From 6bc9b2ef9206fc7e3da570db72931cc9a5e35b8e Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Tue, 7 Dec 2010 16:50:30 -0800 Subject: [PATCH] clients without certs are unauthed. --- src/node_crypto.cc | 13 +++++++++---- test/simple/test-tls-server-verify.js | 10 +++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 3db4e89ef2..7b3b76b349 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -740,12 +740,17 @@ Handle SecureStream::VerifyError(const Arguments& args) { if (ss->ssl_ == NULL) return Null(); -#if 0 - // Why? + + // XXX Do this check in JS land? X509* peer_cert = SSL_get_peer_certificate(ss->ssl_); - if (peer_cert == NULL) return False(); + if (peer_cert == NULL) { + // We requested a certificate and they did not send us one. + // Definitely an error. + // XXX is this the right error message? + return scope.Close(String::New("UNABLE_TO_GET_ISSUER_CERT")); + } X509_free(peer_cert); -#endif + long x509_verify_error = SSL_get_verify_result(ss->ssl_); diff --git a/test/simple/test-tls-server-verify.js b/test/simple/test-tls-server-verify.js index d2a797e071..3a927d3b73 100644 --- a/test/simple/test-tls-server-verify.js +++ b/test/simple/test-tls-server-verify.js @@ -15,7 +15,7 @@ var testCases = [ { name: 'agent1', shouldReject: false, shouldAuth: false }, { name: 'agent2', shouldReject: false, shouldAuth: false }, { name: 'agent3', shouldReject: false, shouldAuth: false }, - { name: 'agent4', shouldReject: false, shouldAuth: false } + { name: 'nocert', shouldReject: false, shouldAuth: false } ] }, @@ -27,7 +27,7 @@ var testCases = [ { name: 'agent1', shouldReject: false, shouldAuth: true }, { name: 'agent2', shouldReject: false, shouldAuth: false }, { name: 'agent3', shouldReject: false, shouldAuth: false }, - { name: 'agent4', shouldReject: false, shouldAuth: false } + { name: 'nocert', shouldReject: false, shouldAuth: false } ] }, @@ -39,7 +39,7 @@ var testCases = [ { name: 'agent1', shouldReject: false, shouldAuth: true }, { name: 'agent2', shouldReject: true }, { name: 'agent3', shouldReject: true }, - { name: 'agent4', shouldReject: true } + { name: 'nocert', shouldReject: true } ] }, @@ -102,8 +102,8 @@ function runClient (options, cb) { args.push(filenamePEM('agent3-cert')); break; - case 'agent4': - // Self-signed + case 'nocert': + // Do not send certificate break; default: