1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: throw error on bad ciphers option

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/21557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
This commit is contained in:
Brian White 2018-06-27 03:08:06 -04:00
parent c267639daa
commit a15ea5d7ca
No known key found for this signature in database
GPG Key ID: 606D7358F94DA209
4 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/node_crypto.cc
View File

@ -904,7 +904,13 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
THROW_AND_RETURN_IF_NOT_STRING(env, args[0], "Ciphers"); THROW_AND_RETURN_IF_NOT_STRING(env, args[0], "Ciphers");
const node::Utf8Value ciphers(args.GetIsolate(), args[0]); const node::Utf8Value ciphers(args.GetIsolate(), args[0]);
SSL_CTX_set_cipher_list(sc->ctx_.get(), *ciphers); if (!SSL_CTX_set_cipher_list(sc->ctx_.get(), *ciphers)) {
unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
if (!err) {
return env->ThrowError("Failed to set ciphers");
}
return ThrowCryptoError(env, err);
}
} }

11
test/parallel/test-tls-handshake-error.js
View File

@ -16,17 +16,12 @@ const server = tls.createServer({
rejectUnauthorized: true rejectUnauthorized: true
}, function(c) { }, function(c) {
}).listen(0, common.mustCall(function() { }).listen(0, common.mustCall(function() {
const c = tls.connect({ assert.throws(() => {
tls.connect({
port: this.address().port, port: this.address().port,
ciphers: 'RC4' ciphers: 'RC4'
}, common.mustNotCall()); }, common.mustNotCall());
}, /no cipher match/i);
c.on('error', common.mustCall(function(err) {
assert.notStrictEqual(err.code, 'ECONNRESET');
}));
c.on('close', common.mustCall(function(err) {
assert.ok(err);
server.close(); server.close();
}));
})); }));

22
test/parallel/test-tls-set-ciphers-error.js Normal file
View File

@ -0,0 +1,22 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
{
const options = {
key: fixtures.readKey('agent2-key.pem'),
cert: fixtures.readKey('agent2-cert.pem'),
ciphers: 'aes256-sha'
};
assert.throws(() => tls.createServer(options, common.mustNotCall()),
/no cipher match/i);
options.ciphers = 'FOOBARBAZ';
assert.throws(() => tls.createServer(options, common.mustNotCall()),
/no cipher match/i);
}

9
test/sequential/test-tls-connect.js
View File

@ -50,15 +50,12 @@ const tls = require('tls');
const cert = fixtures.readSync('test_cert.pem'); const cert = fixtures.readSync('test_cert.pem');
const key = fixtures.readSync('test_key.pem'); const key = fixtures.readSync('test_key.pem');
const conn = tls.connect({ assert.throws(() => {
tls.connect({
cert: cert, cert: cert,
key: key, key: key,
port: common.PORT, port: common.PORT,
ciphers: 'rick-128-roll' ciphers: 'rick-128-roll'
}, common.mustNotCall()); }, common.mustNotCall());
}, /no cipher match/i);
conn.on(
'error',
common.mustCall((e) => { assert.strictEqual(e.code, 'ECONNREFUSED'); })
);
} }