Lines 42-47
Link Here
|
42 |
// StartComAndWoSignData.inc |
42 |
// StartComAndWoSignData.inc |
43 |
#include "StartComAndWoSignData.inc" |
43 |
#include "StartComAndWoSignData.inc" |
44 |
|
44 |
|
|
|
45 |
#include <openssl/bn.h> |
46 |
#include <openssl/dh.h> |
47 |
#include <openssl/rsa.h> |
48 |
|
45 |
#include <algorithm> |
49 |
#include <algorithm> |
46 |
#include <errno.h> |
50 |
#include <errno.h> |
47 |
#include <limits.h> // INT_MAX |
51 |
#include <limits.h> // INT_MAX |
Lines 569-574
Link Here
|
569 |
new SecureContext(env, args.This()); |
573 |
new SecureContext(env, args.This()); |
570 |
} |
574 |
} |
571 |
|
575 |
|
|
|
576 |
static void set_protocol_version(const SSL_METHOD *m, int version) |
577 |
{ |
578 |
SSL_CTX *ctx = SSL_CTX_new(m); |
579 |
SSL_CTX_set_min_proto_version(ctx, version); |
580 |
SSL_CTX_set_max_proto_version(ctx, version); |
581 |
SSL_CTX_free(ctx); |
582 |
} |
572 |
|
583 |
|
573 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
584 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
574 |
SecureContext* sc; |
585 |
SecureContext* sc; |
Lines 603-625
Link Here
|
603 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
614 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
604 |
method = SSLv23_client_method(); |
615 |
method = SSLv23_client_method(); |
605 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
616 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
606 |
method = TLSv1_method(); |
617 |
method = TLS_method(); |
|
|
618 |
set_protocol_version(method, TLS1_VERSION); |
607 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
619 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
608 |
method = TLSv1_server_method(); |
620 |
method = TLS_server_method(); |
|
|
621 |
set_protocol_version(method, TLS1_VERSION); |
609 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
622 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
610 |
method = TLSv1_client_method(); |
623 |
method = TLS_client_method(); |
|
|
624 |
set_protocol_version(method, TLS1_VERSION); |
611 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
625 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
612 |
method = TLSv1_1_method(); |
626 |
method = TLS_method(); |
|
|
627 |
set_protocol_version(method, TLS1_1_VERSION); |
613 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
628 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
614 |
method = TLSv1_1_server_method(); |
629 |
method = TLS_server_method(); |
|
|
630 |
set_protocol_version(method, TLS1_1_VERSION); |
615 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
631 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
616 |
method = TLSv1_1_client_method(); |
632 |
method = TLS_client_method(); |
|
|
633 |
set_protocol_version(method, TLS1_1_VERSION); |
617 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
634 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
618 |
method = TLSv1_2_method(); |
635 |
method = TLS_method(); |
|
|
636 |
set_protocol_version(method, TLS1_2_VERSION); |
619 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
637 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
620 |
method = TLSv1_2_server_method(); |
638 |
method = TLS_server_method(); |
|
|
639 |
set_protocol_version(method, TLS1_2_VERSION); |
621 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
640 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
622 |
method = TLSv1_2_client_method(); |
641 |
method = TLS_client_method(); |
|
|
642 |
set_protocol_version(method, TLS1_2_VERSION); |
623 |
} else { |
643 |
} else { |
624 |
return env->ThrowError("Unknown method"); |
644 |
return env->ThrowError("Unknown method"); |
625 |
} |
645 |
} |
Lines 1892-1905
Link Here
|
1892 |
rsa = nullptr; |
1912 |
rsa = nullptr; |
1893 |
} |
1913 |
} |
1894 |
|
1914 |
|
1895 |
ASN1_TIME_print(bio, X509_get_notBefore(cert)); |
1915 |
ASN1_TIME_print(bio, X509_get0_notBefore(cert)); |
1896 |
BIO_get_mem_ptr(bio, &mem); |
1916 |
BIO_get_mem_ptr(bio, &mem); |
1897 |
info->Set(env->valid_from_string(), |
1917 |
info->Set(env->valid_from_string(), |
1898 |
String::NewFromUtf8(env->isolate(), mem->data, |
1918 |
String::NewFromUtf8(env->isolate(), mem->data, |
1899 |
String::kNormalString, mem->length)); |
1919 |
String::kNormalString, mem->length)); |
1900 |
USE(BIO_reset(bio)); |
1920 |
USE(BIO_reset(bio)); |
1901 |
|
1921 |
|
1902 |
ASN1_TIME_print(bio, X509_get_notAfter(cert)); |
1922 |
ASN1_TIME_print(bio, X509_get0_notAfter(cert)); |
1903 |
BIO_get_mem_ptr(bio, &mem); |
1923 |
BIO_get_mem_ptr(bio, &mem); |
1904 |
info->Set(env->valid_to_string(), |
1924 |
info->Set(env->valid_to_string(), |
1905 |
String::NewFromUtf8(env->isolate(), mem->data, |
1925 |
String::NewFromUtf8(env->isolate(), mem->data, |
Lines 3077-3083
Link Here
|
3077 |
return true; |
3097 |
return true; |
3078 |
|
3098 |
|
3079 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3099 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3080 |
if (X509_cmp_time(X509_get_notBefore(cert), &october_21_2016) < 0) |
3100 |
if (X509_cmp_time(X509_get0_notBefore(cert), &october_21_2016) < 0) |
3081 |
return true; |
3101 |
return true; |
3082 |
|
3102 |
|
3083 |
return false; |
3103 |
return false; |
Lines 5139-5145
Link Here
|
5139 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5159 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5140 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5160 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5141 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5161 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5142 |
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5162 |
#warning "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5143 |
#endif |
5163 |
#endif |
5144 |
SetKey(args, |
5164 |
SetKey(args, |
5145 |
[](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); }, |
5165 |
[](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); }, |
Lines 6095-6102
Link Here
|
6095 |
} |
6115 |
} |
6096 |
|
6116 |
|
6097 |
void InitCryptoOnce() { |
6117 |
void InitCryptoOnce() { |
6098 |
SSL_load_error_strings(); |
6118 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
6099 |
OPENSSL_no_config(); |
6119 |
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_NO_LOAD_CONFIG, NULL); |
6100 |
|
6120 |
|
6101 |
// --openssl-config=... |
6121 |
// --openssl-config=... |
6102 |
if (!openssl_config.empty()) { |
6122 |
if (!openssl_config.empty()) { |
Lines 6118-6125
Link Here
|
6118 |
} |
6138 |
} |
6119 |
} |
6139 |
} |
6120 |
|
6140 |
|
6121 |
SSL_library_init(); |
6141 |
OPENSSL_init_ssl(0, NULL); |
6122 |
OpenSSL_add_all_algorithms(); |
|
|
6123 |
|
6142 |
|
6124 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6143 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6125 |
crypto_lock_init(); |
6144 |
crypto_lock_init(); |