Browse Source

TLS: Add secureOptions flag

Also, secureOptions flag was added (and passed through) and allows
the context to have all supported SSL_OP_* set via createCredentials.
All SSL_OP_ flags (outside of ALL) have been added to constants.
v0.7.4-release
Theo Schlossnagle 14 years ago
committed by Ryan Dahl
parent
commit
2a88dd3bc1
  1. 6
      lib/crypto.js
  2. 3
      lib/tls.js
  3. 70
      src/node_constants.cc
  4. 16
      src/node_crypto.cc
  5. 1
      src/node_crypto.h

6
lib/crypto.js

@ -36,7 +36,7 @@ try {
}
function Credentials(secureProtocol) {
function Credentials(secureProtocol, flags) {
if (!(this instanceof Credentials)) {
return new Credentials(secureProtocol);
}
@ -53,6 +53,8 @@ function Credentials(secureProtocol) {
this.context.init();
}
if(flags) this.context.setOptions(flags);
}
exports.Credentials = Credentials;
@ -60,7 +62,7 @@ exports.Credentials = Credentials;
exports.createCredentials = function(options) {
if (!options) options = {};
var c = new Credentials(options.secureProtocol);
var c = new Credentials(options.secureProtocol, options.secureOptions);
if (options.key) c.context.setKey(options.key);

3
lib/tls.js

@ -724,6 +724,7 @@ function Server(/* [options], listener */) {
cert: self.cert,
ca: self.ca,
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
crl: self.crl
});
//creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
@ -795,6 +796,8 @@ Server.prototype.setOptions = function(options) {
if (options.ca) this.ca = options.ca;
if (options.secureProtocol) this.secureProtocol = options.secureProtocol;
if (options.crl) this.crl = options.crl;
if (options.secureProtocol) this.secureProtocol = options.secureProtocol;
if (options.secureOptions) this.secureOptions = options.secureOptions;
};

70
src/node_constants.cc

@ -35,6 +35,10 @@
# include <platform_win32_winsock.h>
#endif
#ifdef HAVE_OPENSSL
# include <openssl/ssl.h>
#endif
namespace node {
using namespace v8;
@ -838,6 +842,72 @@ void DefineConstants(Handle<Object> target) {
#ifdef SIGUNUSED
NODE_DEFINE_CONSTANT(target, SIGUNUSED);
#endif
// OpenSSL SSL context options
#ifdef SSL_OP_NO_QUERY_MTU
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_QUERY_MTU);
#endif
#ifdef SSL_OP_COOKIE_EXCHANGE
NODE_DEFINE_CONSTANT(target, SSL_OP_COOKIE_EXCHANGE);
#endif
#ifdef SSL_OP_NO_TICKET
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TICKET);
#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_ECDH_USE);
#endif
#ifdef SSL_OP_SINGLE_DH_USE
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
#endif
#ifdef SSL_OP_EPHEMERAL_RSA
NODE_DEFINE_CONSTANT(target, SSL_OP_EPHEMERAL_RSA);
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
NODE_DEFINE_CONSTANT(target, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
#ifdef SSL_OP_TLS_ROLLBACK_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_ROLLBACK_BUG);
#endif
#ifdef SSL_OP_NO_SSLv2
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SSLv2);
#endif
#ifdef SSL_OP_NO_SSLv3
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SSLv3);
#endif
#ifdef SSL_OP_NO_TLSv1
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1);
#endif
#ifdef SSL_OP_PKCS1_CHECK_1
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
#endif
#ifdef SSL_OP_PKCS1_CHECK_2
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
#endif
#ifdef SSL_OP_NETSCAPE_CA_DN_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG);
#endif
#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
#endif
}
} // namespace node

16
src/node_crypto.cc

@ -73,6 +73,7 @@ void SecureContext::Initialize(Handle<Object> target) {
NODE_SET_PROTOTYPE_METHOD(t, "addCRL", SecureContext::AddCRL);
NODE_SET_PROTOTYPE_METHOD(t, "addRootCerts", SecureContext::AddRootCerts);
NODE_SET_PROTOTYPE_METHOD(t, "setCiphers", SecureContext::SetCiphers);
NODE_SET_PROTOTYPE_METHOD(t, "setOptions", SecureContext::SetOptions);
NODE_SET_PROTOTYPE_METHOD(t, "close", SecureContext::Close);
target->Set(String::NewSymbol("SecureContext"), t->GetFunction());
@ -426,6 +427,21 @@ Handle<Value> SecureContext::SetCiphers(const Arguments& args) {
return True();
}
Handle<Value> SecureContext::SetOptions(const Arguments& args) {
HandleScope scope;
SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder());
if (args.Length() != 1 || !args[0]->IsUint32()) {
return ThrowException(Exception::TypeError(String::New("Bad parameter")));
}
unsigned int opts = args[0]->Uint32Value();
SSL_CTX_set_options(sc->ctx_, opts);
return True();
}
Handle<Value> SecureContext::Close(const Arguments& args) {
HandleScope scope;

1
src/node_crypto.h

@ -58,6 +58,7 @@ class SecureContext : ObjectWrap {
static v8::Handle<v8::Value> AddCRL(const v8::Arguments& args);
static v8::Handle<v8::Value> AddRootCerts(const v8::Arguments& args);
static v8::Handle<v8::Value> SetCiphers(const v8::Arguments& args);
static v8::Handle<v8::Value> SetOptions(const v8::Arguments& args);
static v8::Handle<v8::Value> Close(const v8::Arguments& args);
SecureContext() : ObjectWrap() {

Loading…
Cancel
Save