lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Better verify info

v0.7.4-release
Ryan Dahl 14 years ago
parent
4b947310b2
commit
ea540c94f8
2 changed files with 128 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 143
      src/node_crypto.cc
  2. 2
      src/node_crypto.h

143
src/node_crypto.cc
View File

@ -306,7 +306,7 @@ void SecureStream::Initialize(Handle<Object> target) {
NODE_SET_PROTOTYPE_METHOD(t, "encPending", SecureStream::EncPending);
NODE_SET_PROTOTYPE_METHOD(t, "getPeerCertificate", SecureStream::GetPeerCertificate);
NODE_SET_PROTOTYPE_METHOD(t, "isInitFinished", SecureStream::IsInitFinished);
NODE_SET_PROTOTYPE_METHOD(t, "verifyPeer", SecureStream::VerifyPeer);
NODE_SET_PROTOTYPE_METHOD(t, "verifyPeerError", SecureStream::VerifyPeerError);
NODE_SET_PROTOTYPE_METHOD(t, "getCurrentCipher", SecureStream::GetCurrentCipher);
NODE_SET_PROTOTYPE_METHOD(t, "start", SecureStream::Start);
NODE_SET_PROTOTYPE_METHOD(t, "shutdown", SecureStream::Shutdown);
@ -356,8 +356,8 @@ static int VerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) {
//
// Since we cannot perform I/O quickly enough in this callback, we ignore
// all preverify_ok errors and let the handshake continue. It is
// imparative that the user use SecureStream::VerifyPeer after the 'secure'
// callback has been made.
// imparative that the user use SecureStream::VerifyPeerError after the
// 'secure' callback has been made.
return 1;
}
@ -715,32 +715,143 @@ Handle<Value> SecureStream::IsInitFinished(const Arguments& args) {
}
Handle<Value> SecureStream::VerifyPeer(const Arguments& args) {
Handle<Value> SecureStream::VerifyPeerError(const Arguments& args) {
HandleScope scope;
SecureStream *ss = ObjectWrap::Unwrap<SecureStream>(args.Holder());
if (ss->ssl_ == NULL) return False();
if (!ss->should_verify_) return False();
#if 0
// Why?
X509* peer_cert = SSL_get_peer_certificate(ss->ssl_);
if (peer_cert==NULL) return False();
if (peer_cert == NULL) return False();
X509_free(peer_cert);
#endif
long x509_verify_error = SSL_get_verify_result(ss->ssl_);
// Can also check for:
// X509_V_ERR_CERT_HAS_EXPIRED
// X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
// X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
// X509_V_ERR_INVALID_CA
// X509_V_ERR_PATH_LENGTH_EXCEEDED
// X509_V_ERR_INVALID_PURPOSE
// X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
Local<String> s;
// printf("%s\n", X509_verify_cert_error_string(x509_verify_error));
switch (x509_verify_error) {
case X509_V_OK:
return Null();
if (!x509_verify_error) return True();
return False();
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
s = String::New("UNABLE_TO_GET_ISSUER_CERT");
break;
case X509_V_ERR_UNABLE_TO_GET_CRL:
s = String::New("UNABLE_TO_GET_CRL");
break;
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
s = String::New("UNABLE_TO_DECRYPT_CERT_SIGNATURE");
break;
case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
s = String::New("UNABLE_TO_DECRYPT_CRL_SIGNATURE");
break;
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
s = String::New("UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY");
break;
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
s = String::New("CERT_SIGNATURE_FAILURE");
break;
case X509_V_ERR_CRL_SIGNATURE_FAILURE:
s = String::New("CRL_SIGNATURE_FAILURE");
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
s = String::New("CERT_NOT_YET_VALID");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
s = String::New("CERT_HAS_EXPIRED");
break;
case X509_V_ERR_CRL_NOT_YET_VALID:
s = String::New("CRL_NOT_YET_VALID");
break;
case X509_V_ERR_CRL_HAS_EXPIRED:
s = String::New("CRL_HAS_EXPIRED");
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
s = String::New("ERROR_IN_CERT_NOT_BEFORE_FIELD");
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
s = String::New("ERROR_IN_CERT_NOT_AFTER_FIELD");
break;
case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
s = String::New("ERROR_IN_CRL_LAST_UPDATE_FIELD");
break;
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
s = String::New("ERROR_IN_CRL_NEXT_UPDATE_FIELD");
break;
case X509_V_ERR_OUT_OF_MEM:
s = String::New("OUT_OF_MEM");
break;
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
s = String::New("DEPTH_ZERO_SELF_SIGNED_CERT");
break;
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
s = String::New("SELF_SIGNED_CERT_IN_CHAIN");
break;
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
s = String::New("UNABLE_TO_GET_ISSUER_CERT_LOCALLY");
break;
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
s = String::New("UNABLE_TO_VERIFY_LEAF_SIGNATURE");
break;
case X509_V_ERR_CERT_CHAIN_TOO_LONG:
s = String::New("CERT_CHAIN_TOO_LONG");
break;
case X509_V_ERR_CERT_REVOKED:
s = String::New("CERT_REVOKED");
break;
case X509_V_ERR_INVALID_CA:
s = String::New("INVALID_CA");
break;
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
s = String::New("PATH_LENGTH_EXCEEDED");
break;
case X509_V_ERR_INVALID_PURPOSE:
s = String::New("INVALID_PURPOSE");
break;
case X509_V_ERR_CERT_UNTRUSTED:
s = String::New("CERT_UNTRUSTED");
break;
case X509_V_ERR_CERT_REJECTED:
s = String::New("CERT_REJECTED");
break;
default:
s = String::New(X509_verify_cert_error_string(x509_verify_error));
break;
}
return scope.Close(s);
}

2
src/node_crypto.h
View File

@ -60,7 +60,7 @@ class SecureStream : ObjectWrap {
static v8::Handle<v8::Value> ClearIn(const v8::Arguments& args);
static v8::Handle<v8::Value> GetPeerCertificate(const v8::Arguments& args);
static v8::Handle<v8::Value> IsInitFinished(const v8::Arguments& args);
static v8::Handle<v8::Value> VerifyPeer(const v8::Arguments& args);
static v8::Handle<v8::Value> VerifyPeerError(const v8::Arguments& args);
static v8::Handle<v8::Value> GetCurrentCipher(const v8::Arguments& args);
static v8::Handle<v8::Value> Shutdown(const v8::Arguments& args);
static v8::Handle<v8::Value> Start(const v8::Arguments& args);

Write Preview
Loading…
Cancel
Save