mirror of https://github.com/lukechilds/node.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch:
master
V8-icu-patch-4.x
archived-io.js-v0.10
archived-io.js-v0.12
canary-base
cpu-docs
master
process-exit-stdio-flushing
v0.10
v0.10-staging
v0.10.0-release
v0.10.1-release
v0.10.10-release
v0.10.11-release
v0.10.12-release
v0.10.13-release
v0.10.14-release
v0.10.15-release
v0.10.16-release
v0.10.17-release
v0.10.18-release
v0.10.19-release
v0.10.2-release
v0.10.20-release
v0.10.21-release
v0.10.22-release
v0.10.23-release
v0.10.24-release
v0.10.25-release
v0.10.26-release
v0.10.27-release
v0.10.28-release
v0.10.29-release
v0.10.3-release
v0.10.30-release
v0.10.31-release
v0.10.32-release
v0.10.33-release
v0.10.34-release
v0.10.35-release
v0.10.36-release
v0.10.37-release
v0.10.38-release
v0.10.39-release
v0.10.4-release
v0.10.5-release
v0.10.6-release
v0.10.7-release
v0.10.8-release
v0.10.9-release
v0.11.0-release
v0.11.1-release
v0.11.10-release
v0.11.11-release
v0.11.12-release
v0.11.13-release
v0.11.14-release
v0.11.15-release
v0.11.16-release
v0.11.2-release
v0.11.3-release
v0.11.4-release
v0.11.5-release
v0.11.6-release
v0.11.7-release
v0.11.8-release
v0.11.9-release
v0.12
v0.12-staging
v0.12.0-release
v0.12.1-release
v0.12.2-release
v0.12.3-release
v0.12.4-release
v0.12.5-release
v0.12.6-release
v0.7.4-release
v0.8.10-release
v0.8.11-release
v0.8.12-release
v0.8.13-release
v0.8.14-release
v0.8.15-release
v0.8.16-release
v0.8.17-release
v0.8.18-release
v0.8.19-release
v0.8.20-release
v0.8.21-release
v0.8.22-release
v0.8.23-release
v0.8.24-release
v0.8.25-release
v0.8.26-release
v0.8.27-release
v0.8.28-release
v0.8.7-release
v0.8.8-release
v0.8.9-release
v0.9.1-release
v0.9.10-release
v0.9.11-release
v0.9.12-release
v0.9.2-release
v0.9.3-release
v0.9.4-release
v0.9.5-release
v0.9.6-release
v0.9.7-release
v0.9.8-release
v0.9.9-release
v1.8.0-commit
v1.x
v2.0.2
v2.3.1-release
v3.x
v4.0.0-rc
v4.8.5-proposal
v4.x
v4.x-staging
v5.x
v6
v6.12.0-proposal
v6.x
v6.x-staging
v7.x
v7.x-staging
v8.x
v8.x-staging
v9.0.0-proposal
v9.x
v9.x-staging
heads/tags/v0.5.6
jenkins-accept-commit-temp2
jenkins-accept-pull-request-temp2
jenkins-test-pull-request-temp
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.90
v0.1.91
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.10.0
v0.10.1
v0.10.10
v0.10.11
v0.10.12
v0.10.13
v0.10.14
v0.10.15
v0.10.16
v0.10.17
v0.10.18
v0.10.19
v0.10.2
v0.10.20
v0.10.21
v0.10.22
v0.10.23
v0.10.24
v0.10.25
v0.10.26
v0.10.27
v0.10.28
v0.10.29
v0.10.3
v0.10.30
v0.10.31
v0.10.32
v0.10.33
v0.10.34
v0.10.35
v0.10.36
v0.10.37
v0.10.38
v0.10.39
v0.10.4
v0.10.40
v0.10.41
v0.10.41-rc.1
v0.10.42
v0.10.43
v0.10.44
v0.10.45
v0.10.46
v0.10.47
v0.10.48
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.14
v0.11.15
v0.11.16
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.16
v0.12.17
v0.12.18
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.8-rc.1
v0.12.9
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.21
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.10
v0.7.10-fixed
v0.7.11
v0.7.12
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.10
v0.8.11
v0.8.12
v0.8.13
v0.8.14
v0.8.15
v0.8.16
v0.8.17
v0.8.18
v0.8.19
v0.8.2
v0.8.20
v0.8.21
v0.8.22
v0.8.23
v0.8.24
v0.8.25
v0.8.26
v0.8.27
v0.8.28
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.0.0
v1.0.0-release
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.0.0
v3.0.0-rc.3
v3.0.0-rc.4
v3.0.0-rc.5
v3.0.0-rc.6
v3.0.0-rc.7
v3.0.0-rc1
v3.0.0-rc2
v3.1.0
v3.2.0
v3.3.0
v3.3.1
v4.0.0
v4.0.0-rc.1
v4.0.0-rc.2
v4.0.0-rc.3
v4.0.0-rc.4
v4.0.0-rc.5
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.2-rc.1
v4.2.2-rc.2
v4.2.3
v4.2.4
v4.2.4-rc.1
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.1-rc.1
v4.3.1-rc.2
v4.3.2
v4.4.0
v4.4.0-rc.1
v4.4.0-rc.2
v4.4.0-rc.3
v4.4.0-rc.4
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v4.8.4
v5.0.0
v5.0.0-rc.1
v5.0.0-rc.2
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.0
v5.11.1
v5.12.0
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.8.1-rc.1
v5.9.0
v5.9.1
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.0.0
v7.1.0
v7.10.0
v7.10.1
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.7.0
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.9.0
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
${ noResults }
David Benjamin
6ebdb69472
PR #11705 switched Node away from using using OpenSSL's legacy EVP_Sign* and EVP_Verify* APIs. Instead, it computes a hash normally via EVP_Digest* and then uses EVP_PKEY_sign and EVP_PKEY_verify to verify the hash directly. This change corrects two problems: 1. The documentation still recommends the signature algorithm EVP_MD names of OpenSSL's legacy APIs. OpenSSL has since moved away from thosee, which is why ECDSA was strangely inconsistent. (This is why "ecdsa-with-SHA256" was missing.) 2. Node_SignFinal copied some code from EVP_SignFinal's internals. This is problematic for OpenSSL 1.1.0 and is missing a critical check that prevents pkey->pkey.ptr from being cast to the wrong type. To resolve this, remove the non-EVP_PKEY_sign codepath. This codepath is no longer necessary. PR #11705's verify half was already assuming all EVP_PKEYs supported EVP_PKEY_sign and EVP_PKEY_verify. Also, in the documentation, point users towards using hash function names which are more consisent. This avoids an ECDSA special-case and some strangeness around RSA-PSS ("RSA-SHA256" is the OpenSSL name of the sha256WithRSAEncryption OID which is not used for RSA-PSS). PR-URL: https://github.com/nodejs/node/pull/15024 Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> |
7 years ago | |
---|---|---|
.. | ||
0-dns-cert.pem | test: add script to create 0-dns-cert.pem | 8 years ago |
0-dns-key.pem | test: add script to create 0-dns-cert.pem | 8 years ago |
0-dns-rsapub.der | test: add script to create 0-dns-cert.pem | 8 years ago |
README.md | test: add script to create 0-dns-cert.pem | 8 years ago |
create-cert.js | crypto: fix Node_SignFinal | 7 years ago |
package.json | test: add script to create 0-dns-cert.pem | 8 years ago |
README.md
Purpose
The test cert file for use test/parallel/test-tls-0-dns-altname.js
can be created by using asn1.js
and asn1.js-rfc5280
,
How to create a test cert.
$ openssl genrsa -out 0-dns-key.pem 2048
Generating RSA private key, 2048 bit long modulus
...................+++
..............................................................................................+++
e is 65537 (0x10001)
$ openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der -out 0-dns-rsapub.der
writing RSA key
$ npm install
0-dns@1.0.0 /home/github/node/test/fixtures/0-dns
+-- asn1.js@4.9.1
| +-- bn.js@4.11.6
| +-- inherits@2.0.3
| `-- minimalistic-assert@1.0.0
`-- asn1.js-rfc5280@1.2.2
$ node ./createCert.js
$ openssl x509 -text -in 0-dns-cert.pem
(You can not see evil.example.com in subjectAltName field)