1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: zero SSL_CTX freelist for a singleUse socket

Browse Source 
When connecting to server with `keepAlive` turned off - make sure that
the read/write buffers won't be kept in a single use SSL_CTX instance
after the socket will be destroyed.

Fix: https://github.com/iojs/io.js/issues/1522
PR-URL: https://github.com/iojs/io.js/pull/1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
This commit is contained in:
Fedor Indutny 2015-04-26 14:19:38 +02:00
parent e6874dd0f9
commit 2684c902c4
4 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/_tls_common.js
View File

@ -133,6 +133,10 @@ exports.createSecureContext = function createSecureContext(options, context) {
} }
} }
// Do not keep read/write buffers in free list
if (options.singleUse)
c.context.setFreeListLength(0);
return c; return c;
}; };

2
lib/_tls_wrap.js
View File

@ -862,6 +862,8 @@ exports.connect = function(/* [port, host], options, cb */) {
}; };
options = util._extend(defaults, options || {}); options = util._extend(defaults, options || {});
if (!options.keepAlive)
options.singleUse = true;
assert(typeof options.checkServerIdentity === 'function'); assert(typeof options.checkServerIdentity === 'function');

8
src/node_crypto.cc
View File

@ -265,6 +265,7 @@ void SecureContext::Initialize(Environment* env, Handle<Object> target) {
env->SetProtoMethod(t, "loadPKCS12", SecureContext::LoadPKCS12); env->SetProtoMethod(t, "loadPKCS12", SecureContext::LoadPKCS12);
env->SetProtoMethod(t, "getTicketKeys", SecureContext::GetTicketKeys); env->SetProtoMethod(t, "getTicketKeys", SecureContext::GetTicketKeys);
env->SetProtoMethod(t, "setTicketKeys", SecureContext::SetTicketKeys); env->SetProtoMethod(t, "setTicketKeys", SecureContext::SetTicketKeys);
env->SetProtoMethod(t, "setFreeListLength", SecureContext::SetFreeListLength);
env->SetProtoMethod(t, "getCertificate", SecureContext::GetCertificate<true>); env->SetProtoMethod(t, "getCertificate", SecureContext::GetCertificate<true>);
env->SetProtoMethod(t, "getIssuer", SecureContext::GetCertificate<false>); env->SetProtoMethod(t, "getIssuer", SecureContext::GetCertificate<false>);
@ -933,6 +934,13 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo<Value>& args) {
} }
void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
SecureContext* wrap = Unwrap<SecureContext>(args.Holder());
wrap->ctx_->freelist_max_len = args[0]->Int32Value();
}
void SecureContext::CtxGetter(Local<String> property, void SecureContext::CtxGetter(Local<String> property,
const PropertyCallbackInfo<Value>& info) { const PropertyCallbackInfo<Value>& info) {
HandleScope scope(info.GetIsolate()); HandleScope scope(info.GetIsolate());

2
src/node_crypto.h
View File

@ -85,6 +85,8 @@ class SecureContext : public BaseObject {
static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args); static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args); static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args); static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetFreeListLength(
const v8::FunctionCallbackInfo<v8::Value>& args);
static void CtxGetter(v8::Local<v8::String> property, static void CtxGetter(v8::Local<v8::String> property,
const v8::PropertyCallbackInfo<v8::Value>& info); const v8::PropertyCallbackInfo<v8::Value>& info);