1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: re-allow falsey option values

Browse Source 
5723c4c5f06f138 was an unintentional breaking change in that it changed
the behaviour of `tls.createSecureContext()` to throw on false-y input
rather than ignoring it. This breaks real-world applications like `npm`.

This restores the previous behaviour.

PR-URL: https://github.com/nodejs/node/pull/15131
Ref: https://github.com/nodejs/node/pull/15053
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: MichaëZasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
This commit is contained in:
Anna Henningsen 2017-09-01 16:14:56 +02:00 committed by Michael Dawson
parent dc7f03c897
commit 1403d28e7d
2 changed files with 44 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/_tls_common.js
View File

@ -80,7 +80,7 @@ exports.createSecureContext = function createSecureContext(options, context) {
// NOTE: It's important to add CA before the cert to be able to load // NOTE: It's important to add CA before the cert to be able to load
// cert's issuer in C++ code. // cert's issuer in C++ code.
var ca = options.ca; var ca = options.ca;
if (ca !== undefined) { if (ca) {
if (Array.isArray(ca)) { if (Array.isArray(ca)) {
for (i = 0; i < ca.length; ++i) { for (i = 0; i < ca.length; ++i) {
val = ca[i]; val = ca[i];
@ -96,7 +96,7 @@ exports.createSecureContext = function createSecureContext(options, context) {
} }
var cert = options.cert; var cert = options.cert;
if (cert !== undefined) { if (cert) {
if (Array.isArray(cert)) { if (Array.isArray(cert)) {
for (i = 0; i < cert.length; ++i) { for (i = 0; i < cert.length; ++i) {
val = cert[i]; val = cert[i];
@ -115,7 +115,7 @@ exports.createSecureContext = function createSecureContext(options, context) {
// which leads to the crash later on. // which leads to the crash later on.
var key = options.key; var key = options.key;
var passphrase = options.passphrase; var passphrase = options.passphrase;
if (key !== undefined) { if (key) {
if (Array.isArray(key)) { if (Array.isArray(key)) {
for (i = 0; i < key.length; ++i) { for (i = 0; i < key.length; ++i) {
val = key[i]; val = key[i];

64
test/parallel/test-tls-options-boolean-check.js
View File

@ -64,12 +64,9 @@ const invalidCertRE = /^The "cert" argument must be one of type string, Buffer,
[false, [certStr, certStr2]], [false, [certStr, certStr2]],
[[{ pem: keyBuff }], false], [[{ pem: keyBuff }], false],
[[{ pem: keyBuff }, { pem: keyBuff }], false] [[{ pem: keyBuff }, { pem: keyBuff }], false]
].map((params) => { ].map(([key, cert]) => {
assert.doesNotThrow(() => { assert.doesNotThrow(() => {
tls.createServer({ tls.createServer({ key, cert });
key: params[0],
cert: params[1]
});
}); });
}); });
@ -100,16 +97,13 @@ const invalidCertRE = /^The "cert" argument must be one of type string, Buffer,
[[keyStr, keyStr2], [true, false], invalidCertRE], [[keyStr, keyStr2], [true, false], invalidCertRE],
[[keyStr, keyStr2], true, invalidCertRE], [[keyStr, keyStr2], true, invalidCertRE],
[true, [certBuff, certBuff2], invalidKeyRE] [true, [certBuff, certBuff2], invalidKeyRE]
].map((params) => { ].map(([key, cert, message]) => {
assert.throws(() => { assert.throws(() => {
tls.createServer({ tls.createServer({ key, cert });
key: params[0],
cert: params[1]
});
}, common.expectsError({ }, common.expectsError({
code: 'ERR_INVALID_ARG_TYPE', code: 'ERR_INVALID_ARG_TYPE',
type: TypeError, type: TypeError,
message: params[2] message
})); }));
}); });
@ -123,13 +117,9 @@ const invalidCertRE = /^The "cert" argument must be one of type string, Buffer,
[keyBuff, certBuff, caArrBuff], [keyBuff, certBuff, caArrBuff],
[keyBuff, certBuff, caArrDataView], [keyBuff, certBuff, caArrDataView],
[keyBuff, certBuff, false], [keyBuff, certBuff, false],
].map((params) => { ].map(([key, cert, ca]) => {
assert.doesNotThrow(() => { assert.doesNotThrow(() => {
tls.createServer({ tls.createServer({ key, cert, ca });
key: params[0],
cert: params[1],
ca: params[2]
});
}); });
}); });
@ -141,16 +131,44 @@ const invalidCertRE = /^The "cert" argument must be one of type string, Buffer,
[keyBuff, certBuff, 1], [keyBuff, certBuff, 1],
[keyBuff, certBuff, true], [keyBuff, certBuff, true],
[keyBuff, certBuff, [caCert, true]] [keyBuff, certBuff, [caCert, true]]
].map((params) => { ].map(([key, cert, ca]) => {
assert.throws(() => { assert.throws(() => {
tls.createServer({ tls.createServer({ key, cert, ca });
key: params[0],
cert: params[1],
ca: params[2]
});
}, common.expectsError({ }, common.expectsError({
code: 'ERR_INVALID_ARG_TYPE', code: 'ERR_INVALID_ARG_TYPE',
type: TypeError, type: TypeError,
message: /^The "ca" argument must be one of type string, Buffer, TypedArray, or DataView$/ message: /^The "ca" argument must be one of type string, Buffer, TypedArray, or DataView$/
})); }));
}); });
// Checks to ensure tls.createServer throws an error for CA assignment
// Format ['key', 'cert', 'ca']
[
[keyBuff, certBuff, true],
[keyBuff, certBuff, {}],
[keyBuff, certBuff, 1],
[keyBuff, certBuff, true],
[keyBuff, certBuff, [caCert, true]]
].map(([key, cert, ca]) => {
assert.throws(() => {
tls.createServer({ key, cert, ca });
}, common.expectsError({
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: /^The "ca" argument must be one of type string, Buffer, TypedArray, or DataView$/
}));
});
// Checks to ensure tls.createSecureContext works with false-y input
// Format ['key', 'cert', 'ca']
[
[null, null, null],
[false, false, false],
[undefined, undefined, undefined],
['', '', ''],
[0, 0, 0]
].map(([key, cert, ca]) => {
assert.doesNotThrow(() => {
tls.createSecureContext({ key, cert, ca });
});
});