Browse Source

crypto: add newline to cert and key if not present

After one of OpenSSL updates we have stopped accepting PEM private keys
and certificates that doesn't end with a newline (`\n`) character.
Handle this regression in `crypto.js` to make less trouble to our users.

fix #6892
v0.11.11-release
Fedor Indutny 11 years ago
parent
commit
cdde9a386a
  1. 19
      lib/crypto.js
  2. 71
      test/simple/test-tls-cert-regression.js

19
lib/crypto.js

@ -78,6 +78,18 @@ function Credentials(secureProtocol, flags, context) {
exports.Credentials = Credentials;
function addNewline(buf) {
var last = buf[buf.length - 1];
var isBuf = Buffer.isBuffer(buf);
if (!isBuf && !util.isString(buf))
throw new Error('Certificate should be of type Buffer or string');
if (isBuf ? last !== 10 : last !== '\n')
return buf.toString().trim() + '\n';
else
return buf;
}
exports.createCredentials = function(options, context) {
if (!options) options = {};
@ -89,14 +101,15 @@ exports.createCredentials = function(options, context) {
if (context) return c;
if (options.key) {
var key = addNewline(options.key);
if (options.passphrase) {
c.context.setKey(options.key, options.passphrase);
c.context.setKey(key, options.passphrase);
} else {
c.context.setKey(options.key);
c.context.setKey(key);
}
}
if (options.cert) c.context.setCert(options.cert);
if (options.cert) c.context.setCert(addNewline(options.cert));
if (options.ciphers) c.context.setCiphers(options.ciphers);

71
test/simple/test-tls-cert-regression.js

@ -0,0 +1,71 @@
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
if (!process.versions.openssl) {
console.error('Skipping because node compiled without OpenSSL.');
process.exit(0);
}
var tls = require('tls');
var assert = require('assert');
var common = require('../common');
var cert = '-----BEGIN CERTIFICATE-----\n' +
'MIIBfjCCASgCCQDmmNjAojbDQjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB\n' +
'VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0\n' +
'cyBQdHkgTHRkMCAXDTE0MDExNjE3NTMxM1oYDzIyODcxMDMxMTc1MzEzWjBFMQsw\n' +
'CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu\n' +
'ZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPKwlfMX\n' +
'6HGZIt1xm7fna72eWcOYfUfSxSugghvqYgJt2Oi3lH+wsU1O9FzRIVmpeIjDXhbp\n' +
'Mjsa1HtzSiccPXsCAwEAATANBgkqhkiG9w0BAQUFAANBAHOoKy0NkyfiYH7Ne5ka\n' +
'uvCyndyeB4d24FlfqEUlkfaWCZlNKRaV9YhLDiEg3BcIreFo4brtKQfZzTRs0GVm\n' +
'KHg=\n' +
'-----END CERTIFICATE-----';
var key = '-----BEGIN RSA PRIVATE KEY-----\n' +
'MIIBPQIBAAJBAPKwlfMX6HGZIt1xm7fna72eWcOYfUfSxSugghvqYgJt2Oi3lH+w\n' +
'sU1O9FzRIVmpeIjDXhbpMjsa1HtzSiccPXsCAwEAAQJBAM4uU9aJE0OfdE1p/X+K\n' +
'LrCT3XMdFCJ24GgmHyOURtwDy18upQJecDVdcZp16fjtOPmaW95GoYRyifB3R4I5\n' +
'RxECIQD7jRM9slCSVV8xp9kOJQNpHjhRQYVGBn+pyllS2sb+RQIhAPb7Y+BIccri\n' +
'NWnuhwCW8hA7Fkj/kaBdAwyW7L3Tvui/AiEAiqLCovMecre4Yi6GcsQ1b/6mvSmm\n' +
'IOS+AT6zIfXPTB0CIQCJKGR3ymN/Qw5crL1GQ41cHCQtF9ickOq/lBUW+j976wIh\n' +
'AOaJnkQrmurlRdePX6LvN/LgGAQoxwovfjcOYNnZsIVY\n' +
'-----END RSA PRIVATE KEY-----';
function test(cert, key, cb) {
var server = tls.createServer({
cert: cert,
key: key
}).listen(common.PORT, function() {
server.close(cb);
});
}
var completed = false;
test(cert, key, function() {
test(new Buffer(cert), new Buffer(key), function() {
completed = true;
});
});
process.on('exit', function() {
assert(completed);
});
Loading…
Cancel
Save