diff options
author | Mike Atkins <mike.atkins@lanetix.com> | 2015-08-10 11:55:37 -0400 |
---|---|---|
committer | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-08-21 11:24:51 +0900 |
commit | f1810ed1b86cbbe5560a96839f5320b4be6ec5f7 (patch) | |
tree | 63317705d35e276e0e51a24316ade3e86ab860ef /lib | |
parent | ec6e5c79993599a8b6977050bcc09b32b187a8ac (diff) | |
download | android-node-v8-f1810ed1b86cbbe5560a96839f5320b4be6ec5f7.tar.gz android-node-v8-f1810ed1b86cbbe5560a96839f5320b4be6ec5f7.tar.bz2 android-node-v8-f1810ed1b86cbbe5560a96839f5320b4be6ec5f7.zip |
tls: handle empty cert in checkServerIndentity
This resolves joyent/node#9272. `tlsSocket.getPeerCertificate` will
return an empty object when the peer does not provide a certificate,
but, prior to this, when the certificate is empty, `checkServerIdentity`
would throw because the `subject` wasn't present on the cert.
`checkServerIdentity` must return an error, not throw one, so this
returns an error when the cert is empty instead of throwing
a `TypeError`.
PR-URL: https://github.com/nodejs/node/pull/2343
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/tls.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/tls.js b/lib/tls.js index 714fdebfc0..0e22242bc4 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -151,7 +151,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) { host, ips.join(', ')); } - } else { + } else if (cert.subject) { // Transform hostname to canonical form if (!/\.$/.test(host)) host += '.'; @@ -204,6 +204,8 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) { cert.subject.CN); } } + } else { + reason = 'Cert is empty'; } if (!valid) { |