From 2a88dd3bc1d0ee192dd0d5976db37765498df80b Mon Sep 17 00:00:00 2001 From: Theo Schlossnagle Date: Sat, 2 Apr 2011 00:53:07 -0400 Subject: [PATCH] TLS: Add secureOptions flag Also, secureOptions flag was added (and passed through) and allows the context to have all supported SSL_OP_* set via createCredentials. All SSL_OP_ flags (outside of ALL) have been added to constants. --- lib/crypto.js | 6 ++-- lib/tls.js | 3 ++ src/node_constants.cc | 70 +++++++++++++++++++++++++++++++++++++++++++ src/node_crypto.cc | 16 ++++++++++ src/node_crypto.h | 1 + 5 files changed, 94 insertions(+), 2 deletions(-) diff --git a/lib/crypto.js b/lib/crypto.js index c95103f3df..cbe3e9251e 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -36,7 +36,7 @@ try { } -function Credentials(secureProtocol) { +function Credentials(secureProtocol, flags) { if (!(this instanceof Credentials)) { return new Credentials(secureProtocol); } @@ -53,6 +53,8 @@ function Credentials(secureProtocol) { this.context.init(); } + if(flags) this.context.setOptions(flags); + } exports.Credentials = Credentials; @@ -60,7 +62,7 @@ exports.Credentials = Credentials; exports.createCredentials = function(options) { if (!options) options = {}; - var c = new Credentials(options.secureProtocol); + var c = new Credentials(options.secureProtocol, options.secureOptions); if (options.key) c.context.setKey(options.key); diff --git a/lib/tls.js b/lib/tls.js index 547e9395c6..4ed12853d9 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -724,6 +724,7 @@ function Server(/* [options], listener */) { cert: self.cert, ca: self.ca, secureProtocol: self.secureProtocol, + secureOptions: self.secureOptions, crl: self.crl }); //creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); @@ -795,6 +796,8 @@ Server.prototype.setOptions = function(options) { if (options.ca) this.ca = options.ca; if (options.secureProtocol) this.secureProtocol = options.secureProtocol; if (options.crl) this.crl = options.crl; + if (options.secureProtocol) this.secureProtocol = options.secureProtocol; + if (options.secureOptions) this.secureOptions = options.secureOptions; }; diff --git a/src/node_constants.cc b/src/node_constants.cc index ecb34a6b78..a173d9fcd9 100644 --- a/src/node_constants.cc +++ b/src/node_constants.cc @@ -35,6 +35,10 @@ # include #endif +#ifdef HAVE_OPENSSL +# include +#endif + namespace node { using namespace v8; @@ -838,6 +842,72 @@ void DefineConstants(Handle target) { #ifdef SIGUNUSED NODE_DEFINE_CONSTANT(target, SIGUNUSED); #endif + +// OpenSSL SSL context options + +#ifdef SSL_OP_NO_QUERY_MTU + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_QUERY_MTU); +#endif + +#ifdef SSL_OP_COOKIE_EXCHANGE + NODE_DEFINE_CONSTANT(target, SSL_OP_COOKIE_EXCHANGE); +#endif + +#ifdef SSL_OP_NO_TICKET + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TICKET); +#endif + +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#endif + +#ifdef SSL_OP_SINGLE_ECDH_USE + NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_ECDH_USE); +#endif + +#ifdef SSL_OP_SINGLE_DH_USE + NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE); +#endif + +#ifdef SSL_OP_EPHEMERAL_RSA + NODE_DEFINE_CONSTANT(target, SSL_OP_EPHEMERAL_RSA); +#endif + +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + NODE_DEFINE_CONSTANT(target, SSL_OP_CIPHER_SERVER_PREFERENCE); +#endif + +#ifdef SSL_OP_TLS_ROLLBACK_BUG + NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_ROLLBACK_BUG); +#endif + +#ifdef SSL_OP_NO_SSLv2 + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SSLv2); +#endif + +#ifdef SSL_OP_NO_SSLv3 + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SSLv3); +#endif + +#ifdef SSL_OP_NO_TLSv1 + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1); +#endif + +#ifdef SSL_OP_PKCS1_CHECK_1 + NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1); +#endif + +#ifdef SSL_OP_PKCS1_CHECK_2 + NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2); +#endif + +#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG); +#endif + +#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); +#endif } } // namespace node diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 14b267fb2c..03024c3938 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -73,6 +73,7 @@ void SecureContext::Initialize(Handle target) { NODE_SET_PROTOTYPE_METHOD(t, "addCRL", SecureContext::AddCRL); NODE_SET_PROTOTYPE_METHOD(t, "addRootCerts", SecureContext::AddRootCerts); NODE_SET_PROTOTYPE_METHOD(t, "setCiphers", SecureContext::SetCiphers); + NODE_SET_PROTOTYPE_METHOD(t, "setOptions", SecureContext::SetOptions); NODE_SET_PROTOTYPE_METHOD(t, "close", SecureContext::Close); target->Set(String::NewSymbol("SecureContext"), t->GetFunction()); @@ -426,6 +427,21 @@ Handle SecureContext::SetCiphers(const Arguments& args) { return True(); } +Handle SecureContext::SetOptions(const Arguments& args) { + HandleScope scope; + + SecureContext *sc = ObjectWrap::Unwrap(args.Holder()); + + if (args.Length() != 1 || !args[0]->IsUint32()) { + return ThrowException(Exception::TypeError(String::New("Bad parameter"))); + } + + unsigned int opts = args[0]->Uint32Value(); + + SSL_CTX_set_options(sc->ctx_, opts); + + return True(); +} Handle SecureContext::Close(const Arguments& args) { HandleScope scope; diff --git a/src/node_crypto.h b/src/node_crypto.h index 9399bc0a7e..2cbffc2348 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -58,6 +58,7 @@ class SecureContext : ObjectWrap { static v8::Handle AddCRL(const v8::Arguments& args); static v8::Handle AddRootCerts(const v8::Arguments& args); static v8::Handle SetCiphers(const v8::Arguments& args); + static v8::Handle SetOptions(const v8::Arguments& args); static v8::Handle Close(const v8::Arguments& args); SecureContext() : ObjectWrap() {