lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

https: fix renegotation attack protection 

Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js
v0.9.3-release
Ben Noordhuis 12 years ago
parent
7394e89ff6
commit
0ad005852c
5 changed files with 17 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      doc/api/http.markdown
  2. 4
      doc/api/tls.markdown
  3. 6
      lib/http.js
  4. 4
      lib/https.js
  5. 2
      lib/tls.js

5
doc/api/http.markdown
View File

@ -127,10 +127,13 @@ sent to the server on that socket.
### Event: 'clientError' ### Event: 'clientError'
`function (exception) { }` `function (exception, socket) { }`
If a client connection emits an 'error' event - it will forwarded here. If a client connection emits an 'error' event - it will forwarded here.
`socket` is the `net.Socket` object that the error originated from.
### server.listen(port, [hostname], [backlog], [callback]) ### server.listen(port, [hostname], [backlog], [callback])
Begin accepting connections on the specified port and hostname. If the Begin accepting connections on the specified port and hostname. If the

4
doc/api/tls.markdown
View File

@ -367,11 +367,13 @@ SNI.
### Event: 'clientError' ### Event: 'clientError'
`function (exception) { }` `function (exception, securePair) { }`
When a client connection emits an 'error' event before secure connection is When a client connection emits an 'error' event before secure connection is
established - it will be forwarded here. established - it will be forwarded here.
`securePair` is the `tls.SecurePair` that the error originated from.
### Event: 'newSession' ### Event: 'newSession'

6
lib/http.js
View File

@ -1647,6 +1647,10 @@ function Server(requestListener) {
this.httpAllowHalfOpen = false; this.httpAllowHalfOpen = false;
this.addListener('connection', connectionListener); this.addListener('connection', connectionListener);
this.addListener('clientError', function(err, conn) {
conn.destroy(err);
});
} }
util.inherits(Server, net.Server); util.inherits(Server, net.Server);
@ -1705,7 +1709,7 @@ function connectionListener(socket) {
} }
socket.addListener('error', function(e) { socket.addListener('error', function(e) {
self.emit('clientError', e); self.emit('clientError', e, this);
}); });
socket.ondata = function(d, start, end) { socket.ondata = function(d, start, end) {

4
lib/https.js
View File

@ -39,6 +39,10 @@ function Server(opts, requestListener) {
if (requestListener) { if (requestListener) {
this.addListener('request', requestListener); this.addListener('request', requestListener);
} }
this.addListener('clientError', function(err, conn) {
conn.destroy(err);
});
} }
inherits(Server, tls.Server); inherits(Server, tls.Server);

2
lib/tls.js
View File

@ -1155,7 +1155,7 @@ function Server(/* [options], listener */) {
} }
}); });
pair.on('error', function(err) { pair.on('error', function(err) {
self.emit('clientError', err); self.emit('clientError', err, this);
}); });
}); });

Write Preview
Loading…
Cancel
Save