From cdde9a386aca90ae151be9ad9455d0d0586d113b Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Mon, 20 Jan 2014 00:37:15 +0000 Subject: [PATCH] crypto: add newline to cert and key if not present After one of OpenSSL updates we have stopped accepting PEM private keys and certificates that doesn't end with a newline (`\n`) character. Handle this regression in `crypto.js` to make less trouble to our users. fix #6892 --- lib/crypto.js | 19 +++++-- test/simple/test-tls-cert-regression.js | 71 +++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 3 deletions(-) create mode 100644 test/simple/test-tls-cert-regression.js diff --git a/lib/crypto.js b/lib/crypto.js index 33baa40467..050d54afd1 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -78,6 +78,18 @@ function Credentials(secureProtocol, flags, context) { exports.Credentials = Credentials; +function addNewline(buf) { + var last = buf[buf.length - 1]; + var isBuf = Buffer.isBuffer(buf); + + if (!isBuf && !util.isString(buf)) + throw new Error('Certificate should be of type Buffer or string'); + + if (isBuf ? last !== 10 : last !== '\n') + return buf.toString().trim() + '\n'; + else + return buf; +} exports.createCredentials = function(options, context) { if (!options) options = {}; @@ -89,14 +101,15 @@ exports.createCredentials = function(options, context) { if (context) return c; if (options.key) { + var key = addNewline(options.key); if (options.passphrase) { - c.context.setKey(options.key, options.passphrase); + c.context.setKey(key, options.passphrase); } else { - c.context.setKey(options.key); + c.context.setKey(key); } } - if (options.cert) c.context.setCert(options.cert); + if (options.cert) c.context.setCert(addNewline(options.cert)); if (options.ciphers) c.context.setCiphers(options.ciphers); diff --git a/test/simple/test-tls-cert-regression.js b/test/simple/test-tls-cert-regression.js new file mode 100644 index 0000000000..ec8369ba98 --- /dev/null +++ b/test/simple/test-tls-cert-regression.js @@ -0,0 +1,71 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +if (!process.versions.openssl) { + console.error('Skipping because node compiled without OpenSSL.'); + process.exit(0); +} + +var tls = require('tls'); + +var assert = require('assert'); +var common = require('../common'); + +var cert = '-----BEGIN CERTIFICATE-----\n' + + 'MIIBfjCCASgCCQDmmNjAojbDQjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB\n' + + 'VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0\n' + + 'cyBQdHkgTHRkMCAXDTE0MDExNjE3NTMxM1oYDzIyODcxMDMxMTc1MzEzWjBFMQsw\n' + + 'CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu\n' + + 'ZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPKwlfMX\n' + + '6HGZIt1xm7fna72eWcOYfUfSxSugghvqYgJt2Oi3lH+wsU1O9FzRIVmpeIjDXhbp\n' + + 'Mjsa1HtzSiccPXsCAwEAATANBgkqhkiG9w0BAQUFAANBAHOoKy0NkyfiYH7Ne5ka\n' + + 'uvCyndyeB4d24FlfqEUlkfaWCZlNKRaV9YhLDiEg3BcIreFo4brtKQfZzTRs0GVm\n' + + 'KHg=\n' + + '-----END CERTIFICATE-----'; +var key = '-----BEGIN RSA PRIVATE KEY-----\n' + + 'MIIBPQIBAAJBAPKwlfMX6HGZIt1xm7fna72eWcOYfUfSxSugghvqYgJt2Oi3lH+w\n' + + 'sU1O9FzRIVmpeIjDXhbpMjsa1HtzSiccPXsCAwEAAQJBAM4uU9aJE0OfdE1p/X+K\n' + + 'LrCT3XMdFCJ24GgmHyOURtwDy18upQJecDVdcZp16fjtOPmaW95GoYRyifB3R4I5\n' + + 'RxECIQD7jRM9slCSVV8xp9kOJQNpHjhRQYVGBn+pyllS2sb+RQIhAPb7Y+BIccri\n' + + 'NWnuhwCW8hA7Fkj/kaBdAwyW7L3Tvui/AiEAiqLCovMecre4Yi6GcsQ1b/6mvSmm\n' + + 'IOS+AT6zIfXPTB0CIQCJKGR3ymN/Qw5crL1GQ41cHCQtF9ickOq/lBUW+j976wIh\n' + + 'AOaJnkQrmurlRdePX6LvN/LgGAQoxwovfjcOYNnZsIVY\n' + + '-----END RSA PRIVATE KEY-----'; + +function test(cert, key, cb) { + var server = tls.createServer({ + cert: cert, + key: key + }).listen(common.PORT, function() { + server.close(cb); + }); +} + +var completed = false; +test(cert, key, function() { + test(new Buffer(cert), new Buffer(key), function() { + completed = true; + }); +}); + +process.on('exit', function() { + assert(completed); +});