Merge branch 'v0.10'

Conflicts: src/node_crypto.cc src/node_crypto.h
11 years ago · 4bd5f35889
4 changed files with 41 additions and 37 deletions
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@ -113,6 +113,8 @@ X509_STORE* root_cert_store;
 // Just to generate static methods
 template class SSLWrap<TLSCallbacks>;
 template void SSLWrap<TLSCallbacks>::AddMethods(Handle<FunctionTemplate> t);
+template void SSLWrap<TLSCallbacks>::InitNPN(SecureContext* sc,
+                                             TLSCallbacks* base);
 template SSL_SESSION* SSLWrap<TLSCallbacks>::GetSessionCallback(
    SSL* s,
    unsigned char* key,
@ -861,6 +863,25 @@ void SSLWrap<Base>::AddMethods(Handle<FunctionTemplate> t) {
 }


+template <class Base>
+void SSLWrap<Base>::InitNPN(SecureContext* sc, Base* base) {
+  if (base->is_server()) {
+#ifdef OPENSSL_NPN_NEGOTIATED
+    // Server should advertise NPN protocols
+    SSL_CTX_set_next_protos_advertised_cb(sc->ctx_,
+                                          AdvertiseNextProtoCallback,
+                                          base);
+#endif  // OPENSSL_NPN_NEGOTIATED
+  } else {
+#ifdef OPENSSL_NPN_NEGOTIATED
+    // Client should select protocol from list of advertised
+    // If server supports NPN
+    SSL_CTX_set_next_proto_select_cb(sc->ctx_, SelectNextProtoCallback, base);
+#endif  // OPENSSL_NPN_NEGOTIATED
+  }
+}
+
+
 template <class Base>
 SSL_SESSION* SSLWrap<Base>::GetSessionCallback(SSL* s,
                                               unsigned char* key,
@ -1695,6 +1716,7 @@ int Connection::SelectSNIContextCallback_(SSL *s, int *ad, void* arg) {
      if (secure_context_constructor_template->HasInstance(ret)) {
        conn->sniContext_.Reset(node_isolate, ret);
        SecureContext* sc = Unwrap<SecureContext>(ret.As<Object>());
+        InitNPN(sc, conn);
        SSL_set_SSL_CTX(s, sc->ctx_);
      } else {
        return SSL_TLSEXT_ERR_NOACK;
@ -1730,22 +1752,7 @@ void Connection::New(const FunctionCallbackInfo<Value>& args) {
  if (is_server)
    SSL_set_info_callback(conn->ssl_, SSLInfoCallback);

-#ifdef OPENSSL_NPN_NEGOTIATED
-  if (is_server) {
-    // Server should advertise NPN protocols
-    SSL_CTX_set_next_protos_advertised_cb(
-        sc->ctx_,
-        SSLWrap<Connection>::AdvertiseNextProtoCallback,
-        conn);
-  } else {
-    // Client should select protocol from advertised
-    // If server supports NPN
-    SSL_CTX_set_next_proto_select_cb(
-        sc->ctx_,
-        SSLWrap<Connection>::SelectNextProtoCallback,
-        conn);
-  }
-#endif
+  InitNPN(sc, conn);

 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
  if (is_server) {
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@ -161,6 +161,7 @@ class SSLWrap {
  inline bool is_client() const { return kind_ == kClient; }

 protected:
+  static void InitNPN(SecureContext* sc, Base* base);
  static void AddMethods(v8::Handle<v8::FunctionTemplate> t);

  static SSL_SESSION* GetSessionCallback(SSL* s,
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@ -141,32 +141,19 @@ void TLSCallbacks::InitSSL() {
  SSL_set_app_data(ssl_, this);
  SSL_set_info_callback(ssl_, SSLInfoCallback);

-  if (is_server()) {
-    SSL_set_accept_state(ssl_);
-
-#ifdef OPENSSL_NPN_NEGOTIATED
-    // Server should advertise NPN protocols
-    SSL_CTX_set_next_protos_advertised_cb(
-        sc_->ctx_,
-        SSLWrap<TLSCallbacks>::AdvertiseNextProtoCallback,
-        this);
-#endif  // OPENSSL_NPN_NEGOTIATED
-
 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+  if (is_server()) {
    SSL_CTX_set_tlsext_servername_callback(sc_->ctx_, SelectSNIContextCallback);
    SSL_CTX_set_tlsext_servername_arg(sc_->ctx_, this);
+  }
 #endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+
+  InitNPN(sc_, this);
+
+  if (is_server()) {
+    SSL_set_accept_state(ssl_);
  } else if (is_client()) {
    SSL_set_connect_state(ssl_);
-
-#ifdef OPENSSL_NPN_NEGOTIATED
-    // Client should select protocol from list of advertised
-    // If server supports NPN
-    SSL_CTX_set_next_proto_select_cb(
-        sc_->ctx_,
-        SSLWrap<TLSCallbacks>::SelectNextProtoCallback,
-        this);
-#endif  // OPENSSL_NPN_NEGOTIATED
  } else {
    // Unexpected
    abort();
@ -672,6 +659,7 @@ int TLSCallbacks::SelectSNIContextCallback(SSL* s, int* ad, void* arg) {
    p->sni_context_.Reset(node_isolate, ctx);

    SecureContext* sc = Unwrap<SecureContext>(ctx.As<Object>());
+    InitNPN(sc, p);
    SSL_set_SSL_CTX(s, sc->ctx_);
  }

--- a/test/simple/test-tls-npn-server-client.js
+++ b/test/simple/test-tls-npn-server-client.js
@ -28,7 +28,8 @@ if (!process.features.tls_npn) {
 var common = require('../common'),
    assert = require('assert'),
    fs = require('fs'),
-    tls = require('tls');
+    tls = require('tls'),
+    crypto = require('crypto');

 function filenamePEM(n) {
  return require('path').join(common.fixturesDir, 'keys', n + '.pem');
@ -42,6 +43,13 @@ var serverOptions = {
  key: loadPEM('agent2-key'),
  cert: loadPEM('agent2-cert'),
  crl: loadPEM('ca2-crl'),
+  SNICallback: function() {
+    return crypto.createCredentials({
+      key: loadPEM('agent2-key'),
+      cert: loadPEM('agent2-cert'),
+      crl: loadPEM('ca2-crl'),
+    }).context;
+  },
  NPNProtocols: ['a', 'b', 'c']
 };