1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

https: fix renegotation attack protection

Browse Source 
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js
This commit is contained in:
Ben Noordhuis 2012-10-08 01:22:44 +02:00
parent 7394e89ff6
commit 0ad005852c
5 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/api/http.markdown
View File

@ -127,10 +127,13 @@ sent to the server on that socket.
### Event: 'clientError' ### Event: 'clientError'
`function (exception) { }` `function (exception, socket) { }`
If a client connection emits an 'error' event - it will forwarded here. If a client connection emits an 'error' event - it will forwarded here.
`socket` is the `net.Socket` object that the error originated from.
### server.listen(port, [hostname], [backlog], [callback]) ### server.listen(port, [hostname], [backlog], [callback])
Begin accepting connections on the specified port and hostname. If the Begin accepting connections on the specified port and hostname. If the

4
doc/api/tls.markdown
View File

@ -367,11 +367,13 @@ SNI.
### Event: 'clientError' ### Event: 'clientError'
`function (exception) { }` `function (exception, securePair) { }`
When a client connection emits an 'error' event before secure connection is When a client connection emits an 'error' event before secure connection is
established - it will be forwarded here. established - it will be forwarded here.
`securePair` is the `tls.SecurePair` that the error originated from.
### Event: 'newSession' ### Event: 'newSession'

6
lib/http.js
View File

@ -1647,6 +1647,10 @@ function Server(requestListener) {
this.httpAllowHalfOpen = false; this.httpAllowHalfOpen = false;
this.addListener('connection', connectionListener); this.addListener('connection', connectionListener);
this.addListener('clientError', function(err, conn) {
conn.destroy(err);
});
} }
util.inherits(Server, net.Server); util.inherits(Server, net.Server);
@ -1705,7 +1709,7 @@ function connectionListener(socket) {
} }
socket.addListener('error', function(e) { socket.addListener('error', function(e) {
self.emit('clientError', e); self.emit('clientError', e, this);
}); });
socket.ondata = function(d, start, end) { socket.ondata = function(d, start, end) {

4
lib/https.js
View File

@ -39,6 +39,10 @@ function Server(opts, requestListener) {
if (requestListener) { if (requestListener) {
this.addListener('request', requestListener); this.addListener('request', requestListener);
} }
this.addListener('clientError', function(err, conn) {
conn.destroy(err);
});
} }
inherits(Server, tls.Server); inherits(Server, tls.Server);

2
lib/tls.js
View File

@ -1155,7 +1155,7 @@ function Server(/* [options], listener */) {
} }
}); });
pair.on('error', function(err) { pair.on('error', function(err) {
self.emit('clientError', err); self.emit('clientError', err, this);
}); });
}); });