diff options
| author | Anatoli Papirovski <apapirovski@mac.com> | 2018-05-02 12:49:13 +0200 |
|---|---|---|
| committer | Anatoli Papirovski <apapirovski@mac.com> | 2018-05-06 07:28:26 +0200 |
| commit | 491ae12e412076ac9360d34516c827e941caed12 (patch) | |
| tree | c6353185033fed474c4c24d7b820cdfea68265c3 | |
| parent | 9a3ae2fe9d6ddff6a0de81acb5e0a8c068c0c79d (diff) | |
| download | android-node-v8-491ae12e412076ac9360d34516c827e941caed12.tar.gz android-node-v8-491ae12e412076ac9360d34516c827e941caed12.tar.bz2 android-node-v8-491ae12e412076ac9360d34516c827e941caed12.zip | |
tls: cleanup onhandshakestart callback
Re-arrange and cleanup the flow of the onhandshakestart to be
more clear and less repetitive. Exit early in the case of a
first ever handshake for a given connection.
PR-URL: https://github.com/nodejs/node/pull/20466
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
| -rw-r--r-- | lib/_tls_wrap.js | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 2e6b2e8da5..65c684abfe 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -62,32 +62,28 @@ const noop = () => {}; function onhandshakestart(now) { debug('onhandshakestart'); - assert(now >= this.lastHandshakeTime); + const { lastHandshakeTime } = this; + assert(now >= lastHandshakeTime); - const owner = this.owner; + this.lastHandshakeTime = now; - if ((now - this.lastHandshakeTime) >= tls.CLIENT_RENEG_WINDOW * 1000) { - this.handshakes = 0; - } + // If this is the first handshake we can skip the rest of the checks. + if (lastHandshakeTime === 0) + return; - const first = (this.lastHandshakeTime === 0); - this.lastHandshakeTime = now; - if (first) return; + if ((now - lastHandshakeTime) >= tls.CLIENT_RENEG_WINDOW * 1000) + this.handshakes = 1; + else + this.handshakes++; - if (++this.handshakes > tls.CLIENT_RENEG_LIMIT) { - // Defer the error event to the next tick. We're being called from OpenSSL's - // state machine and OpenSSL is not re-entrant. We cannot allow the user's - // callback to destroy the connection right now, it would crash and burn. - setImmediate(emitSessionAttackError, owner); + const { owner } = this; + if (this.handshakes > tls.CLIENT_RENEG_LIMIT) { + owner._emitTLSError(new ERR_TLS_SESSION_ATTACK()); + return; } - if (owner[kDisableRenegotiation] && this.handshakes > 0) { + if (owner[kDisableRenegotiation]) owner._emitTLSError(new ERR_TLS_RENEGOTIATION_DISABLED()); - } -} - -function emitSessionAttackError(socket) { - socket._emitTLSError(new ERR_TLS_SESSION_ATTACK()); } function onhandshakedone() { |