tls: handle empty cert in checkServerIndentity
This resolves joyent/node#9272. `tlsSocket.getPeerCertificate` will return an empty object when the peer does not provide a certificate, but, prior to this, when the certificate is empty, `checkServerIdentity` would throw because the `subject` wasn't present on the cert. `checkServerIdentity` must return an error, not throw one, so this returns an error when the cert is empty instead of throwing a `TypeError`. PR-URL: https://github.com/nodejs/node/pull/2343 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
This commit is contained in:
Mike Atkins
Shigeki Ohtsu
parent
ec6e5c7999
commit
f1810ed1b8
@ -151,7 +151,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
|
|||||||
host,
|
host,
|
||||||
ips.join(', '));
|
ips.join(', '));
|
||||||
}
|
}
|
||||||
} else {
|
} else if (cert.subject) {
|
||||||
// Transform hostname to canonical form
|
// Transform hostname to canonical form
|
||||||
if (!/\.$/.test(host)) host += '.';
|
if (!/\.$/.test(host)) host += '.';
|
||||||
|
|
||||||
@ -204,6 +204,8 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
|
|||||||
cert.subject.CN);
|
cert.subject.CN);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
reason = 'Cert is empty';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!valid) {
|
if (!valid) {
|
||||||
|
|||||||
@ -30,6 +30,13 @@ var tests = [
|
|||||||
'DNS:omg.com'
|
'DNS:omg.com'
|
||||||
},
|
},
|
||||||
|
|
||||||
|
// Empty Cert
|
||||||
|
{
|
||||||
|
host: 'a.com',
|
||||||
|
cert: { },
|
||||||
|
error: 'Cert is empty'
|
||||||
|
},
|
||||||
|
|
||||||
// Multiple CN fields
|
// Multiple CN fields
|
||||||
{
|
{
|
||||||
host: 'foo.com', cert: {
|
host: 'foo.com', cert: {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user