Browse Source

tls: parsing multiple values of a key in ssl certificate

Fixes #2864.
v0.9.1-release
ssuda 13 years ago
committed by koichik
parent
commit
9b672bcaa2
  1. 7
      lib/tls.js
  2. 22
      test/fixtures/multi-alice.crt
  3. 58
      test/simple/test-tls-peer-certificate-multi-keys.js

7
lib/tls.js

@ -197,9 +197,16 @@ function parseCertString(s) {
if (sepIndex > 0) {
var key = parts[i].slice(0, sepIndex);
var value = parts[i].slice(sepIndex + 1);
if (key in out) {
if (!Array.isArray(out[key])) {
out[key] = [out[key]];
}
out[key].push(value);
} else {
out[key] = value;
}
}
}
return out;
}

22
test/fixtures/multi-alice.crt

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnjCCAoYCCQCXooHS0l6bHDANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMC
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
dHMgUHR5IEx0ZDEfMB0GA1UECwwWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEUMBIG
A1UECwwLRW5naW5lZXJpbmcxEjAQBgNVBAsMCU1hcmtldGluZzAeFw0xMjAzMDQx
NDA4MDVaFw0xMjA0MDMxNDA4MDVaMIGQMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8w
HQYDVQQLDBZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRQwEgYDVQQLDAtFbmdpbmVl
cmluZzESMBAGA1UECwwJTWFya2V0aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAz+LXZOjcQCJq3+ZKUFabj71oo/ex/XsBcFqtBThjjTw9CVEVwfPQ
Qp4XwtPiB204vnYXwQ1/R2NdTQqCZu47l79LssL/u2a5Y9+0NEU3nQA5qdt+1FAE
0c5oexPimXOrR3GWfKz7PmZ2O0117IeCUUXPG5U8umhDe/4mDF4ZNJiKc404Wthq
uTqgS7rLQZHhZ6D0EnGnOkzlmxJMYPNHSOY1/6ivdNUUcC87awNEA3lgfhy25IyB
K3QJc+aYKNTbt70Lery3bu2wWLFGtmNiGlQTS4JsxImRsECTI727ObS7/FWAQsqW
+COL0Sa5BuMFrFIpjPrEe0ih7vRRbdmXRwIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQC7kyzjGXy7SnT1tvefdvtdAtErDuD375/sB2l1V72+BNXlIlddmEC8IkAVSKg2
5Y7MuQ4yMsHlhrdUxj/XOOVMHY/49xsZiN5hF2jb2mdq7KdvlVMYqyf126bW2mOx
cLVSiuucdp88zoJopWBUnNyVOYhh18St9bNosGgPzppGBCpL+MJvoSn3wrnFn8ER
wwN1m3ga590wHa4fny+qlD/hJNww16wbwgdF9NqsuR/e+sj9ZsoIYRCF8iKBajzt
3o7cZIRlvGtJfJRM87YCAn4BR3JgQPXfbhx31KwtMXtAJNzOHk26bblW3jTC8c7+
Cu1gNEM083vUq6/UxJUM8lOM
-----END CERTIFICATE-----

58
test/simple/test-tls-peer-certificate-multi-keys.js

@ -0,0 +1,58 @@
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.');
process.exit(0);
}
var common = require('../common');
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');
var util = require('util');
var join = require('path').join;
var spawn = require('child_process').spawn;
var options = {
key: fs.readFileSync(join(common.fixturesDir, 'agent.key')),
cert: fs.readFileSync(join(common.fixturesDir, 'multi-alice.crt'))
};
var verified = false;
var server = tls.createServer(options, function(cleartext) {
cleartext.end('World');
});
server.listen(common.PORT, function() {
var socket = tls.connect({port: common.PORT}, function() {
var peerCert = socket.getPeerCertificate();
common.debug(util.inspect(peerCert));
assert.deepEqual(peerCert.subject.OU,
['Information Technology', 'Engineering', 'Marketing']);
verified = true;
server.close();
});
socket.end('Hello');
});
process.on('exit', function() {
assert.ok(verified);
});
Loading…
Cancel
Save