Browse Source

clients without certs are unauthed.

v0.7.4-release
Ryan Dahl 14 years ago
parent
commit
6bc9b2ef92
  1. 13
      src/node_crypto.cc
  2. 10
      test/simple/test-tls-server-verify.js

13
src/node_crypto.cc

@ -740,12 +740,17 @@ Handle<Value> SecureStream::VerifyError(const Arguments& args) {
if (ss->ssl_ == NULL) return Null();
#if 0
// Why?
// XXX Do this check in JS land?
X509* peer_cert = SSL_get_peer_certificate(ss->ssl_);
if (peer_cert == NULL) return False();
if (peer_cert == NULL) {
// We requested a certificate and they did not send us one.
// Definitely an error.
// XXX is this the right error message?
return scope.Close(String::New("UNABLE_TO_GET_ISSUER_CERT"));
}
X509_free(peer_cert);
#endif
long x509_verify_error = SSL_get_verify_result(ss->ssl_);

10
test/simple/test-tls-server-verify.js

@ -15,7 +15,7 @@ var testCases =
[ { name: 'agent1', shouldReject: false, shouldAuth: false },
{ name: 'agent2', shouldReject: false, shouldAuth: false },
{ name: 'agent3', shouldReject: false, shouldAuth: false },
{ name: 'agent4', shouldReject: false, shouldAuth: false }
{ name: 'nocert', shouldReject: false, shouldAuth: false }
]
},
@ -27,7 +27,7 @@ var testCases =
[ { name: 'agent1', shouldReject: false, shouldAuth: true },
{ name: 'agent2', shouldReject: false, shouldAuth: false },
{ name: 'agent3', shouldReject: false, shouldAuth: false },
{ name: 'agent4', shouldReject: false, shouldAuth: false }
{ name: 'nocert', shouldReject: false, shouldAuth: false }
]
},
@ -39,7 +39,7 @@ var testCases =
[ { name: 'agent1', shouldReject: false, shouldAuth: true },
{ name: 'agent2', shouldReject: true },
{ name: 'agent3', shouldReject: true },
{ name: 'agent4', shouldReject: true }
{ name: 'nocert', shouldReject: true }
]
},
@ -102,8 +102,8 @@ function runClient (options, cb) {
args.push(filenamePEM('agent3-cert'));
break;
case 'agent4':
// Self-signed
case 'nocert':
// Do not send certificate
break;
default:

Loading…
Cancel
Save