject });
+
+deepStrictEqual(translatePeerCertificate({ subject: '' }),
+                { subject: {} });
+deepStrictEqual(translatePeerCertificate({ subject: null }),
+                { subject: null });
+deepStrictEqual(translatePeerCertificate({ subject: certString }),
+                { subject: certObject });
+
+deepStrictEqual(translatePeerCertificate({ issuerCertificate: '' }),
+                { issuerCertificate: null });
+deepStrictEqual(translatePeerCertificate({ issuerCertificate: null }),
+                { issuerCertificate: null });
+deepStrictEqual(
+    translatePeerCertificate({ issuerCertificate: { subject: certString } }),
+    { issuerCertificate: { subject: certObject } });
+
+{
+  const cert = {};
+  cert.issuerCertificate = cert;
+  deepStrictEqual(translatePeerCertificate(cert), { issuerCertificate: cert });
+}
+
+deepStrictEqual(translatePeerCertificate({ infoAccess: '' }),
+                { infoAccess: {} });
+deepStrictEqual(translatePeerCertificate({ infoAccess: null }),
+                { infoAccess: null });
+deepStrictEqual(
+    translatePeerCertificate({ infoAccess: 'OCSP - URI:file:///etc/passwd' }),
+    { infoAccess: { 'OCSP - URI': ['file:///etc/passwd'] } });