1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: remove unused access of tlsext_hostname

Browse Source 
The return value of loadSession is ultimately ignored, so don't fill it
in. This inches Node closer to 1.1.0 compatibility and is less code.

Also remove a comment which appears to have long since become invalid.
It dates to 048e0e77e0c341407ecea364cbe26c8f77be48b8 when the SNI value
was actually extracted from the session.

This also fixes a segfault should d2i_SSL_SESSION fail to parse the
input and return NULL. Add a test for this case based on
test-tls-session-cache.js.

PR-URL: https://github.com/nodejs/node/pull/10882
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This commit is contained in:
David Benjamin 2017-01-11 21:37:28 -05:00 committed by Sam Roberts
parent 5ffb7d72bb
commit e34ee1d2c9
3 changed files with 34 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/_tls_wrap.js
View File

@ -66,12 +66,8 @@ function loadSession(self, hello, cb) {
if (!self._handle) if (!self._handle)
return cb(new Error('Socket is closed')); return cb(new Error('Socket is closed'));
// NOTE: That we have disabled OpenSSL's internal session storage in self._handle.loadSession(session);
// `node_crypto.cc` and hence its safe to rely on getting servername only cb(null);
// from clienthello or this place.
var ret = self._handle.loadSession(session);
cb(null, ret);
} }
if (hello.sessionId.length <= 0 || if (hello.sessionId.length <= 0 ||
@ -148,7 +144,7 @@ function requestOCSP(self, hello, ctx, cb) {
function onclienthello(hello) { function onclienthello(hello) {
var self = this; var self = this;
loadSession(self, hello, function(err, session) { loadSession(self, hello, function(err) {
if (err) if (err)
return self.destroy(err); return self.destroy(err);

11
src/node_crypto.cc
View File

@ -1826,17 +1826,6 @@ void SSLWrap<Base>::LoadSession(const FunctionCallbackInfo<Value>& args) {
if (w->next_sess_ != nullptr) if (w->next_sess_ != nullptr)
SSL_SESSION_free(w->next_sess_); SSL_SESSION_free(w->next_sess_);
w->next_sess_ = sess; w->next_sess_ = sess;
Local<Object> info = Object::New(env->isolate());
#ifndef OPENSSL_NO_TLSEXT
if (sess->tlsext_hostname == nullptr) {
info->Set(env->servername_string(), False(args.GetIsolate()));
} else {
info->Set(env->servername_string(),
OneByteString(args.GetIsolate(), sess->tlsext_hostname));
}
#endif
args.GetReturnValue().Set(info);
} }
} }

36
test/parallel/test-tls-session-cache.js
View File

@ -13,8 +13,10 @@ if (!common.hasCrypto) {
doTest({ tickets: false }, function() { doTest({ tickets: false }, function() {
doTest({ tickets: true }, function() { doTest({ tickets: true }, function() {
doTest({ tickets: false, invalidSession: true }, function() {
console.error('all done'); console.error('all done');
}); });
});
}); });
function doTest(testOptions, callback) { function doTest(testOptions, callback) {
@ -23,6 +25,7 @@ function doTest(testOptions, callback) {
const fs = require('fs'); const fs = require('fs');
const join = require('path').join; const join = require('path').join;
const spawn = require('child_process').spawn; const spawn = require('child_process').spawn;
const Buffer = require('buffer').Buffer;
const keyFile = join(common.fixturesDir, 'agent.key'); const keyFile = join(common.fixturesDir, 'agent.key');
const certFile = join(common.fixturesDir, 'agent.crt'); const certFile = join(common.fixturesDir, 'agent.crt');
@ -36,6 +39,7 @@ function doTest(testOptions, callback) {
}; };
let requestCount = 0; let requestCount = 0;
let resumeCount = 0; let resumeCount = 0;
let newSessionCount = 0;
let session; let session;
const server = tls.createServer(options, function(cleartext) { const server = tls.createServer(options, function(cleartext) {
@ -50,6 +54,7 @@ function doTest(testOptions, callback) {
cleartext.end(); cleartext.end();
}); });
server.on('newSession', function(id, data, cb) { server.on('newSession', function(id, data, cb) {
++newSessionCount;
// Emulate asynchronous store // Emulate asynchronous store
setTimeout(function() { setTimeout(function() {
assert.ok(!session); assert.ok(!session);
@ -65,9 +70,17 @@ function doTest(testOptions, callback) {
assert.ok(session); assert.ok(session);
assert.strictEqual(session.id.toString('hex'), id.toString('hex')); assert.strictEqual(session.id.toString('hex'), id.toString('hex'));
let data = session.data;
// Return an invalid session to test Node does not crash.
if (testOptions.invalidSession) {
data = Buffer.from('INVALID SESSION');
session = null;
}
// Just to check that async really works there // Just to check that async really works there
setTimeout(function() { setTimeout(function() {
callback(null, session.data); callback(null, data);
}, 100); }, 100);
}); });
@ -118,14 +131,25 @@ function doTest(testOptions, callback) {
}); });
process.on('exit', function() { process.on('exit', function() {
// Each test run connects 6 times: an initial request and 5 reconnect
// requests.
assert.strictEqual(requestCount, 6);
if (testOptions.tickets) { if (testOptions.tickets) {
assert.strictEqual(requestCount, 6); // No session cache callbacks are called.
assert.strictEqual(resumeCount, 0); assert.strictEqual(resumeCount, 0);
} else { assert.strictEqual(newSessionCount, 0);
// initial request + reconnect requests (5 times) } else if (testOptions.invalidSession) {
assert.ok(session); // The resume callback was called, but each connection established a
assert.strictEqual(requestCount, 6); // fresh session.
assert.strictEqual(resumeCount, 5); assert.strictEqual(resumeCount, 5);
assert.strictEqual(newSessionCount, 6);
} else {
// The resume callback was called, and only the initial connection
// establishes a fresh session.
assert.ok(session);
assert.strictEqual(resumeCount, 5);
assert.strictEqual(newSessionCount, 1);
} }
}); });
} }