Lines 42-47
Link Here
|
42 |
// StartComAndWoSignData.inc |
42 |
// StartComAndWoSignData.inc |
43 |
#include "StartComAndWoSignData.inc" |
43 |
#include "StartComAndWoSignData.inc" |
44 |
|
44 |
|
|
|
45 |
#include <openssl/bn.h> |
46 |
#include <openssl/dh.h> |
47 |
#include <openssl/rsa.h> |
48 |
|
45 |
#include <errno.h> |
49 |
#include <errno.h> |
46 |
#include <limits.h> // INT_MAX |
50 |
#include <limits.h> // INT_MAX |
47 |
#include <math.h> |
51 |
#include <math.h> |
Lines 544-549
Link Here
|
544 |
new SecureContext(env, args.This()); |
548 |
new SecureContext(env, args.This()); |
545 |
} |
549 |
} |
546 |
|
550 |
|
|
|
551 |
static void set_protocol_version(const SSL_METHOD *m, int version) |
552 |
{ |
553 |
SSL_CTX *ctx = SSL_CTX_new(m); |
554 |
SSL_CTX_set_min_proto_version(ctx, version); |
555 |
SSL_CTX_set_max_proto_version(ctx, version); |
556 |
SSL_CTX_free(ctx); |
557 |
} |
547 |
|
558 |
|
548 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
559 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
549 |
SecureContext* sc; |
560 |
SecureContext* sc; |
Lines 578-600
Link Here
|
578 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
589 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
579 |
method = SSLv23_client_method(); |
590 |
method = SSLv23_client_method(); |
580 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
591 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
581 |
method = TLSv1_method(); |
592 |
method = TLS_method(); |
|
|
593 |
set_protocol_version(method, TLS1_VERSION); |
582 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
594 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
583 |
method = TLSv1_server_method(); |
595 |
method = TLS_server_method(); |
|
|
596 |
set_protocol_version(method, TLS1_VERSION); |
584 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
597 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
585 |
method = TLSv1_client_method(); |
598 |
method = TLS_client_method(); |
|
|
599 |
set_protocol_version(method, TLS1_VERSION); |
586 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
600 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
587 |
method = TLSv1_1_method(); |
601 |
method = TLS_method(); |
|
|
602 |
set_protocol_version(method, TLS1_1_VERSION); |
588 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
603 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
589 |
method = TLSv1_1_server_method(); |
604 |
method = TLS_server_method(); |
|
|
605 |
set_protocol_version(method, TLS1_1_VERSION); |
590 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
606 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
591 |
method = TLSv1_1_client_method(); |
607 |
method = TLS_client_method(); |
|
|
608 |
set_protocol_version(method, TLS1_1_VERSION); |
592 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
609 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
593 |
method = TLSv1_2_method(); |
610 |
method = TLS_method(); |
|
|
611 |
set_protocol_version(method, TLS1_2_VERSION); |
594 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
612 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
595 |
method = TLSv1_2_server_method(); |
613 |
method = TLS_server_method(); |
|
|
614 |
set_protocol_version(method, TLS1_2_VERSION); |
596 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
615 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
597 |
method = TLSv1_2_client_method(); |
616 |
method = TLS_client_method(); |
|
|
617 |
set_protocol_version(method, TLS1_2_VERSION); |
598 |
} else { |
618 |
} else { |
599 |
return env->ThrowError("Unknown method"); |
619 |
return env->ThrowError("Unknown method"); |
600 |
} |
620 |
} |
Lines 1826-1839
Link Here
|
1826 |
rsa = nullptr; |
1846 |
rsa = nullptr; |
1827 |
} |
1847 |
} |
1828 |
|
1848 |
|
1829 |
ASN1_TIME_print(bio, X509_get_notBefore(cert)); |
1849 |
ASN1_TIME_print(bio, X509_get0_notBefore(cert)); |
1830 |
BIO_get_mem_ptr(bio, &mem); |
1850 |
BIO_get_mem_ptr(bio, &mem); |
1831 |
info->Set(env->valid_from_string(), |
1851 |
info->Set(env->valid_from_string(), |
1832 |
String::NewFromUtf8(env->isolate(), mem->data, |
1852 |
String::NewFromUtf8(env->isolate(), mem->data, |
1833 |
String::kNormalString, mem->length)); |
1853 |
String::kNormalString, mem->length)); |
1834 |
(void) BIO_reset(bio); |
1854 |
(void) BIO_reset(bio); |
1835 |
|
1855 |
|
1836 |
ASN1_TIME_print(bio, X509_get_notAfter(cert)); |
1856 |
ASN1_TIME_print(bio, X509_get0_notAfter(cert)); |
1837 |
BIO_get_mem_ptr(bio, &mem); |
1857 |
BIO_get_mem_ptr(bio, &mem); |
1838 |
info->Set(env->valid_to_string(), |
1858 |
info->Set(env->valid_to_string(), |
1839 |
String::NewFromUtf8(env->isolate(), mem->data, |
1859 |
String::NewFromUtf8(env->isolate(), mem->data, |
Lines 3011-3017
Link Here
|
3011 |
return true; |
3031 |
return true; |
3012 |
|
3032 |
|
3013 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3033 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3014 |
if (X509_cmp_time(X509_get_notBefore(cert), &october_21_2016) < 0) |
3034 |
if (X509_cmp_time(X509_get0_notBefore(cert), &october_21_2016) < 0) |
3015 |
return true; |
3035 |
return true; |
3016 |
|
3036 |
|
3017 |
return false; |
3037 |
return false; |
Lines 5072-5078
Link Here
|
5072 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5092 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5073 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5093 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5074 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5094 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5075 |
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5095 |
#warning "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5076 |
#endif |
5096 |
#endif |
5077 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
5097 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
5078 |
"Private key"); |
5098 |
"Private key"); |
Lines 6058-6065
Link Here
|
6058 |
} |
6078 |
} |
6059 |
|
6079 |
|
6060 |
void InitCryptoOnce() { |
6080 |
void InitCryptoOnce() { |
6061 |
SSL_load_error_strings(); |
6081 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
6062 |
OPENSSL_no_config(); |
6082 |
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_NO_LOAD_CONFIG, NULL); |
6063 |
|
6083 |
|
6064 |
// --openssl-config=... |
6084 |
// --openssl-config=... |
6065 |
if (!openssl_config.empty()) { |
6085 |
if (!openssl_config.empty()) { |
Lines 6081-6088
Link Here
|
6081 |
} |
6101 |
} |
6082 |
} |
6102 |
} |
6083 |
|
6103 |
|
6084 |
SSL_library_init(); |
6104 |
OPENSSL_init_ssl(0, NULL); |
6085 |
OpenSSL_add_all_algorithms(); |
|
|
6086 |
|
6105 |
|
6087 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6106 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6088 |
crypto_lock_init(); |
6107 |
crypto_lock_init(); |