diff options
author | Fedor Indutny <fedor@indutny.com> | 2014-04-14 21:15:57 +0400 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2014-04-18 02:21:16 +0400 |
commit | b3ef289ffb7db476d284866658213f04415ea92d (patch) | |
tree | ece3f973d16849e46ea7736880055482df0616e7 /lib/_tls_common.js | |
parent | 77d1f4a91f2885fd3f39298754ae5b7ee75ad3d1 (diff) | |
download | android-node-v8-b3ef289ffb7db476d284866658213f04415ea92d.tar.gz android-node-v8-b3ef289ffb7db476d284866658213f04415ea92d.tar.bz2 android-node-v8-b3ef289ffb7db476d284866658213f04415ea92d.zip |
tls: support OCSP on client and server
Diffstat (limited to 'lib/_tls_common.js')
-rw-r--r-- | lib/_tls_common.js | 50 |
1 files changed, 38 insertions, 12 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index ce011bc7f3..4cd06f06f8 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -68,18 +68,8 @@ exports.createSecureContext = function createSecureContext(options, context) { } } - if (options.cert) c.context.setCert(options.cert); - - if (options.ciphers) - c.context.setCiphers(options.ciphers); - else - c.context.setCiphers(tls.DEFAULT_CIPHERS); - - if (util.isUndefined(options.ecdhCurve)) - c.context.setECDHCurve(tls.DEFAULT_ECDH_CURVE); - else if (options.ecdhCurve) - c.context.setECDHCurve(options.ecdhCurve); - + // NOTE: It's important to add CA before the cert to be able to load + // cert's issuer in C++ code. if (options.ca) { if (util.isArray(options.ca)) { for (var i = 0, len = options.ca.length; i < len; i++) { @@ -92,6 +82,18 @@ exports.createSecureContext = function createSecureContext(options, context) { c.context.addRootCerts(); } + if (options.cert) c.context.setCert(options.cert); + + if (options.ciphers) + c.context.setCiphers(options.ciphers); + else + c.context.setCiphers(tls.DEFAULT_CIPHERS); + + if (util.isUndefined(options.ecdhCurve)) + c.context.setECDHCurve(tls.DEFAULT_ECDH_CURVE); + else if (options.ecdhCurve) + c.context.setECDHCurve(options.ecdhCurve); + if (options.crl) { if (util.isArray(options.crl)) { for (var i = 0, len = options.crl.length; i < len; i++) { @@ -126,3 +128,27 @@ exports.createSecureContext = function createSecureContext(options, context) { return c; }; + +exports.translatePeerCertificate = function translatePeerCertificate(c) { + if (!c) + return null; + + if (c.issuer) c.issuer = tls.parseCertString(c.issuer); + if (c.subject) c.subject = tls.parseCertString(c.subject); + if (c.infoAccess) { + var info = c.infoAccess; + c.infoAccess = {}; + + // XXX: More key validation? + info.replace(/([^\n:]*):([^\n]*)(?:\n|$)/g, function(all, key, val) { + if (key === '__proto__') + return; + + if (c.infoAccess.hasOwnProperty(key)) + c.infoAccess[key].push(val); + else + c.infoAccess[key] = [val]; + }); + } + return c; +}; |