diff options
author | Fedor Indutny <fedor@indutny.com> | 2014-11-24 16:17:13 +0300 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2014-11-25 18:51:23 +0300 |
commit | d7e7008c1f4318e2ebd375fed75362711ebdbb2c (patch) | |
tree | 97860a92e6eaef7bc87452738f948a899dd2f345 /lib/_tls_common.js | |
parent | b594e59543b2e269be7a374f29be8eafb1d683c8 (diff) | |
download | android-node-v8-d7e7008c1f4318e2ebd375fed75362711ebdbb2c.tar.gz android-node-v8-d7e7008c1f4318e2ebd375fed75362711ebdbb2c.tar.bz2 android-node-v8-d7e7008c1f4318e2ebd375fed75362711ebdbb2c.zip |
crypto: throw if the key doesn't match cert
fix joyent/node#8770
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/node-forward/node/pull/66
Diffstat (limited to 'lib/_tls_common.js')
-rw-r--r-- | lib/_tls_common.js | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index e66ae662fe..a3309ead0a 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -65,25 +65,6 @@ exports.createSecureContext = function createSecureContext(options, context) { if (context) return c; - if (options.key) { - if (Array.isArray(options.key)) { - for (var i = 0; i < options.key.length; i++) { - var key = options.key[i]; - - if (key.passphrase) - c.context.setKey(key.pem, key.passphrase); - else - c.context.setKey(key); - } - } else { - if (options.passphrase) { - c.context.setKey(options.key, options.passphrase); - } else { - c.context.setKey(options.key); - } - } - } - // NOTE: It's important to add CA before the cert to be able to load // cert's issuer in C++ code. if (options.ca) { @@ -107,6 +88,29 @@ exports.createSecureContext = function createSecureContext(options, context) { } } + // NOTE: It is important to set the key after the cert. + // `ssl_set_pkey` returns `0` when the key does not much the cert, but + // `ssl_set_cert` returns `1` and nullifies the key in the SSL structure + // which leads to the crash later on. + if (options.key) { + if (Array.isArray(options.key)) { + for (var i = 0; i < options.key.length; i++) { + var key = options.key[i]; + + if (key.passphrase) + c.context.setKey(key.pem, key.passphrase); + else + c.context.setKey(key); + } + } else { + if (options.passphrase) { + c.context.setKey(options.key, options.passphrase); + } else { + c.context.setKey(options.key); + } + } + } + if (options.ciphers) c.context.setCiphers(options.ciphers); else |