1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

src: add --use-bundled-ca --use-openssl-ca check

Browse Source 
The --use-bundled-ca and --use-openssl-ca command line arguments are
mutually exclusive but can both be used on the same command line.

This commit adds a check if both options are used.

Fixes: https://github.com/nodejs/node/issues/12083
PR-URL: https://github.com/nodejs/node/pull/12087
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This commit is contained in:
Daniel Bevenius 2017-03-28 08:56:39 +02:00
parent 4d255b04bf
commit 8a7db9d4b5
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/node.cc
View File

@ -3637,6 +3637,8 @@ static void ParseArgs(int* argc,
const char** new_v8_argv = new const char*[nargs]; const char** new_v8_argv = new const char*[nargs];
const char** new_argv = new const char*[nargs]; const char** new_argv = new const char*[nargs];
const char** local_preload_modules = new const char*[nargs]; const char** local_preload_modules = new const char*[nargs];
bool use_bundled_ca = false;
bool use_openssl_ca = false;
for (unsigned int i = 0; i < nargs; ++i) { for (unsigned int i = 0; i < nargs; ++i) {
new_exec_argv[i] = nullptr; new_exec_argv[i] = nullptr;
@ -3751,7 +3753,9 @@ static void ParseArgs(int* argc,
default_cipher_list = arg + 18; default_cipher_list = arg + 18;
} else if (strncmp(arg, "--use-openssl-ca", 16) == 0) { } else if (strncmp(arg, "--use-openssl-ca", 16) == 0) {
ssl_openssl_cert_store = true; ssl_openssl_cert_store = true;
use_openssl_ca = true;
} else if (strncmp(arg, "--use-bundled-ca", 16) == 0) { } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
use_bundled_ca = true;
ssl_openssl_cert_store = false; ssl_openssl_cert_store = false;
#if NODE_FIPS_MODE #if NODE_FIPS_MODE
} else if (strcmp(arg, "--enable-fips") == 0) { } else if (strcmp(arg, "--enable-fips") == 0) {
@ -3786,6 +3790,16 @@ static void ParseArgs(int* argc,
index += args_consumed; index += args_consumed;
} }
#if HAVE_OPENSSL
if (use_openssl_ca && use_bundled_ca) {
fprintf(stderr,
"%s: either --use-openssl-ca or --use-bundled-ca can be used, "
"not both\n",
argv[0]);
exit(9);
}
#endif
// Copy remaining arguments. // Copy remaining arguments.
const unsigned int args_left = nargs - index; const unsigned int args_left = nargs - index;
memcpy(new_argv + new_argc, argv + index, args_left * sizeof(*argv)); memcpy(new_argv + new_argc, argv + index, args_left * sizeof(*argv));

31
test/parallel/test-openssl-ca-options.js Normal file
View File

@ -0,0 +1,31 @@
'use strict';
// This test checks the usage of --use-bundled-ca and --use-openssl-ca arguments
// to verify that both are not used at the same time.
const common = require('../common');
if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const assert = require('assert');
const os = require('os');
const childProcess = require('child_process');
const result = childProcess.spawnSync(process.execPath, [
'--use-bundled-ca',
'--use-openssl-ca',
'-p', 'process.version'],
{encoding: 'utf8'});
assert.strictEqual(result.stderr,
process.execPath + ': either --use-openssl-ca or ' +
'--use-bundled-ca can be used, not both' + os.EOL);
assert.strictEqual(result.status, 9);
const useBundledCA = childProcess.spawnSync(process.execPath, [
'--use-bundled-ca',
'-p', 'process.version']);
assert.strictEqual(useBundledCA.status, 0);
const useOpenSSLCA = childProcess.spawnSync(process.execPath, [
'--use-openssl-ca',
'-p', 'process.version']);
assert.strictEqual(useOpenSSLCA.status, 0);