jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-01 08:42:45 +00:00
Code Issues Actions 19 Packages Projects Releases Wiki Activity
cb15fc56d8
node/test/parallel/test-tls-pfx-authorizationerror.js
Anna Henningsen e888f667f5
tls: do not free cert in .getCertificate() 
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: https://github.com/nodejs/node/pull/24261
Fixes: https://github.com/nodejs-private/security/issues/217

PR-URL: https://github.com/nodejs/node/pull/25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-01-21 20:18:14 +01:00

52 lines
1.4 KiB
JavaScript
Raw Blame History

'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('node compiled without crypto.');
const fixtures = require('../common/fixtures');
// This test ensures that TLS does not fail to read a self-signed certificate
// and thus throw an `authorizationError`.
// https://github.com/nodejs/node/issues/5100
const assert = require('assert');
const tls = require('tls');
const pfx = fixtures.readKey('agent1.pfx');
const server = tls
.createServer(
{
pfx: pfx,
passphrase: 'sample',
requestCert: true,
rejectUnauthorized: false
},
common.mustCall(function(c) {
assert.strictEqual(c.getPeerCertificate().serialNumber,
'ECC9B856270DA9A8');
assert.strictEqual(c.authorizationError, null);
c.end();
})
)
.listen(0, function() {
const client = tls.connect(
{
port: this.address().port,
pfx: pfx,
passphrase: 'sample',
rejectUnauthorized: false
},
function() {
for (let i = 0; i < 10; ++i) {
// Calling this repeatedly is a regression test that verifies
// that .getCertificate() does not accidentally decrease the
// reference count of the X509* certificate on the native side.
assert.strictEqual(client.getCertificate().serialNumber,
'ECC9B856270DA9A8');
}
client.end();
server.close();
}
);
});
Reference in New Issue View Git Blame Copy Permalink