diff options
author | Anton Gerasimov <agerasimov@twilio.com> | 2019-09-18 16:48:44 +0200 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2019-09-23 23:32:45 -0700 |
commit | 0c32ca96c878488c923022a8828bef541e0df9ae (patch) | |
tree | cc02885d1b3dcd79ba87162dfe771c7b88e265bb /lib | |
parent | e078e482c5ba41641d85bc3ba136148cc44b4d22 (diff) | |
download | android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.tar.gz android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.tar.bz2 android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.zip |
tls: add option to override signature algorithms
Passes the list down to SSL_CTX_set1_sigalgs_list.
Option to get the list of shared signature algorithms
from a TLS socket added as well for testing.
Signed-off-by: Anton Gerasimov <agerasimov@twilio.com>
PR-URL: https://github.com/nodejs/node/pull/29598
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/_tls_common.js | 13 | ||||
-rw-r--r-- | lib/_tls_wrap.js | 7 |
2 files changed, 20 insertions, 0 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index efe9040956..f24cfcbca6 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -153,6 +153,19 @@ exports.createSecureContext = function createSecureContext(options) { } } + const sigalgs = options.sigalgs; + if (sigalgs !== undefined) { + if (typeof sigalgs !== 'string') { + throw new ERR_INVALID_ARG_TYPE('options.sigalgs', 'string', sigalgs); + } + + if (sigalgs === '') { + throw new ERR_INVALID_OPT_VALUE('sigalgs', sigalgs); + } + + c.context.setSigalgs(sigalgs); + } + if (options.ciphers && typeof options.ciphers !== 'string') { throw new ERR_INVALID_ARG_TYPE( 'options.ciphers', 'string', options.ciphers); diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 2921a446cd..63115d59b8 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -859,6 +859,7 @@ function makeSocketMethodProxy(name) { [ 'getCipher', + 'getSharedSigalgs', 'getEphemeralKeyInfo', 'getFinished', 'getPeerFinished', @@ -1113,6 +1114,11 @@ Server.prototype.setSecureContext = function(options) { else this.crl = undefined; + if (options.sigalgs !== undefined) + this.sigalgs = options.sigalgs; + else + this.sigalgs = undefined; + if (options.ciphers) this.ciphers = options.ciphers; else @@ -1157,6 +1163,7 @@ Server.prototype.setSecureContext = function(options) { clientCertEngine: this.clientCertEngine, ca: this.ca, ciphers: this.ciphers, + sigalgs: this.sigalgs, ecdhCurve: this.ecdhCurve, dhparam: this.dhparam, minVersion: this.minVersion, |