lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

crypto: add deprecated ValiCert CA for cross cert 

The host of melissadata.net has a cross root certification between
Starfield Class 2 and ValiCert Class 2. OpenSSL-1.0.1 only looks up
a cert chain to the deprecated ValiCert Class 2 CA and causes
untrusted error. We add it for a short-term remedy and it is to be
removed after upgrading OpenSSSL-1.0.2 and applying private patches
to support alternative cert chains.
See #402 and #589.

Fixes: https://github.com/iojs/io.js/issues/923
PR-URL: https://github.com/iojs/io.js/pull/1135
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v1.8.0-commit
Shigeki Ohtsu 10 years ago
parent
82f067e60b
commit
d8c4a932c9
2 changed files with 26 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      src/node_root_certs.h
  2. 7
      test/internet/test-tls-connnect-melissadata.js

19
src/node_root_certs.h
View File

@ -3911,3 +3911,22 @@
"ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLB\n" "ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLB\n"
"sX5VYc8T1yaw15zLKYs4SgsOkI26oQ==\n" "sX5VYc8T1yaw15zLKYs4SgsOkI26oQ==\n"
"-----END CERTIFICATE-----\n", "-----END CERTIFICATE-----\n",
/* This root cert is 1024bit RSA to be removed in future. See GH-923. */
/* ValiCert Class 2 VA */
"-----BEGIN CERTIFICATE-----\n"
"MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlk\n"
"YXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlD\n"
"ZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\n"
"Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29t\n"
"MB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\n"
"IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsT\n"
"LFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQD\n"
"ExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\n"
"cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2\n"
"VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQ\n"
"b7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QSv4dk+NoS/zcnwbNDu+97bi5p\n"
"9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6\n"
"EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2az\n"
"SiGM5bUMMj4QssxsodyamEwCW/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\n"
"-----END CERTIFICATE-----\n",

7
test/internet/test-tls-connnect-melissadata.js
View File

@ -0,0 +1,7 @@
// Test for authorized access to the server which has a cross root
// certification between Starfield Class 2 and ValiCert Class 2
var tls = require('tls');
var socket = tls.connect(443, 'address.melissadata.net', function() {
socket.resume();
socket.destroy();
});
Write Preview
Loading…
Cancel
Save