diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2018-06-02 10:52:59 +0200 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2018-06-08 00:53:37 +0200 |
| commit | a76f0298184115971bac56dd369418786569f76d (patch) | |
| tree | a337f105fb3c0cd36e53098d4badbadab2bbde49 | |
| parent | efdc1a44bb540375110720882f3f978cf20b1259 (diff) | |
| download | android-node-v8-a76f0298184115971bac56dd369418786569f76d.tar.gz android-node-v8-a76f0298184115971bac56dd369418786569f76d.tar.bz2 android-node-v8-a76f0298184115971bac56dd369418786569f76d.zip | |
lib,src: remove openssl feature conditionals
Remove compile-time and run-time conditionals for features that
OpenSSL 1.0.0 and 1.0.1 didn't support: ALPN, OCSP and/or SNI.
They are no longer necessary since our baseline is OpenSSL 1.0.2.
PR-URL: https://github.com/nodejs/node/pull/21094
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
| -rw-r--r-- | lib/_tls_wrap.js | 15 | ||||
| -rw-r--r-- | lib/https.js | 2 | ||||
| -rw-r--r-- | src/node.cc | 28 | ||||
| -rw-r--r-- | src/node_crypto.cc | 27 | ||||
| -rw-r--r-- | src/node_crypto.h | 9 | ||||
| -rw-r--r-- | src/tls_wrap.cc | 8 | ||||
| -rw-r--r-- | src/tls_wrap.h | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-alpn-server-client.js | 5 | ||||
| -rw-r--r-- | test/parallel/test-tls-empty-sni-context.js | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-ocsp-callback.js | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-sni-option.js | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-sni-server-client.js | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-snicallback-error.js | 3 | ||||
| -rw-r--r-- | test/parallel/test-tls-socket-constructor-alpn-options-parsing.js | 3 |
14 files changed, 13 insertions, 102 deletions
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 77b37c54f0..7b16abab87 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -512,8 +512,7 @@ TLSSocket.prototype._init = function(socket, wrap) { // If custom SNICallback was given, or if // there're SNI contexts to perform match against - // set `.onsniselect` callback. - if (process.features.tls_sni && - options.isServer && + if (options.isServer && options.SNICallback && (options.SNICallback !== SNICallback || (options.server && options.server._contexts.length))) { @@ -522,7 +521,7 @@ TLSSocket.prototype._init = function(socket, wrap) { ssl.enableCertCb(); } - if (process.features.tls_alpn && options.ALPNProtocols) { + if (options.ALPNProtocols) { // keep reference in secureContext not to be GC-ed ssl._secureContext.alpnBuffer = options.ALPNProtocols; ssl.setALPNProtocols(ssl._secureContext.alpnBuffer); @@ -620,15 +619,9 @@ TLSSocket.prototype._releaseControl = function() { }; TLSSocket.prototype._finishInit = function() { - if (process.features.tls_alpn) { - this.alpnProtocol = this._handle.getALPNNegotiatedProtocol(); - } - - if (process.features.tls_sni) { - this.servername = this._handle.getServername(); - } - debug('secure established'); + this.alpnProtocol = this._handle.getALPNNegotiatedProtocol(); + this.servername = this._handle.getServername(); this._secureEstablished = true; if (this._tlsOptions.handshakeTimeout > 0) this.setTimeout(0, this._handleTimeout); diff --git a/lib/https.js b/lib/https.js index 53a8a2751d..43bd6ee06c 100644 --- a/lib/https.js +++ b/lib/https.js @@ -48,7 +48,7 @@ function Server(opts, requestListener) { } opts = util._extend({}, opts); - if (process.features.tls_alpn && !opts.ALPNProtocols) { + if (!opts.ALPNProtocols) { // http/1.0 is not defined as Protocol IDs in IANA // http://www.iana.org/assignments/tls-extensiontype-values // /tls-extensiontype-values.xhtml#alpn-protocol-ids diff --git a/src/node.cc b/src/node.cc index ff3d149863..75dbafa1ab 100644 --- a/src/node.cc +++ b/src/node.cc @@ -2373,30 +2373,16 @@ static Local<Object> GetFeatures(Environment* env) { // TODO(bnoordhuis) ping libuv obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "ipv6"), True(env->isolate())); -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - Local<Boolean> tls_alpn = True(env->isolate()); +#ifdef HAVE_OPENSSL + Local<Boolean> have_openssl = True(env->isolate()); #else - Local<Boolean> tls_alpn = False(env->isolate()); + Local<Boolean> have_openssl = False(env->isolate()); #endif - obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_alpn"), tls_alpn); -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - Local<Boolean> tls_sni = True(env->isolate()); -#else - Local<Boolean> tls_sni = False(env->isolate()); -#endif - obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_sni"), tls_sni); - -#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb) - Local<Boolean> tls_ocsp = True(env->isolate()); -#else - Local<Boolean> tls_ocsp = False(env->isolate()); -#endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb) - obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_ocsp"), tls_ocsp); - - obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls"), - Boolean::New(env->isolate(), - get_builtin_module("crypto") != nullptr)); + obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_alpn"), have_openssl); + obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_sni"), have_openssl); + obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls_ocsp"), have_openssl); + obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "tls"), have_openssl); return scope.Escape(obj); } diff --git a/src/node_crypto.cc b/src/node_crypto.cc index d5d1b031c5..2339dc8335 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -133,16 +133,10 @@ template int SSLWrap<TLSWrap>::NewSessionCallback(SSL* s, template void SSLWrap<TLSWrap>::OnClientHello( void* arg, const ClientHelloParser::ClientHello& hello); - -#ifdef NODE__HAVE_TLSEXT_STATUS_CB template int SSLWrap<TLSWrap>::TLSExtStatusCallback(SSL* s, void* arg); -#endif - template void SSLWrap<TLSWrap>::DestroySSL(); template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); - -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation template int SSLWrap<TLSWrap>::SelectALPNCallback( SSL* s, const unsigned char** out, @@ -150,7 +144,6 @@ template int SSLWrap<TLSWrap>::SelectALPNCallback( const unsigned char* in, unsigned int inlen, void* arg); -#endif // TLSEXT_TYPE_application_layer_protocol_negotiation static int PasswordCallback(char* buf, int size, int rwflag, void* u) { @@ -1387,11 +1380,9 @@ void SSLWrap<Base>::AddMethods(Environment* env, Local<FunctionTemplate> t) { template <class Base> void SSLWrap<Base>::ConfigureSecureContext(SecureContext* sc) { -#ifdef NODE__HAVE_TLSEXT_STATUS_CB // OCSP stapling SSL_CTX_set_tlsext_status_cb(sc->ctx_.get(), TLSExtStatusCallback); SSL_CTX_set_tlsext_status_arg(sc->ctx_.get(), nullptr); -#endif // NODE__HAVE_TLSEXT_STATUS_CB } @@ -2019,7 +2010,6 @@ void SSLWrap<Base>::NewSessionDone(const FunctionCallbackInfo<Value>& args) { template <class Base> void SSLWrap<Base>::SetOCSPResponse(const FunctionCallbackInfo<Value>& args) { -#ifdef NODE__HAVE_TLSEXT_STATUS_CB Base* w; ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); Environment* env = w->env(); @@ -2030,18 +2020,15 @@ void SSLWrap<Base>::SetOCSPResponse(const FunctionCallbackInfo<Value>& args) { THROW_AND_RETURN_IF_NOT_BUFFER(env, args[0], "OCSP response"); w->ocsp_response_.Reset(args.GetIsolate(), args[0].As<Object>()); -#endif // NODE__HAVE_TLSEXT_STATUS_CB } template <class Base> void SSLWrap<Base>::RequestOCSP(const FunctionCallbackInfo<Value>& args) { -#ifdef NODE__HAVE_TLSEXT_STATUS_CB Base* w; ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); SSL_set_tlsext_status_type(w->ssl_.get(), TLSEXT_STATUSTYPE_ocsp); -#endif // NODE__HAVE_TLSEXT_STATUS_CB } @@ -2226,7 +2213,6 @@ void SSLWrap<Base>::GetProtocol(const FunctionCallbackInfo<Value>& args) { } -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation template <class Base> int SSLWrap<Base>::SelectALPNCallback(SSL* s, const unsigned char** out, @@ -2256,13 +2242,11 @@ int SSLWrap<Base>::SelectALPNCallback(SSL* s, return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK; } -#endif // TLSEXT_TYPE_application_layer_protocol_negotiation template <class Base> void SSLWrap<Base>::GetALPNNegotiatedProto( const FunctionCallbackInfo<Value>& args) { -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation Base* w; ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); @@ -2276,13 +2260,11 @@ void SSLWrap<Base>::GetALPNNegotiatedProto( args.GetReturnValue().Set( OneByteString(args.GetIsolate(), alpn_proto, alpn_proto_len)); -#endif // TLSEXT_TYPE_application_layer_protocol_negotiation } template <class Base> void SSLWrap<Base>::SetALPNProtocols(const FunctionCallbackInfo<Value>& args) { -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation Base* w; ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); Environment* env = w->env(); @@ -2306,11 +2288,9 @@ void SSLWrap<Base>::SetALPNProtocols(const FunctionCallbackInfo<Value>& args) { SelectALPNCallback, nullptr); } -#endif // TLSEXT_TYPE_application_layer_protocol_negotiation } -#ifdef NODE__HAVE_TLSEXT_STATUS_CB template <class Base> int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) { Base* w = static_cast<Base*>(SSL_get_app_data(s)); @@ -2354,7 +2334,6 @@ int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) { return SSL_TLSEXT_ERR_OK; } } -#endif // NODE__HAVE_TLSEXT_STATUS_CB template <class Base> @@ -2396,11 +2375,7 @@ int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) { info->Set(context, env->servername_string(), str).FromJust(); } - bool ocsp = false; -#ifdef NODE__HAVE_TLSEXT_STATUS_CB - ocsp = SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp; -#endif - + const bool ocsp = (SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp); info->Set(context, env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp)).FromJust(); diff --git a/src/node_crypto.h b/src/node_crypto.h index 8d40f85099..4587a96e72 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -53,10 +53,6 @@ #include <openssl/rand.h> #include <openssl/pkcs12.h> -#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb) -# define NODE__HAVE_TLSEXT_STATUS_CB -#endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb) - namespace node { namespace crypto { @@ -331,13 +327,8 @@ class SSLWrap { ClientHelloParser hello_parser_; -#ifdef NODE__HAVE_TLSEXT_STATUS_CB Persistent<v8::Object> ocsp_response_; -#endif // NODE__HAVE_TLSEXT_STATUS_CB - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB Persistent<v8::Value> sni_context_; -#endif friend class SecureContext; }; diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc index e74ee02aaa..65615e3a11 100644 --- a/src/tls_wrap.cc +++ b/src/tls_wrap.cc @@ -131,12 +131,10 @@ void TLSWrap::InitSSL() { SSL_set_app_data(ssl_.get(), this); SSL_set_info_callback(ssl_.get(), SSLInfoCallback); -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB if (is_server()) { SSL_CTX_set_tlsext_servername_callback(sc_->ctx_.get(), SelectSNIContextCallback); } -#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB ConfigureSecureContext(sc_); @@ -777,7 +775,6 @@ void TLSWrap::OnClientHelloParseEnd(void* arg) { } -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB void TLSWrap::GetServername(const FunctionCallbackInfo<Value>& args) { Environment* env = Environment::GetCurrent(args); @@ -809,10 +806,8 @@ void TLSWrap::SetServername(const FunctionCallbackInfo<Value>& args) { CHECK_NOT_NULL(wrap->ssl_); -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB node::Utf8Value servername(env->isolate(), args[0].As<String>()); SSL_set_tlsext_host_name(wrap->ssl_.get(), *servername); -#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB } @@ -851,7 +846,6 @@ int TLSWrap::SelectSNIContextCallback(SSL* s, int* ad, void* arg) { p->SetSNIContext(sc); return SSL_TLSEXT_ERR_OK; } -#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB void TLSWrap::GetWriteQueueSize(const FunctionCallbackInfo<Value>& info) { @@ -902,10 +896,8 @@ void TLSWrap::Initialize(Local<Object> target, StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); SSLWrap<TLSWrap>::AddMethods(env, t); -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB env->SetProtoMethod(t, "getServername", GetServername); env->SetProtoMethod(t, "setServername", SetServername); -#endif // SSL_CRT_SET_TLSEXT_SERVERNAME_CB env->set_tls_wrap_constructor_function(t->GetFunction()); diff --git a/src/tls_wrap.h b/src/tls_wrap.h index 95e0c09cd8..1603d8919a 100644 --- a/src/tls_wrap.h +++ b/src/tls_wrap.h @@ -138,12 +138,9 @@ class TLSWrap : public AsyncWrap, static void EnableCertCb( const v8::FunctionCallbackInfo<v8::Value>& args); static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args); static void SetServername(const v8::FunctionCallbackInfo<v8::Value>& args); static int SelectSNIContextCallback(SSL* s, int* ad, void* arg); -#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB crypto::SecureContext* sc_; BIO* enc_in_; diff --git a/test/parallel/test-tls-alpn-server-client.js b/test/parallel/test-tls-alpn-server-client.js index 8b8ae3e5cf..2540831a38 100644 --- a/test/parallel/test-tls-alpn-server-client.js +++ b/test/parallel/test-tls-alpn-server-client.js @@ -4,11 +4,6 @@ const common = require('../common'); if (!common.hasCrypto) common.skip('missing crypto'); -if (!process.features.tls_alpn) { - common.skip( - 'Skipping because node compiled without ALPN feature of OpenSSL.'); -} - const assert = require('assert'); const tls = require('tls'); const fixtures = require('../common/fixtures'); diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js index 48f9a52463..9b963e6629 100644 --- a/test/parallel/test-tls-empty-sni-context.js +++ b/test/parallel/test-tls-empty-sni-context.js @@ -4,9 +4,6 @@ const common = require('../common'); if (!common.hasCrypto) common.skip('missing crypto'); -if (!process.features.tls_sni) - common.skip('node compiled without OpenSSL or with old OpenSSL version.'); - const assert = require('assert'); const tls = require('tls'); diff --git a/test/parallel/test-tls-ocsp-callback.js b/test/parallel/test-tls-ocsp-callback.js index 9a6df6fb5b..cf05f6967a 100644 --- a/test/parallel/test-tls-ocsp-callback.js +++ b/test/parallel/test-tls-ocsp-callback.js @@ -22,9 +22,6 @@ 'use strict'; const common = require('../common'); -if (!process.features.tls_ocsp) - common.skip('node compiled without OpenSSL or with old OpenSSL version.'); - if (!common.opensslCli) common.skip('node compiled without OpenSSL CLI.'); diff --git a/test/parallel/test-tls-sni-option.js b/test/parallel/test-tls-sni-option.js index b3a5adb47c..375575c78a 100644 --- a/test/parallel/test-tls-sni-option.js +++ b/test/parallel/test-tls-sni-option.js @@ -24,9 +24,6 @@ const common = require('../common'); if (!common.hasCrypto) common.skip('missing crypto'); -if (!process.features.tls_sni) - common.skip('node compiled without OpenSSL or with old OpenSSL version.'); - const assert = require('assert'); const tls = require('tls'); const fixtures = require('../common/fixtures'); diff --git a/test/parallel/test-tls-sni-server-client.js b/test/parallel/test-tls-sni-server-client.js index ef1bc09cc0..073e95988a 100644 --- a/test/parallel/test-tls-sni-server-client.js +++ b/test/parallel/test-tls-sni-server-client.js @@ -24,9 +24,6 @@ const common = require('../common'); if (!common.hasCrypto) common.skip('missing crypto'); -if (!process.features.tls_sni) - common.skip('node compiled without OpenSSL or with old OpenSSL version.'); - const assert = require('assert'); const tls = require('tls'); const fixtures = require('../common/fixtures'); diff --git a/test/parallel/test-tls-snicallback-error.js b/test/parallel/test-tls-snicallback-error.js index 307a359ebb..1e1c822253 100644 --- a/test/parallel/test-tls-snicallback-error.js +++ b/test/parallel/test-tls-snicallback-error.js @@ -3,9 +3,6 @@ const common = require('../common'); if (!common.hasCrypto) common.skip('missing crypto'); -if (!process.features.tls_sni) - common.skip('compiled without OpenSSL or with old OpenSSL version'); - const assert = require('assert'); const tls = require('tls'); diff --git a/test/parallel/test-tls-socket-constructor-alpn-options-parsing.js b/test/parallel/test-tls-socket-constructor-alpn-options-parsing.js index edbc9f63cf..6b0a23f31b 100644 --- a/test/parallel/test-tls-socket-constructor-alpn-options-parsing.js +++ b/test/parallel/test-tls-socket-constructor-alpn-options-parsing.js @@ -13,9 +13,6 @@ new tls.TLSSocket(null, { ALPNProtocols: ['http/1.1'], }); -if (!process.features.tls_alpn) - common.skip('node compiled without ALPN feature of OpenSSL'); - const assert = require('assert'); const net = require('net'); const fixtures = require('../common/fixtures'); |