|
Lines 42-47
Link Here
|
| 42 |
// StartComAndWoSignData.inc |
42 |
// StartComAndWoSignData.inc |
| 43 |
#include "StartComAndWoSignData.inc" |
43 |
#include "StartComAndWoSignData.inc" |
| 44 |
|
44 |
|
|
|
45 |
#include <openssl/bn.h> |
| 46 |
#include <openssl/dh.h> |
| 47 |
#include <openssl/rsa.h> |
| 48 |
|
| 45 |
#include <algorithm> |
49 |
#include <algorithm> |
| 46 |
#include <errno.h> |
50 |
#include <errno.h> |
| 47 |
#include <limits.h> // INT_MAX |
51 |
#include <limits.h> // INT_MAX |
|
Lines 569-574
Link Here
|
| 569 |
new SecureContext(env, args.This()); |
573 |
new SecureContext(env, args.This()); |
| 570 |
} |
574 |
} |
| 571 |
|
575 |
|
|
|
576 |
static void set_protocol_version(const SSL_METHOD *m, int version) |
| 577 |
{ |
| 578 |
SSL_CTX *ctx = SSL_CTX_new(m); |
| 579 |
SSL_CTX_set_min_proto_version(ctx, version); |
| 580 |
SSL_CTX_set_max_proto_version(ctx, version); |
| 581 |
SSL_CTX_free(ctx); |
| 582 |
} |
| 572 |
|
583 |
|
| 573 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
584 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
| 574 |
SecureContext* sc; |
585 |
SecureContext* sc; |
|
Lines 603-625
Link Here
|
| 603 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
614 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
| 604 |
method = SSLv23_client_method(); |
615 |
method = SSLv23_client_method(); |
| 605 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
616 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
| 606 |
method = TLSv1_method(); |
617 |
method = TLS_method(); |
|
|
618 |
set_protocol_version(method, TLS1_VERSION); |
| 607 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
619 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
| 608 |
method = TLSv1_server_method(); |
620 |
method = TLS_server_method(); |
|
|
621 |
set_protocol_version(method, TLS1_VERSION); |
| 609 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
622 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
| 610 |
method = TLSv1_client_method(); |
623 |
method = TLS_client_method(); |
|
|
624 |
set_protocol_version(method, TLS1_VERSION); |
| 611 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
625 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
| 612 |
method = TLSv1_1_method(); |
626 |
method = TLS_method(); |
|
|
627 |
set_protocol_version(method, TLS1_1_VERSION); |
| 613 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
628 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
| 614 |
method = TLSv1_1_server_method(); |
629 |
method = TLS_server_method(); |
|
|
630 |
set_protocol_version(method, TLS1_1_VERSION); |
| 615 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
631 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
| 616 |
method = TLSv1_1_client_method(); |
632 |
method = TLS_client_method(); |
|
|
633 |
set_protocol_version(method, TLS1_1_VERSION); |
| 617 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
634 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
| 618 |
method = TLSv1_2_method(); |
635 |
method = TLS_method(); |
|
|
636 |
set_protocol_version(method, TLS1_2_VERSION); |
| 619 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
637 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
| 620 |
method = TLSv1_2_server_method(); |
638 |
method = TLS_server_method(); |
|
|
639 |
set_protocol_version(method, TLS1_2_VERSION); |
| 621 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
640 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
| 622 |
method = TLSv1_2_client_method(); |
641 |
method = TLS_client_method(); |
|
|
642 |
set_protocol_version(method, TLS1_2_VERSION); |
| 623 |
} else { |
643 |
} else { |
| 624 |
return env->ThrowError("Unknown method"); |
644 |
return env->ThrowError("Unknown method"); |
| 625 |
} |
645 |
} |
|
Lines 1892-1905
Link Here
|
| 1892 |
rsa = nullptr; |
1912 |
rsa = nullptr; |
| 1893 |
} |
1913 |
} |
| 1894 |
|
1914 |
|
| 1895 |
ASN1_TIME_print(bio, X509_get_notBefore(cert)); |
1915 |
ASN1_TIME_print(bio, X509_get0_notBefore(cert)); |
| 1896 |
BIO_get_mem_ptr(bio, &mem); |
1916 |
BIO_get_mem_ptr(bio, &mem); |
| 1897 |
info->Set(env->valid_from_string(), |
1917 |
info->Set(env->valid_from_string(), |
| 1898 |
String::NewFromUtf8(env->isolate(), mem->data, |
1918 |
String::NewFromUtf8(env->isolate(), mem->data, |
| 1899 |
String::kNormalString, mem->length)); |
1919 |
String::kNormalString, mem->length)); |
| 1900 |
USE(BIO_reset(bio)); |
1920 |
USE(BIO_reset(bio)); |
| 1901 |
|
1921 |
|
| 1902 |
ASN1_TIME_print(bio, X509_get_notAfter(cert)); |
1922 |
ASN1_TIME_print(bio, X509_get0_notAfter(cert)); |
| 1903 |
BIO_get_mem_ptr(bio, &mem); |
1923 |
BIO_get_mem_ptr(bio, &mem); |
| 1904 |
info->Set(env->valid_to_string(), |
1924 |
info->Set(env->valid_to_string(), |
| 1905 |
String::NewFromUtf8(env->isolate(), mem->data, |
1925 |
String::NewFromUtf8(env->isolate(), mem->data, |
|
Lines 3077-3083
Link Here
|
| 3077 |
return true; |
3097 |
return true; |
| 3078 |
|
3098 |
|
| 3079 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3099 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
| 3080 |
if (X509_cmp_time(X509_get_notBefore(cert), &october_21_2016) < 0) |
3100 |
if (X509_cmp_time(X509_get0_notBefore(cert), &october_21_2016) < 0) |
| 3081 |
return true; |
3101 |
return true; |
| 3082 |
|
3102 |
|
| 3083 |
return false; |
3103 |
return false; |
|
Lines 5139-5145
Link Here
|
| 5139 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5159 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
| 5140 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5160 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
| 5141 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5161 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
| 5142 |
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5162 |
#warning "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
| 5143 |
#endif |
5163 |
#endif |
| 5144 |
SetKey(args, |
5164 |
SetKey(args, |
| 5145 |
[](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); }, |
5165 |
[](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); }, |
|
Lines 6095-6102
Link Here
|
| 6095 |
} |
6115 |
} |
| 6096 |
|
6116 |
|
| 6097 |
void InitCryptoOnce() { |
6117 |
void InitCryptoOnce() { |
| 6098 |
SSL_load_error_strings(); |
6118 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
| 6099 |
OPENSSL_no_config(); |
6119 |
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_NO_LOAD_CONFIG, NULL); |
| 6100 |
|
6120 |
|
| 6101 |
// --openssl-config=... |
6121 |
// --openssl-config=... |
| 6102 |
if (!openssl_config.empty()) { |
6122 |
if (!openssl_config.empty()) { |
|
Lines 6118-6125
Link Here
|
| 6118 |
} |
6138 |
} |
| 6119 |
} |
6139 |
} |
| 6120 |
|
6140 |
|
| 6121 |
SSL_library_init(); |
6141 |
OPENSSL_init_ssl(0, NULL); |
| 6122 |
OpenSSL_add_all_algorithms(); |
|
|
| 6123 |
|
6142 |
|
| 6124 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6143 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 6125 |
crypto_lock_init(); |
6144 |
crypto_lock_init(); |
