1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: clear some SSL_METHOD deprecation warnings

Browse Source 
Fixing the rest will be rather involved. I think the cleanest option is
to deprecate the method string APIs which are weird to begin with.

PR-URL: https://github.com/nodejs/node/pull/16130
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
This commit is contained in:
David Benjamin 2017-09-18 12:34:04 -04:00 committed by Rod Vagg
parent 63c278959a
commit 694efa882f
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/node_crypto.cc
View File

@ -178,6 +178,8 @@ static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) {
return 1; return 1;
} }
static const SSL_METHOD* TLS_method() { return SSLv23_method(); }
static void SSL_SESSION_get0_ticket(const SSL_SESSION* s, static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
const unsigned char** tick, size_t* len) { const unsigned char** tick, size_t* len) {
*len = s->tlsext_ticklen; *len = s->tlsext_ticklen;
@ -541,12 +543,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder()); ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
Environment* env = sc->env(); Environment* env = sc->env();
const SSL_METHOD* method = SSLv23_method(); const SSL_METHOD* method = TLS_method();
if (args.Length() == 1 && args[0]->IsString()) { if (args.Length() == 1 && args[0]->IsString()) {
const node::Utf8Value sslmethod(env->isolate(), args[0]); const node::Utf8Value sslmethod(env->isolate(), args[0]);
// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends // Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends
// are still accepted. They are OpenSSL's way of saying that all known // are still accepted. They are OpenSSL's way of saying that all known
// protocols are supported unless explicitly disabled (which we do below // protocols are supported unless explicitly disabled (which we do below
// for SSLv2 and SSLv3.) // for SSLv2 and SSLv3.)
@ -594,7 +596,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
sc->ctx_ = SSL_CTX_new(method); sc->ctx_ = SSL_CTX_new(method);
SSL_CTX_set_app_data(sc->ctx_, sc); SSL_CTX_set_app_data(sc->ctx_, sc);
// Disable SSLv2 in the case when method == SSLv23_method() and the // Disable SSLv2 in the case when method == TLS_method() and the
// cipher list contains SSLv2 ciphers (not the default, should be rare.) // cipher list contains SSLv2 ciphers (not the default, should be rare.)
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may. // The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.) // SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
@ -5786,7 +5788,7 @@ void RandomBytesBuffer(const FunctionCallbackInfo<Value>& args) {
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) { void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args); Environment* env = Environment::GetCurrent(args);
SSL_CTX* ctx = SSL_CTX_new(TLSv1_server_method()); SSL_CTX* ctx = SSL_CTX_new(TLS_method());
CHECK_NE(ctx, nullptr); CHECK_NE(ctx, nullptr);
SSL* ssl = SSL_new(ctx); SSL* ssl = SSL_new(ctx);