1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lib,src: remove openssl feature conditionals

Browse Source 
Remove compile-time and run-time conditionals for features that
OpenSSL 1.0.0 and 1.0.1 didn't support: ALPN, OCSP and/or SNI.
They are no longer necessary since our baseline is OpenSSL 1.0.2.

PR-URL: https://github.com/nodejs/node/pull/21094
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit is contained in:
Ben Noordhuis 2018-06-02 10:52:59 +02:00 committed by Anna Henningsen
parent efdc1a44bb
commit a76f029818
No known key found for this signature in database
GPG Key ID: 9C63F3A6CD2AD8F9
14 changed files with 13 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/_tls_wrap.js
View File

@ -512,8 +512,7 @@ TLSSocket.prototype._init = function(socket, wrap) {
// If custom SNICallback was given, or if // If custom SNICallback was given, or if
// there're SNI contexts to perform match against - // there're SNI contexts to perform match against -
// set `.onsniselect` callback. // set `.onsniselect` callback.
if (process.features.tls_sni && if (options.isServer &&
options.isServer &&
options.SNICallback && options.SNICallback &&
(options.SNICallback !== SNICallback || (options.SNICallback !== SNICallback ||
(options.server && options.server._contexts.length))) { (options.server && options.server._contexts.length))) {
@ -522,7 +521,7 @@ TLSSocket.prototype._init = function(socket, wrap) {
ssl.enableCertCb(); ssl.enableCertCb();
} }
if (process.features.tls_alpn && options.ALPNProtocols) { if (options.ALPNProtocols) {
// keep reference in secureContext not to be GC-ed // keep reference in secureContext not to be GC-ed
ssl._secureContext.alpnBuffer = options.ALPNProtocols; ssl._secureContext.alpnBuffer = options.ALPNProtocols;
ssl.setALPNProtocols(ssl._secureContext.alpnBuffer); ssl.setALPNProtocols(ssl._secureContext.alpnBuffer);
@ -620,15 +619,9 @@ TLSSocket.prototype._releaseControl = function() {
}; };
TLSSocket.prototype._finishInit = function() { TLSSocket.prototype._finishInit = function() {
if (process.features.tls_alpn) {
this.alpnProtocol = this._handle.getALPNNegotiatedProtocol();
}
if (process.features.tls_sni) {
this.servername = this._handle.getServername();
}
debug('secure established'); debug('secure established');
this.alpnProtocol = this._handle.getALPNNegotiatedProtocol();
this.servername = this._handle.getServername();
this._secureEstablished = true; this._secureEstablished = true;
if (this._tlsOptions.handshakeTimeout > 0) if (this._tlsOptions.handshakeTimeout > 0)
this.setTimeout(0, this._handleTimeout); this.setTimeout(0, this._handleTimeout);

2
lib/https.js
View File

@ -48,7 +48,7 @@ function Server(opts, requestListener) {
} }
opts = util._extend({}, opts); opts = util._extend({}, opts);
if (process.features.tls_alpn && !opts.ALPNProtocols) { if (!opts.ALPNProtocols) {
// http/1.0 is not defined as Protocol IDs in IANA // http/1.0 is not defined as Protocol IDs in IANA
// http://www.iana.org/assignments/tls-extensiontype-values // http://www.iana.org/assignments/tls-extensiontype-values
// /tls-extensiontype-values.xhtml#alpn-protocol-ids // /tls-extensiontype-values.xhtml#alpn-protocol-ids

28
src/node.cc
View File

@ -2373,30 +2373,16 @@ static Local<Object> GetFeatures(Environment* env) {
// TODO(bnoordhuis) ping libuv // TODO(bnoordhuis) ping libuv
obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "ipv6"), True(env->isolate())); obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "ipv6"), True(env->isolate()));
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation #ifdef HAVE_OPENSSL
Local<Boolean> tls_alpn = True(env->isolate()); Local<Boolean> have_openssl = True(env->isolate());
#else #else
Local<Boolean> tls_alpn = False(env->isolate()); Local<Boolean> have_openssl = False(env->isolate());
#endif #endif
obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_alpn"), tls_alpn);
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_alpn"), have_openssl);
Local<Boolean> tls_sni = True(env->isolate()); obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_sni"), have_openssl);
#else obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_ocsp"), have_openssl);
Local<Boolean> tls_sni = False(env->isolate()); obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls"), have_openssl);
#endif
obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_sni"), tls_sni);
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
Local<Boolean> tls_ocsp = True(env->isolate());
#else
Local<Boolean> tls_ocsp = False(env->isolate());
#endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_ocsp"), tls_ocsp);
obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls"),
Boolean::New(env->isolate(),
get_builtin_module("crypto") != nullptr));
return scope.Escape(obj); return scope.Escape(obj);
} }

27
src/node_crypto.cc
View File

@ -133,16 +133,10 @@ template int SSLWrap<TLSWrap>::NewSessionCallback(SSL* s,
template void SSLWrap<TLSWrap>::OnClientHello( template void SSLWrap<TLSWrap>::OnClientHello(
void* arg, void* arg,
const ClientHelloParser::ClientHello& hello); const ClientHelloParser::ClientHello& hello);
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
template int SSLWrap<TLSWrap>::TLSExtStatusCallback(SSL* s, void* arg); template int SSLWrap<TLSWrap>::TLSExtStatusCallback(SSL* s, void* arg);
#endif
template void SSLWrap<TLSWrap>::DestroySSL(); template void SSLWrap<TLSWrap>::DestroySSL();
template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
template int SSLWrap<TLSWrap>::SelectALPNCallback( template int SSLWrap<TLSWrap>::SelectALPNCallback(
SSL* s, SSL* s,
const unsigned char** out, const unsigned char** out,
@ -150,7 +144,6 @@ template int SSLWrap<TLSWrap>::SelectALPNCallback(
const unsigned char* in, const unsigned char* in,
unsigned int inlen, unsigned int inlen,
void* arg); void* arg);
#endif // TLSEXT_TYPE_application_layer_protocol_negotiation
static int PasswordCallback(char* buf, int size, int rwflag, void* u) { static int PasswordCallback(char* buf, int size, int rwflag, void* u) {
@ -1387,11 +1380,9 @@ void SSLWrap<Base>::AddMethods(Environment* env, Local<FunctionTemplate> t) {
template <class Base> template <class Base>
void SSLWrap<Base>::ConfigureSecureContext(SecureContext* sc) { void SSLWrap<Base>::ConfigureSecureContext(SecureContext* sc) {
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
// OCSP stapling // OCSP stapling
SSL_CTX_set_tlsext_status_cb(sc->ctx_.get(), TLSExtStatusCallback); SSL_CTX_set_tlsext_status_cb(sc->ctx_.get(), TLSExtStatusCallback);
SSL_CTX_set_tlsext_status_arg(sc->ctx_.get(), nullptr); SSL_CTX_set_tlsext_status_arg(sc->ctx_.get(), nullptr);
#endif // NODE__HAVE_TLSEXT_STATUS_CB
} }
@ -2019,7 +2010,6 @@ void SSLWrap<Base>::NewSessionDone(const FunctionCallbackInfo<Value>& args) {
template <class Base> template <class Base>
void SSLWrap<Base>::SetOCSPResponse(const FunctionCallbackInfo<Value>& args) { void SSLWrap<Base>::SetOCSPResponse(const FunctionCallbackInfo<Value>& args) {
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
Base* w; Base* w;
ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
Environment* env = w->env(); Environment* env = w->env();
@ -2030,18 +2020,15 @@ void SSLWrap<Base>::SetOCSPResponse(const FunctionCallbackInfo<Value>& args) {
THROW_AND_RETURN_IF_NOT_BUFFER(env, args[0], "OCSP response"); THROW_AND_RETURN_IF_NOT_BUFFER(env, args[0], "OCSP response");
w->ocsp_response_.Reset(args.GetIsolate(), args[0].As<Object>()); w->ocsp_response_.Reset(args.GetIsolate(), args[0].As<Object>());
#endif // NODE__HAVE_TLSEXT_STATUS_CB
} }
template <class Base> template <class Base>
void SSLWrap<Base>::RequestOCSP(const FunctionCallbackInfo<Value>& args) { void SSLWrap<Base>::RequestOCSP(const FunctionCallbackInfo<Value>& args) {
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
Base* w; Base* w;
ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
SSL_set_tlsext_status_type(w->ssl_.get(), TLSEXT_STATUSTYPE_ocsp); SSL_set_tlsext_status_type(w->ssl_.get(), TLSEXT_STATUSTYPE_ocsp);
#endif // NODE__HAVE_TLSEXT_STATUS_CB
} }
@ -2226,7 +2213,6 @@ void SSLWrap<Base>::GetProtocol(const FunctionCallbackInfo<Value>& args) {
} }
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
template <class Base> template <class Base>
int SSLWrap<Base>::SelectALPNCallback(SSL* s, int SSLWrap<Base>::SelectALPNCallback(SSL* s,
const unsigned char** out, const unsigned char** out,
@ -2256,13 +2242,11 @@ int SSLWrap<Base>::SelectALPNCallback(SSL* s,
return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
: SSL_TLSEXT_ERR_NOACK; : SSL_TLSEXT_ERR_NOACK;
} }
#endif // TLSEXT_TYPE_application_layer_protocol_negotiation
template <class Base> template <class Base>
void SSLWrap<Base>::GetALPNNegotiatedProto( void SSLWrap<Base>::GetALPNNegotiatedProto(
const FunctionCallbackInfo<Value>& args) { const FunctionCallbackInfo<Value>& args) {
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Base* w; Base* w;
ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
@ -2276,13 +2260,11 @@ void SSLWrap<Base>::GetALPNNegotiatedProto(
args.GetReturnValue().Set( args.GetReturnValue().Set(
OneByteString(args.GetIsolate(), alpn_proto, alpn_proto_len)); OneByteString(args.GetIsolate(), alpn_proto, alpn_proto_len));
#endif // TLSEXT_TYPE_application_layer_protocol_negotiation
} }
template <class Base> template <class Base>
void SSLWrap<Base>::SetALPNProtocols(const FunctionCallbackInfo<Value>& args) { void SSLWrap<Base>::SetALPNProtocols(const FunctionCallbackInfo<Value>& args) {
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Base* w; Base* w;
ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
Environment* env = w->env(); Environment* env = w->env();
@ -2306,11 +2288,9 @@ void SSLWrap<Base>::SetALPNProtocols(const FunctionCallbackInfo<Value>& args) {
SelectALPNCallback, SelectALPNCallback,
nullptr); nullptr);
} }
#endif // TLSEXT_TYPE_application_layer_protocol_negotiation
} }
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
template <class Base> template <class Base>
int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) { int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) {
Base* w = static_cast<Base*>(SSL_get_app_data(s)); Base* w = static_cast<Base*>(SSL_get_app_data(s));
@ -2354,7 +2334,6 @@ int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) {
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} }
#endif // NODE__HAVE_TLSEXT_STATUS_CB
template <class Base> template <class Base>
@ -2396,11 +2375,7 @@ int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
info->Set(context, env->servername_string(), str).FromJust(); info->Set(context, env->servername_string(), str).FromJust();
} }
bool ocsp = false; const bool ocsp = (SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp);
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
ocsp = SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp;
#endif
info->Set(context, env->ocsp_request_string(), info->Set(context, env->ocsp_request_string(),
Boolean::New(env->isolate(), ocsp)).FromJust(); Boolean::New(env->isolate(), ocsp)).FromJust();

9
src/node_crypto.h
View File

@ -53,10 +53,6 @@
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/pkcs12.h> #include <openssl/pkcs12.h>
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
# define NODE__HAVE_TLSEXT_STATUS_CB
#endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
namespace node { namespace node {
namespace crypto { namespace crypto {
@ -331,13 +327,8 @@ class SSLWrap {
ClientHelloParser hello_parser_; ClientHelloParser hello_parser_;
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
Persistent<v8::Object> ocsp_response_; Persistent<v8::Object> ocsp_response_;
#endif // NODE__HAVE_TLSEXT_STATUS_CB
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
Persistent<v8::Value> sni_context_; Persistent<v8::Value> sni_context_;
#endif
friend class SecureContext; friend class SecureContext;
}; };

8
src/tls_wrap.cc
View File

@ -131,12 +131,10 @@ void TLSWrap::InitSSL() {
SSL_set_app_data(ssl_.get(), this); SSL_set_app_data(ssl_.get(), this);
SSL_set_info_callback(ssl_.get(), SSLInfoCallback); SSL_set_info_callback(ssl_.get(), SSLInfoCallback);
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
if (is_server()) { if (is_server()) {
SSL_CTX_set_tlsext_servername_callback(sc_->ctx_.get(), SSL_CTX_set_tlsext_servername_callback(sc_->ctx_.get(),
SelectSNIContextCallback); SelectSNIContextCallback);
} }
#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
ConfigureSecureContext(sc_); ConfigureSecureContext(sc_);
@ -777,7 +775,6 @@ void TLSWrap::OnClientHelloParseEnd(void* arg) {
} }
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
void TLSWrap::GetServername(const FunctionCallbackInfo<Value>& args) { void TLSWrap::GetServername(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args); Environment* env = Environment::GetCurrent(args);
@ -809,10 +806,8 @@ void TLSWrap::SetServername(const FunctionCallbackInfo<Value>& args) {
CHECK_NOT_NULL(wrap->ssl_); CHECK_NOT_NULL(wrap->ssl_);
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
node::Utf8Value servername(env->isolate(), args[0].As<String>()); node::Utf8Value servername(env->isolate(), args[0].As<String>());
SSL_set_tlsext_host_name(wrap->ssl_.get(), *servername); SSL_set_tlsext_host_name(wrap->ssl_.get(), *servername);
#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
} }
@ -851,7 +846,6 @@ int TLSWrap::SelectSNIContextCallback(SSL* s, int* ad, void* arg) {
p->SetSNIContext(sc); p->SetSNIContext(sc);
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
void TLSWrap::GetWriteQueueSize(const FunctionCallbackInfo<Value>& info) { void TLSWrap::GetWriteQueueSize(const FunctionCallbackInfo<Value>& info) {
@ -902,10 +896,8 @@ void TLSWrap::Initialize(Local<Object> target,
StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
SSLWrap<TLSWrap>::AddMethods(env, t); SSLWrap<TLSWrap>::AddMethods(env, t);
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
env->SetProtoMethod(t, "getServername", GetServername); env->SetProtoMethod(t, "getServername", GetServername);
env->SetProtoMethod(t, "setServername", SetServername); env->SetProtoMethod(t, "setServername", SetServername);
#endif // SSL_CRT_SET_TLSEXT_SERVERNAME_CB
env->set_tls_wrap_constructor_function(t->GetFunction()); env->set_tls_wrap_constructor_function(t->GetFunction());

3
src/tls_wrap.h
View File

@ -138,12 +138,9 @@ class TLSWrap : public AsyncWrap,
static void EnableCertCb( static void EnableCertCb(
const v8::FunctionCallbackInfo<v8::Value>& args); const v8::FunctionCallbackInfo<v8::Value>& args);
static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args); static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetServername(const v8::FunctionCallbackInfo<v8::Value>& args); static void SetServername(const v8::FunctionCallbackInfo<v8::Value>& args);
static int SelectSNIContextCallback(SSL* s, int* ad, void* arg); static int SelectSNIContextCallback(SSL* s, int* ad, void* arg);
#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
crypto::SecureContext* sc_; crypto::SecureContext* sc_;
BIO* enc_in_; BIO* enc_in_;

5
test/parallel/test-tls-alpn-server-client.js
View File

@ -4,11 +4,6 @@ const common = require('../common');
if (!common.hasCrypto) if (!common.hasCrypto)
common.skip('missing crypto'); common.skip('missing crypto');
if (!process.features.tls_alpn) {
common.skip(
'Skipping because node compiled without ALPN feature of OpenSSL.');
}
const assert = require('assert'); const assert = require('assert');
const tls = require('tls'); const tls = require('tls');
const fixtures = require('../common/fixtures'); const fixtures = require('../common/fixtures');

3
test/parallel/test-tls-empty-sni-context.js
View File

@ -4,9 +4,6 @@ const common = require('../common');
if (!common.hasCrypto) if (!common.hasCrypto)
common.skip('missing crypto'); common.skip('missing crypto');
if (!process.features.tls_sni)
common.skip('node compiled without OpenSSL or with old OpenSSL version.');
const assert = require('assert'); const assert = require('assert');
const tls = require('tls'); const tls = require('tls');

3
test/parallel/test-tls-ocsp-callback.js
View File

@ -22,9 +22,6 @@
'use strict'; 'use strict';
const common = require('../common'); const common = require('../common');
if (!process.features.tls_ocsp)
common.skip('node compiled without OpenSSL or with old OpenSSL version.');
if (!common.opensslCli) if (!common.opensslCli)
common.skip('node compiled without OpenSSL CLI.'); common.skip('node compiled without OpenSSL CLI.');

3
test/parallel/test-tls-sni-option.js
View File

@ -24,9 +24,6 @@ const common = require('../common');
if (!common.hasCrypto) if (!common.hasCrypto)
common.skip('missing crypto'); common.skip('missing crypto');
if (!process.features.tls_sni)
common.skip('node compiled without OpenSSL or with old OpenSSL version.');
const assert = require('assert'); const assert = require('assert');
const tls = require('tls'); const tls = require('tls');
const fixtures = require('../common/fixtures'); const fixtures = require('../common/fixtures');

3
test/parallel/test-tls-sni-server-client.js
View File

@ -24,9 +24,6 @@ const common = require('../common');
if (!common.hasCrypto) if (!common.hasCrypto)
common.skip('missing crypto'); common.skip('missing crypto');
if (!process.features.tls_sni)
common.skip('node compiled without OpenSSL or with old OpenSSL version.');
const assert = require('assert'); const assert = require('assert');
const tls = require('tls'); const tls = require('tls');
const fixtures = require('../common/fixtures'); const fixtures = require('../common/fixtures');

3
test/parallel/test-tls-snicallback-error.js
View File

@ -3,9 +3,6 @@ const common = require('../common');
if (!common.hasCrypto) if (!common.hasCrypto)
common.skip('missing crypto'); common.skip('missing crypto');
if (!process.features.tls_sni)
common.skip('compiled without OpenSSL or with old OpenSSL version');
const assert = require('assert'); const assert = require('assert');
const tls = require('tls'); const tls = require('tls');

3
test/parallel/test-tls-socket-constructor-alpn-options-parsing.js
View File

@ -13,9 +13,6 @@ new tls.TLSSocket(null, {
ALPNProtocols: ['http/1.1'], ALPNProtocols: ['http/1.1'],
}); });
if (!process.features.tls_alpn)
common.skip('node compiled without ALPN feature of OpenSSL');
const assert = require('assert'); const assert = require('assert');
const net = require('net'); const net = require('net');
const fixtures = require('../common/fixtures'); const fixtures = require('../common/fixtures');