tls: do not crash on STARTTLS when OCSP requested
`TLSSocket` should not have a hard dependency on `tls.Server`, since it may be running without it in cases like `STARTTLS`. Fix: #10704 PR-URL: https://github.com/nodejs/node/pull/10706 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Fedor Indutny
Sam Roberts
parent
62e96096fa
commit
a1802e670d
@ -110,6 +110,13 @@ function requestOCSP(self, hello, ctx, cb) {
|
|||||||
|
|
||||||
if (!ctx)
|
if (!ctx)
|
||||||
ctx = self.server._sharedCreds;
|
ctx = self.server._sharedCreds;
|
||||||
|
|
||||||
|
// TLS socket is using a `net.Server` instead of a tls.TLSServer.
|
||||||
|
// Some TLS properties like `server._sharedCreds` will not be present
|
||||||
|
if (!ctx)
|
||||||
|
return cb(null);
|
||||||
|
|
||||||
|
// TODO(indutny): eventually disallow raw `SecureContext`
|
||||||
if (ctx.context)
|
if (ctx.context)
|
||||||
ctx = ctx.context;
|
ctx = ctx.context;
|
||||||
|
|
||||||
|
|||||||
53
test/parallel/test-tls-starttls-server.js
Normal file
53
test/parallel/test-tls-starttls-server.js
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
'use strict';
|
||||||
|
|
||||||
|
// Test asynchronous SNI+OCSP on TLSSocket created with `server` set to
|
||||||
|
// `net.Server` instead of `tls.Server`
|
||||||
|
|
||||||
|
const common = require('../common');
|
||||||
|
|
||||||
|
if (!common.hasCrypto) {
|
||||||
|
common.skip('missing crypto');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const assert = require('assert');
|
||||||
|
const fs = require('fs');
|
||||||
|
const net = require('net');
|
||||||
|
const tls = require('tls');
|
||||||
|
|
||||||
|
const key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');
|
||||||
|
const cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');
|
||||||
|
|
||||||
|
const server = net.createServer(common.mustCall((s) => {
|
||||||
|
const tlsSocket = new tls.TLSSocket(s, {
|
||||||
|
isServer: true,
|
||||||
|
server: server,
|
||||||
|
|
||||||
|
secureContext: tls.createSecureContext({
|
||||||
|
key: key,
|
||||||
|
cert: cert
|
||||||
|
}),
|
||||||
|
|
||||||
|
SNICallback: common.mustCall((hostname, callback) => {
|
||||||
|
assert.strictEqual(hostname, 'test.test');
|
||||||
|
|
||||||
|
callback(null, null);
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
tlsSocket.on('secure', common.mustCall(() => {
|
||||||
|
tlsSocket.end();
|
||||||
|
server.close();
|
||||||
|
}));
|
||||||
|
})).listen(0, () => {
|
||||||
|
const opts = {
|
||||||
|
servername: 'test.test',
|
||||||
|
port: server.address().port,
|
||||||
|
rejectUnauthorized: false,
|
||||||
|
requestOCSP: true
|
||||||
|
};
|
||||||
|
|
||||||
|
tls.connect(opts, function() {
|
||||||
|
this.end();
|
||||||
|
});
|
||||||
|
});
|
||||||
Loading…
x
Reference in New Issue
Block a user