diff options
| author | Fedor Indutny <fedor.indutny@gmail.com> | 2013-11-22 18:33:50 +0400 |
|---|---|---|
| committer | Fedor Indutny <fedor.indutny@gmail.com> | 2013-12-02 14:48:14 +0400 |
| commit | 9b8fcff43575592ace3d391ee47184f98ed755df (patch) | |
| tree | 9c08e5bfcd6d5422ecd46075d7b8687ab42afa0d /src | |
| parent | 6877e64fa8ebd1a1017bb4e298a007d98136c133 (diff) | |
| download | android-node-v8-9b8fcff43575592ace3d391ee47184f98ed755df.tar.gz android-node-v8-9b8fcff43575592ace3d391ee47184f98ed755df.tar.bz2 android-node-v8-9b8fcff43575592ace3d391ee47184f98ed755df.zip | |
tls: reset NPN callbacks after SNI
SNI callback selects a new SSL_CTX for the connection, which doesn't
have NPN callbacks set up.
Diffstat (limited to 'src')
| -rw-r--r-- | src/node_crypto.cc | 34 | ||||
| -rw-r--r-- | src/node_crypto.h | 2 |
2 files changed, 22 insertions, 14 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index e3ece08541..3e77918abb 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1189,6 +1189,7 @@ int Connection::SelectSNIContextCallback_(SSL *s, int *ad, void* arg) { p->sniContext_ = Persistent<Value>::New(ret); SecureContext *sc = ObjectWrap::Unwrap<SecureContext>( Local<Object>::Cast(ret)); + p->InitNPN(sc, true); SSL_set_SSL_CTX(s, sc->ctx_); } else { return SSL_TLSEXT_ERR_NOACK; @@ -1223,20 +1224,7 @@ Handle<Value> Connection::New(const Arguments& args) { if (is_server) SSL_set_info_callback(p->ssl_, SSLInfoCallback); -#ifdef OPENSSL_NPN_NEGOTIATED - if (is_server) { - // Server should advertise NPN protocols - SSL_CTX_set_next_protos_advertised_cb(sc->ctx_, - AdvertiseNextProtoCallback_, - NULL); - } else { - // Client should select protocol from advertised - // If server supports NPN - SSL_CTX_set_next_proto_select_cb(sc->ctx_, - SelectNextProtoCallback_, - NULL); - } -#endif + p->InitNPN(sc, is_server); #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB if (is_server) { @@ -1980,6 +1968,24 @@ Handle<Value> Connection::Close(const Arguments& args) { return True(); } + +void Connection::InitNPN(SecureContext* sc, bool is_server) { +#ifdef OPENSSL_NPN_NEGOTIATED + if (is_server) { + // Server should advertise NPN protocols + SSL_CTX_set_next_protos_advertised_cb(sc->ctx_, + AdvertiseNextProtoCallback_, + NULL); + } else { + // Client should select protocol from advertised + // If server supports NPN + SSL_CTX_set_next_proto_select_cb(sc->ctx_, + SelectNextProtoCallback_, + NULL); + } +#endif +} + #ifdef OPENSSL_NPN_NEGOTIATED Handle<Value> Connection::GetNegotiatedProto(const Arguments& args) { HandleScope scope; diff --git a/src/node_crypto.h b/src/node_crypto.h index f1f6334b24..01a052855a 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -190,6 +190,8 @@ class Connection : ObjectWrap { static v8::Handle<v8::Value> Start(const v8::Arguments& args); static v8::Handle<v8::Value> Close(const v8::Arguments& args); + static void InitNPN(SecureContext* sc, bool is_server); + #ifdef OPENSSL_NPN_NEGOTIATED // NPN static v8::Handle<v8::Value> GetNegotiatedProto(const v8::Arguments& args); |