|
Lines 42-47
Link Here
|
| 42 |
// StartComAndWoSignData.inc |
42 |
// StartComAndWoSignData.inc |
| 43 |
#include "StartComAndWoSignData.inc" |
43 |
#include "StartComAndWoSignData.inc" |
| 44 |
|
44 |
|
|
|
45 |
#include <openssl/bn.h> |
| 46 |
#include <openssl/dh.h> |
| 47 |
#include <openssl/rsa.h> |
| 48 |
|
| 45 |
#include <errno.h> |
49 |
#include <errno.h> |
| 46 |
#include <limits.h> // INT_MAX |
50 |
#include <limits.h> // INT_MAX |
| 47 |
#include <math.h> |
51 |
#include <math.h> |
|
Lines 544-549
Link Here
|
| 544 |
new SecureContext(env, args.This()); |
548 |
new SecureContext(env, args.This()); |
| 545 |
} |
549 |
} |
| 546 |
|
550 |
|
|
|
551 |
static void set_protocol_version(const SSL_METHOD *m, int version) |
| 552 |
{ |
| 553 |
SSL_CTX *ctx = SSL_CTX_new(m); |
| 554 |
SSL_CTX_set_min_proto_version(ctx, version); |
| 555 |
SSL_CTX_set_max_proto_version(ctx, version); |
| 556 |
SSL_CTX_free(ctx); |
| 557 |
} |
| 547 |
|
558 |
|
| 548 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
559 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
| 549 |
SecureContext* sc; |
560 |
SecureContext* sc; |
|
Lines 578-600
Link Here
|
| 578 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
589 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
| 579 |
method = SSLv23_client_method(); |
590 |
method = SSLv23_client_method(); |
| 580 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
591 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
| 581 |
method = TLSv1_method(); |
592 |
method = TLS_method(); |
|
|
593 |
set_protocol_version(method, TLS1_VERSION); |
| 582 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
594 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
| 583 |
method = TLSv1_server_method(); |
595 |
method = TLS_server_method(); |
|
|
596 |
set_protocol_version(method, TLS1_VERSION); |
| 584 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
597 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
| 585 |
method = TLSv1_client_method(); |
598 |
method = TLS_client_method(); |
|
|
599 |
set_protocol_version(method, TLS1_VERSION); |
| 586 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
600 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
| 587 |
method = TLSv1_1_method(); |
601 |
method = TLS_method(); |
|
|
602 |
set_protocol_version(method, TLS1_1_VERSION); |
| 588 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
603 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
| 589 |
method = TLSv1_1_server_method(); |
604 |
method = TLS_server_method(); |
|
|
605 |
set_protocol_version(method, TLS1_1_VERSION); |
| 590 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
606 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
| 591 |
method = TLSv1_1_client_method(); |
607 |
method = TLS_client_method(); |
|
|
608 |
set_protocol_version(method, TLS1_1_VERSION); |
| 592 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
609 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
| 593 |
method = TLSv1_2_method(); |
610 |
method = TLS_method(); |
|
|
611 |
set_protocol_version(method, TLS1_2_VERSION); |
| 594 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
612 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
| 595 |
method = TLSv1_2_server_method(); |
613 |
method = TLS_server_method(); |
|
|
614 |
set_protocol_version(method, TLS1_2_VERSION); |
| 596 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
615 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
| 597 |
method = TLSv1_2_client_method(); |
616 |
method = TLS_client_method(); |
|
|
617 |
set_protocol_version(method, TLS1_2_VERSION); |
| 598 |
} else { |
618 |
} else { |
| 599 |
return env->ThrowError("Unknown method"); |
619 |
return env->ThrowError("Unknown method"); |
| 600 |
} |
620 |
} |
|
Lines 1826-1839
Link Here
|
| 1826 |
rsa = nullptr; |
1846 |
rsa = nullptr; |
| 1827 |
} |
1847 |
} |
| 1828 |
|
1848 |
|
| 1829 |
ASN1_TIME_print(bio, X509_get_notBefore(cert)); |
1849 |
ASN1_TIME_print(bio, X509_get0_notBefore(cert)); |
| 1830 |
BIO_get_mem_ptr(bio, &mem); |
1850 |
BIO_get_mem_ptr(bio, &mem); |
| 1831 |
info->Set(env->valid_from_string(), |
1851 |
info->Set(env->valid_from_string(), |
| 1832 |
String::NewFromUtf8(env->isolate(), mem->data, |
1852 |
String::NewFromUtf8(env->isolate(), mem->data, |
| 1833 |
String::kNormalString, mem->length)); |
1853 |
String::kNormalString, mem->length)); |
| 1834 |
(void) BIO_reset(bio); |
1854 |
(void) BIO_reset(bio); |
| 1835 |
|
1855 |
|
| 1836 |
ASN1_TIME_print(bio, X509_get_notAfter(cert)); |
1856 |
ASN1_TIME_print(bio, X509_get0_notAfter(cert)); |
| 1837 |
BIO_get_mem_ptr(bio, &mem); |
1857 |
BIO_get_mem_ptr(bio, &mem); |
| 1838 |
info->Set(env->valid_to_string(), |
1858 |
info->Set(env->valid_to_string(), |
| 1839 |
String::NewFromUtf8(env->isolate(), mem->data, |
1859 |
String::NewFromUtf8(env->isolate(), mem->data, |
|
Lines 3011-3017
Link Here
|
| 3011 |
return true; |
3031 |
return true; |
| 3012 |
|
3032 |
|
| 3013 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3033 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
| 3014 |
if (X509_cmp_time(X509_get_notBefore(cert), &october_21_2016) < 0) |
3034 |
if (X509_cmp_time(X509_get0_notBefore(cert), &october_21_2016) < 0) |
| 3015 |
return true; |
3035 |
return true; |
| 3016 |
|
3036 |
|
| 3017 |
return false; |
3037 |
return false; |
|
Lines 5072-5078
Link Here
|
| 5072 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5092 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
| 5073 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5093 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
| 5074 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5094 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
| 5075 |
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5095 |
#warning "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
| 5076 |
#endif |
5096 |
#endif |
| 5077 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
5097 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
| 5078 |
"Private key"); |
5098 |
"Private key"); |
|
Lines 6058-6065
Link Here
|
| 6058 |
} |
6078 |
} |
| 6059 |
|
6079 |
|
| 6060 |
void InitCryptoOnce() { |
6080 |
void InitCryptoOnce() { |
| 6061 |
SSL_load_error_strings(); |
6081 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
| 6062 |
OPENSSL_no_config(); |
6082 |
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_NO_LOAD_CONFIG, NULL); |
| 6063 |
|
6083 |
|
| 6064 |
// --openssl-config=... |
6084 |
// --openssl-config=... |
| 6065 |
if (!openssl_config.empty()) { |
6085 |
if (!openssl_config.empty()) { |
|
Lines 6081-6088
Link Here
|
| 6081 |
} |
6101 |
} |
| 6082 |
} |
6102 |
} |
| 6083 |
|
6103 |
|
| 6084 |
SSL_library_init(); |
6104 |
OPENSSL_init_ssl(0, NULL); |
| 6085 |
OpenSSL_add_all_algorithms(); |
|
|
| 6086 |
|
6105 |
|
| 6087 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6106 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 6088 |
crypto_lock_init(); |
6107 |
crypto_lock_init(); |
