diff options
| author | James M Snell <jasnell@gmail.com> | 2017-02-17 15:00:20 -0800 |
|---|---|---|
| committer | James M Snell <jasnell@gmail.com> | 2017-02-20 06:59:30 -0800 |
| commit | d523eb9c40889d476f919b523dc3c67b245826c8 (patch) | |
| tree | 229702a8aa47337aba0593f37ad7996830e1897a | |
| parent | 051047231ec71307302904b10dd8a80ee3027ae0 (diff) | |
| download | android-node-v8-d523eb9c40889d476f919b523dc3c67b245826c8.tar.gz android-node-v8-d523eb9c40889d476f919b523dc3c67b245826c8.tar.bz2 android-node-v8-d523eb9c40889d476f919b523dc3c67b245826c8.zip | |
tls: use emitWarning() for dhparam < 2048 bits
When a dhparam less than 2048 bits was used, a warning was being
printed directly to console.error using an internalUtil.trace
function that was not used anywhere else. This replaces it with
a proper process warning and removes the internalUtil.trace
function.
PR-URL: https://github.com/nodejs/node/pull/11447
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
| -rw-r--r-- | lib/_tls_common.js | 3 | ||||
| -rw-r--r-- | lib/internal/util.js | 5 | ||||
| -rw-r--r-- | src/node_crypto.cc | 2 | ||||
| -rw-r--r-- | test/parallel/test-tls-dhe.js | 4 |
4 files changed, 6 insertions, 8 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 107c3bb2ea..56baf7bde8 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -1,6 +1,5 @@ 'use strict'; -const internalUtil = require('internal/util'); const tls = require('tls'); const SSL_OP_CIPHER_SERVER_PREFERENCE = @@ -99,7 +98,7 @@ exports.createSecureContext = function createSecureContext(options, context) { if (options.dhparam) { const warning = c.context.setDHParam(options.dhparam); if (warning) - internalUtil.trace(warning); + process.emitWarning(warning, 'SecurityWarning'); } if (options.crl) { diff --git a/lib/internal/util.js b/lib/internal/util.js index 5c47d06d58..3de57040f9 100644 --- a/lib/internal/util.js +++ b/lib/internal/util.js @@ -1,7 +1,6 @@ 'use strict'; const binding = process.binding('util'); -const prefix = `(${process.release.name}:${process.pid}) `; const kArrowMessagePrivateSymbolIndex = binding['arrow_message_private_symbol']; const kDecoratedPrivateSymbolIndex = binding['decorated_private_symbol']; @@ -10,10 +9,6 @@ const kDecoratedPrivateSymbolIndex = binding['decorated_private_symbol']; // `util` module makes it accessible without having to `require('util')` there. exports.customInspectSymbol = Symbol('util.inspect.custom'); -exports.trace = function(msg) { - console.trace(`${prefix}${msg}`); -}; - // Mark that a method should not be used. // Returns a modified function which warns once by default. // If --no-deprecation is set, then it is a no-op. diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 68e78e5cfa..e2a83a548a 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -933,7 +933,7 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) { return env->ThrowError("DH parameter is less than 1024 bits"); } else if (size < 2048) { args.GetReturnValue().Set(FIXED_ONE_BYTE_STRING( - env->isolate(), "WARNING: DH parameter is less than 2048 bits")); + env->isolate(), "DH parameter is less than 2048 bits")); } SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE); diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index d0c59ac074..b4ca0b46e3 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -1,3 +1,4 @@ +// Flags: --no-warnings 'use strict'; const common = require('../common'); const assert = require('assert'); @@ -22,6 +23,9 @@ let nsuccess = 0; let ntests = 0; const ciphers = 'DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; +// Test will emit a warning because the DH parameter size is < 2048 bits +common.expectWarning('SecurityWarning', + 'DH parameter is less than 2048 bits'); function loadDHParam(n) { let path = common.fixturesDir; |