diff options
author | Fedor Indutny <fedor@indutny.com> | 2015-04-26 14:19:38 +0200 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2015-04-30 11:02:26 +0200 |
commit | 2684c902c4ff90711e57e787c5bfe0bac33bcd49 (patch) | |
tree | 6a68650b9a5fd30ce3db86a36ee738c3617dbfd4 | |
parent | e6874dd0f9c62a515b64ed35a4806f667152b6ec (diff) | |
download | android-node-v8-2684c902c4ff90711e57e787c5bfe0bac33bcd49.tar.gz android-node-v8-2684c902c4ff90711e57e787c5bfe0bac33bcd49.tar.bz2 android-node-v8-2684c902c4ff90711e57e787c5bfe0bac33bcd49.zip |
tls: zero SSL_CTX freelist for a singleUse socket
When connecting to server with `keepAlive` turned off - make sure that
the read/write buffers won't be kept in a single use SSL_CTX instance
after the socket will be destroyed.
Fix: https://github.com/iojs/io.js/issues/1522
PR-URL: https://github.com/iojs/io.js/pull/1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
-rw-r--r-- | lib/_tls_common.js | 4 | ||||
-rw-r--r-- | lib/_tls_wrap.js | 2 | ||||
-rw-r--r-- | src/node_crypto.cc | 8 | ||||
-rw-r--r-- | src/node_crypto.h | 2 |
4 files changed, 16 insertions, 0 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 2c15d91df8..3040b3a5b4 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -133,6 +133,10 @@ exports.createSecureContext = function createSecureContext(options, context) { } } + // Do not keep read/write buffers in free list + if (options.singleUse) + c.context.setFreeListLength(0); + return c; }; diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 84b02a731b..7f83e2f759 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -862,6 +862,8 @@ exports.connect = function(/* [port, host], options, cb */) { }; options = util._extend(defaults, options || {}); + if (!options.keepAlive) + options.singleUse = true; assert(typeof options.checkServerIdentity === 'function'); diff --git a/src/node_crypto.cc b/src/node_crypto.cc index b980fb0ab6..97a105879f 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -265,6 +265,7 @@ void SecureContext::Initialize(Environment* env, Handle<Object> target) { env->SetProtoMethod(t, "loadPKCS12", SecureContext::LoadPKCS12); env->SetProtoMethod(t, "getTicketKeys", SecureContext::GetTicketKeys); env->SetProtoMethod(t, "setTicketKeys", SecureContext::SetTicketKeys); + env->SetProtoMethod(t, "setFreeListLength", SecureContext::SetFreeListLength); env->SetProtoMethod(t, "getCertificate", SecureContext::GetCertificate<true>); env->SetProtoMethod(t, "getIssuer", SecureContext::GetCertificate<false>); @@ -933,6 +934,13 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo<Value>& args) { } +void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) { + SecureContext* wrap = Unwrap<SecureContext>(args.Holder()); + + wrap->ctx_->freelist_max_len = args[0]->Int32Value(); +} + + void SecureContext::CtxGetter(Local<String> property, const PropertyCallbackInfo<Value>& info) { HandleScope scope(info.GetIsolate()); diff --git a/src/node_crypto.h b/src/node_crypto.h index a623ccbf26..f6069f8841 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -85,6 +85,8 @@ class SecureContext : public BaseObject { static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args); static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args); static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args); + static void SetFreeListLength( + const v8::FunctionCallbackInfo<v8::Value>& args); static void CtxGetter(v8::Local<v8::String> property, const v8::PropertyCallbackInfo<v8::Value>& info); |