diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/async_wrap.h | 1 | ||||
| -rw-r--r-- | src/env.h | 4 | ||||
| -rw-r--r-- | src/node_crypto.cc | 632 | ||||
| -rw-r--r-- | src/node_crypto.h | 82 |
4 files changed, 1 insertions, 718 deletions
diff --git a/src/async_wrap.h b/src/async_wrap.h index 9b5632598b..091224f570 100644 --- a/src/async_wrap.h +++ b/src/async_wrap.h @@ -67,7 +67,6 @@ namespace node { #if HAVE_OPENSSL #define NODE_ASYNC_CRYPTO_PROVIDER_TYPES(V) \ - V(SSLCONNECTION) \ V(PBKDF2REQUEST) \ V(RANDOMBYTESREQUEST) \ V(TLSWRAP) @@ -193,14 +193,12 @@ class ModuleWrap; V(onheaders_string, "onheaders") \ V(onmessage_string, "onmessage") \ V(onnewsession_string, "onnewsession") \ - V(onnewsessiondone_string, "onnewsessiondone") \ V(onocspresponse_string, "onocspresponse") \ V(ongoawaydata_string, "ongoawaydata") \ V(onpriority_string, "onpriority") \ V(onread_string, "onread") \ V(onreadstart_string, "onreadstart") \ V(onreadstop_string, "onreadstop") \ - V(onselect_string, "onselect") \ V(onsettings_string, "onsettings") \ V(onshutdown_string, "onshutdown") \ V(onsignal_string, "onsignal") \ @@ -224,7 +222,6 @@ class ModuleWrap; V(raw_string, "raw") \ V(read_host_object_string, "_readHostObject") \ V(readable_string, "readable") \ - V(received_shutdown_string, "receivedShutdown") \ V(refresh_string, "refresh") \ V(regexp_string, "regexp") \ V(rename_string, "rename") \ @@ -232,7 +229,6 @@ class ModuleWrap; V(retry_string, "retry") \ V(serial_string, "serial") \ V(scopeid_string, "scopeid") \ - V(sent_shutdown_string, "sentShutdown") \ V(serial_number_string, "serialNumber") \ V(service_string, "service") \ V(servername_string, "servername") \ diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 127715e6c1..d512266bff 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -637,8 +637,6 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_NO_AUTO_CLEAR); - SSL_CTX_sess_set_get_cb(sc->ctx_, SSLWrap<Connection>::GetSessionCallback); - SSL_CTX_sess_set_new_cb(sc->ctx_, SSLWrap<Connection>::NewSessionCallback); #if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was @@ -1637,18 +1635,6 @@ void SSLWrap<Base>::AddMethods(Environment* env, Local<FunctionTemplate> t) { env->SetProtoMethod(t, "getALPNNegotiatedProtocol", GetALPNNegotiatedProto); env->SetProtoMethod(t, "setALPNProtocols", SetALPNProtocols); - - Local<FunctionTemplate> ssl_getter_templ = - FunctionTemplate::New(env->isolate(), - SSLGetter, - env->as_external(), - Signature::New(env->isolate(), t)); - - t->PrototypeTemplate()->SetAccessorProperty( - FIXED_ONE_BYTE_STRING(env->isolate(), "_external"), - ssl_getter_templ, - Local<FunctionTemplate>(), - static_cast<PropertyAttribute>(ReadOnly | DontDelete)); } @@ -2809,16 +2795,6 @@ void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) { template <class Base> -void SSLWrap<Base>::SSLGetter(const FunctionCallbackInfo<Value>& info) { - Base* base; - ASSIGN_OR_RETURN_UNWRAP(&base, info.This()); - SSL* ssl = base->ssl_; - Local<External> ext = External::New(info.GetIsolate(), ssl); - info.GetReturnValue().Set(ext); -} - - -template <class Base> void SSLWrap<Base>::DestroySSL() { if (ssl_ == nullptr) return; @@ -2853,205 +2829,6 @@ int SSLWrap<Base>::SetCACerts(SecureContext* sc) { } -Connection::Connection(Environment* env, - v8::Local<v8::Object> wrap, - SecureContext* sc, - SSLWrap<Connection>::Kind kind) - : AsyncWrap(env, wrap, AsyncWrap::PROVIDER_SSLCONNECTION), - SSLWrap<Connection>(env, sc, kind), - bio_read_(nullptr), - bio_write_(nullptr), - hello_offset_(0) { - MakeWeak<Connection>(this); - Wrap(wrap, this); - hello_parser_.Start(SSLWrap<Connection>::OnClientHello, - OnClientHelloParseEnd, - this); - enable_session_callbacks(); -} - - -void Connection::OnClientHelloParseEnd(void* arg) { - Connection* conn = static_cast<Connection*>(arg); - - // Write all accumulated data - int r = BIO_write(conn->bio_read_, - reinterpret_cast<char*>(conn->hello_data_), - conn->hello_offset_); - conn->HandleBIOError(conn->bio_read_, "BIO_write", r); - conn->SetShutdownFlags(); -} - - -#ifdef SSL_PRINT_DEBUG -# define DEBUG_PRINT(...) fprintf (stderr, __VA_ARGS__) -#else -# define DEBUG_PRINT(...) -#endif - - -int Connection::HandleBIOError(BIO *bio, const char* func, int rv) { - if (rv >= 0) - return rv; - - int retry = BIO_should_retry(bio); - USE(retry); // unused if !defined(SSL_PRINT_DEBUG) - - if (BIO_should_write(bio)) { - DEBUG_PRINT("[%p] BIO: %s want write. should retry %d\n", - ssl_, - func, - retry); - return 0; - - } else if (BIO_should_read(bio)) { - DEBUG_PRINT("[%p] BIO: %s want read. should retry %d\n", ssl_, func, retry); - return 0; - - } else { - char ssl_error_buf[512]; - ERR_error_string_n(rv, ssl_error_buf, sizeof(ssl_error_buf)); - - HandleScope scope(ssl_env()->isolate()); - Local<Value> exception = - Exception::Error(OneByteString(ssl_env()->isolate(), ssl_error_buf)); - object()->Set(ssl_env()->error_string(), exception); - - DEBUG_PRINT("[%p] BIO: %s failed: (%d) %s\n", - ssl_, - func, - rv, - ssl_error_buf); - - return rv; - } - - return 0; -} - - -int Connection::HandleSSLError(const char* func, - int rv, - ZeroStatus zs, - SyscallStatus ss) { - ClearErrorOnReturn clear_error_on_return; - - if (rv > 0) - return rv; - if (rv == 0 && zs == kZeroIsNotAnError) - return rv; - - int err = SSL_get_error(ssl_, rv); - - if (err == SSL_ERROR_NONE) { - return 0; - - } else if (err == SSL_ERROR_WANT_WRITE) { - DEBUG_PRINT("[%p] SSL: %s want write\n", ssl_, func); - return 0; - - } else if (err == SSL_ERROR_WANT_READ) { - DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func); - return 0; - - } else if (err == SSL_ERROR_WANT_X509_LOOKUP) { - DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func); - return 0; - - } else if (err == SSL_ERROR_ZERO_RETURN) { - HandleScope scope(ssl_env()->isolate()); - - Local<Value> exception = - Exception::Error(ssl_env()->zero_return_string()); - object()->Set(ssl_env()->error_string(), exception); - return rv; - - } else if (err == SSL_ERROR_SYSCALL && ss == kIgnoreSyscall) { - return 0; - - } else { - HandleScope scope(ssl_env()->isolate()); - BUF_MEM* mem; - BIO *bio; - - CHECK(err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL); - - // XXX We need to drain the error queue for this thread or else OpenSSL - // has the possibility of blocking connections? This problem is not well - // understood. And we should be somehow propagating these errors up - // into JavaScript. There is no test which demonstrates this problem. - // https://github.com/joyent/node/issues/1719 - bio = BIO_new(BIO_s_mem()); - if (bio != nullptr) { - ERR_print_errors(bio); - BIO_get_mem_ptr(bio, &mem); - Local<Value> exception = Exception::Error( - OneByteString(ssl_env()->isolate(), - mem->data, - mem->length)); - object()->Set(ssl_env()->error_string(), exception); - BIO_free_all(bio); - } - - return rv; - } - - return 0; -} - - -void Connection::SetShutdownFlags() { - HandleScope scope(ssl_env()->isolate()); - - int flags = SSL_get_shutdown(ssl_); - - if (flags & SSL_SENT_SHUTDOWN) { - Local<String> sent_shutdown_key = ssl_env()->sent_shutdown_string(); - object()->Set(sent_shutdown_key, True(ssl_env()->isolate())); - } - - if (flags & SSL_RECEIVED_SHUTDOWN) { - Local<String> received_shutdown_key = ssl_env()->received_shutdown_string(); - object()->Set(received_shutdown_key, True(ssl_env()->isolate())); - } -} - - -void Connection::NewSessionDoneCb() { - HandleScope scope(env()->isolate()); - - MakeCallback(env()->onnewsessiondone_string(), 0, nullptr); -} - - -void Connection::Initialize(Environment* env, Local<Object> target) { - Local<FunctionTemplate> t = env->NewFunctionTemplate(Connection::New); - t->InstanceTemplate()->SetInternalFieldCount(1); - t->SetClassName(FIXED_ONE_BYTE_STRING(env->isolate(), "Connection")); - - AsyncWrap::AddWrapMethods(env, t); - env->SetProtoMethod(t, "encIn", EncIn); - env->SetProtoMethod(t, "clearOut", ClearOut); - env->SetProtoMethod(t, "clearIn", ClearIn); - env->SetProtoMethod(t, "encOut", EncOut); - env->SetProtoMethod(t, "clearPending", ClearPending); - env->SetProtoMethod(t, "encPending", EncPending); - env->SetProtoMethod(t, "start", Start); - env->SetProtoMethod(t, "close", Close); - - SSLWrap<Connection>::AddMethods(env, t); - - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - env->SetProtoMethod(t, "getServername", GetServername); - env->SetProtoMethod(t, "setSNICallback", SetSNICallback); -#endif - - target->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "Connection"), - t->GetFunction()); -} - - inline int compar(const void* a, const void* b) { return memcmp(a, b, CNNIC_WHITELIST_HASH_LEN); } @@ -3103,7 +2880,6 @@ inline bool CheckStartComOrWoSign(X509_NAME* root_name, X509* cert) { return false; } - // Whitelist check for certs issued by CNNIC, StartCom and WoSign. See // https://blog.mozilla.org/security/2015/04/02 // /distrusting-new-cnnic-certificates/ and @@ -3154,8 +2930,7 @@ inline CheckResult CheckWhitelistedServerCert(X509_STORE_CTX* ctx) { return CHECK_OK; } - -inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) { +int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) { // Failure on verification of the cert is handled in // Connection::VerifyError. if (preverify_ok == 0 || X509_STORE_CTX_get_error(ctx) != X509_V_OK) @@ -3177,410 +2952,6 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) { return ret; } - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -int Connection::SelectSNIContextCallback_(SSL *s, int *ad, void* arg) { - Connection* conn = static_cast<Connection*>(SSL_get_app_data(s)); - Environment* env = conn->env(); - HandleScope scope(env->isolate()); - - const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - - if (servername) { - conn->servername_.Reset(env->isolate(), - OneByteString(env->isolate(), servername)); - - // Call the SNI callback and use its return value as context - if (!conn->sniObject_.IsEmpty()) { - conn->sni_context_.Reset(); - - Local<Object> sni_obj = PersistentToLocal(env->isolate(), - conn->sniObject_); - - Local<Value> arg = PersistentToLocal(env->isolate(), conn->servername_); - Local<Value> ret = node::MakeCallback(env->isolate(), - sni_obj, - env->onselect_string(), - 1, - &arg); - - // If ret is SecureContext - Local<FunctionTemplate> secure_context_constructor_template = - env->secure_context_constructor_template(); - if (secure_context_constructor_template->HasInstance(ret)) { - conn->sni_context_.Reset(env->isolate(), ret); - SecureContext* sc; - ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK); - conn->SetSNIContext(sc); - } else { - return SSL_TLSEXT_ERR_NOACK; - } - } - } - - return SSL_TLSEXT_ERR_OK; -} -#endif - -void Connection::New(const FunctionCallbackInfo<Value>& args) { - Environment* env = Environment::GetCurrent(args); - - if (args.Length() < 1 || !args[0]->IsObject()) { - env->ThrowError("First argument must be a tls module SecureContext"); - return; - } - - SecureContext* sc; - ASSIGN_OR_RETURN_UNWRAP(&sc, args[0].As<Object>()); - - bool is_server = args[1]->BooleanValue(); - - SSLWrap<Connection>::Kind kind = - is_server ? SSLWrap<Connection>::kServer : SSLWrap<Connection>::kClient; - Connection* conn = new Connection(env, args.This(), sc, kind); - conn->bio_read_ = NodeBIO::New(); - conn->bio_write_ = NodeBIO::New(); - - SSL_set_app_data(conn->ssl_, conn); - - if (is_server) - SSL_set_info_callback(conn->ssl_, SSLInfoCallback); - - InitNPN(sc); - - SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn); - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - if (is_server) { - SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_); - } else if (args[2]->IsString()) { - const node::Utf8Value servername(env->isolate(), args[2]); - SSL_set_tlsext_host_name(conn->ssl_, *servername); - } -#endif - - SSL_set_bio(conn->ssl_, conn->bio_read_, conn->bio_write_); - -#ifdef SSL_MODE_RELEASE_BUFFERS - long mode = SSL_get_mode(conn->ssl_); // NOLINT(runtime/int) - SSL_set_mode(conn->ssl_, mode | SSL_MODE_RELEASE_BUFFERS); -#endif - - - int verify_mode; - if (is_server) { - bool request_cert = args[2]->BooleanValue(); - if (!request_cert) { - // Note reject_unauthorized ignored. - verify_mode = SSL_VERIFY_NONE; - } else { - bool reject_unauthorized = args[3]->BooleanValue(); - verify_mode = SSL_VERIFY_PEER; - if (reject_unauthorized) - verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; - } - } else { - // Note request_cert and reject_unauthorized are ignored for clients. - verify_mode = SSL_VERIFY_NONE; - } - - - // Always allow a connection. We'll reject in javascript. - SSL_set_verify(conn->ssl_, verify_mode, VerifyCallback); - - if (is_server) { - SSL_set_accept_state(conn->ssl_); - } else { - SSL_set_connect_state(conn->ssl_); - } -} - - -void Connection::SSLInfoCallback(const SSL *ssl_, int where, int ret) { - if (!(where & (SSL_CB_HANDSHAKE_START | SSL_CB_HANDSHAKE_DONE))) - return; - - // Be compatible with older versions of OpenSSL. SSL_get_app_data() wants - // a non-const SSL* in OpenSSL <= 0.9.7e. - SSL* ssl = const_cast<SSL*>(ssl_); - Connection* conn = static_cast<Connection*>(SSL_get_app_data(ssl)); - Environment* env = conn->env(); - HandleScope handle_scope(env->isolate()); - Context::Scope context_scope(env->context()); - - if (where & SSL_CB_HANDSHAKE_START) { - conn->MakeCallback(env->onhandshakestart_string(), 0, nullptr); - } - - if (where & SSL_CB_HANDSHAKE_DONE) { - conn->MakeCallback(env->onhandshakedone_string(), 0, nullptr); - } -} - - -void Connection::EncIn(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - Environment* env = conn->env(); - - if (args.Length() < 3) { - return env->ThrowTypeError( - "Data, offset, and length arguments are mandatory"); - } - - THROW_AND_RETURN_IF_NOT_BUFFER(args[0], "Data"); - - char* buffer_data = Buffer::Data(args[0]); - size_t buffer_length = Buffer::Length(args[0]); - - size_t off = args[1]->Int32Value(); - size_t len = args[2]->Int32Value(); - - if (!Buffer::IsWithinBounds(off, len, buffer_length)) - return env->ThrowRangeError("offset + length > buffer.length"); - - int bytes_written; - char* data = buffer_data + off; - - if (conn->is_server() && !conn->hello_parser_.IsEnded()) { - // Just accumulate data, everything will be pushed to BIO later - if (conn->hello_parser_.IsPaused()) { - bytes_written = 0; - } else { - // Copy incoming data to the internal buffer - // (which has a size of the biggest possible TLS frame) - size_t available = sizeof(conn->hello_data_) - conn->hello_offset_; - size_t copied = len < available ? len : available; - memcpy(conn->hello_data_ + conn->hello_offset_, data, copied); - conn->hello_offset_ += copied; - - conn->hello_parser_.Parse(conn->hello_data_, conn->hello_offset_); - bytes_written = copied; - } - } else { - bytes_written = BIO_write(conn->bio_read_, data, len); - conn->HandleBIOError(conn->bio_read_, "BIO_write", bytes_written); - conn->SetShutdownFlags(); - } - - args.GetReturnValue().Set(bytes_written); -} - - -void Connection::ClearOut(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - Environment* env = conn->env(); - - if (args.Length() < 3) { - return env->ThrowTypeError( - "Data, offset, and length arguments are mandatory"); - } - - THROW_AND_RETURN_IF_NOT_BUFFER(args[0], "Data"); - - char* buffer_data = Buffer::Data(args[0]); - size_t buffer_length = Buffer::Length(args[0]); - - size_t off = args[1]->Int32Value(); - size_t len = args[2]->Int32Value(); - - if (!Buffer::IsWithinBounds(off, len, buffer_length)) - return env->ThrowRangeError("offset + length > buffer.length"); - - if (!SSL_is_init_finished(conn->ssl_)) { - int rv; - - if (conn->is_server()) { - rv = SSL_accept(conn->ssl_); - conn->HandleSSLError("SSL_accept:ClearOut", - rv, - kZeroIsAnError, - kSyscallError); - } else { - rv = SSL_connect(conn->ssl_); - conn->HandleSSLError("SSL_connect:ClearOut", - rv, - kZeroIsAnError, - kSyscallError); - } - - if (rv < 0) { - return args.GetReturnValue().Set(rv); - } - } - - int bytes_read = SSL_read(conn->ssl_, buffer_data + off, len); - conn->HandleSSLError("SSL_read:ClearOut", - bytes_read, - kZeroIsNotAnError, - kSyscallError); - conn->SetShutdownFlags(); - - args.GetReturnValue().Set(bytes_read); -} - - -void Connection::ClearPending(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - int bytes_pending = BIO_pending(conn->bio_read_); - args.GetReturnValue().Set(bytes_pending); -} - - -void Connection::EncPending(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - int bytes_pending = BIO_pending(conn->bio_write_); - args.GetReturnValue().Set(bytes_pending); -} - - -void Connection::EncOut(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - Environment* env = conn->env(); - - if (args.Length() < 3) { - return env->ThrowTypeError( - "Data, offset, and length arguments are mandatory"); - } - - THROW_AND_RETURN_IF_NOT_BUFFER(args[0], "Data"); - - char* buffer_data = Buffer::Data(args[0]); - size_t buffer_length = Buffer::Length(args[0]); - - size_t off = args[1]->Int32Value(); - size_t len = args[2]->Int32Value(); - - if (!Buffer::IsWithinBounds(off, len, buffer_length)) - return env->ThrowRangeError("offset + length > buffer.length"); - - int bytes_read = BIO_read(conn->bio_write_, buffer_data + off, len); - - conn->HandleBIOError(conn->bio_write_, "BIO_read:EncOut", bytes_read); - conn->SetShutdownFlags(); - - args.GetReturnValue().Set(bytes_read); -} - - -void Connection::ClearIn(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - Environment* env = conn->env(); - - if (args.Length() < 3) { - return env->ThrowTypeError( - "Data, offset, and length arguments are mandatory"); - } - - THROW_AND_RETURN_IF_NOT_BUFFER(args[0], "Data"); - - char* buffer_data = Buffer::Data(args[0]); - size_t buffer_length = Buffer::Length(args[0]); - - size_t off = args[1]->Int32Value(); - size_t len = args[2]->Int32Value(); - - if (!Buffer::IsWithinBounds(off, len, buffer_length)) - return env->ThrowRangeError("offset + length > buffer.length"); - - if (!SSL_is_init_finished(conn->ssl_)) { - int rv; - if (conn->is_server()) { - rv = SSL_accept(conn->ssl_); - conn->HandleSSLError("SSL_accept:ClearIn", - rv, - kZeroIsAnError, - kSyscallError); - } else { - rv = SSL_connect(conn->ssl_); - conn->HandleSSLError("SSL_connect:ClearIn", - rv, - kZeroIsAnError, - kSyscallError); - } - - if (rv < 0) { - return args.GetReturnValue().Set(rv); - } - } - - int bytes_written = SSL_write(conn->ssl_, buffer_data + off, len); - - conn->HandleSSLError("SSL_write:ClearIn", - bytes_written, - len == 0 ? kZeroIsNotAnError : kZeroIsAnError, - kSyscallError); - conn->SetShutdownFlags(); - - args.GetReturnValue().Set(bytes_written); -} - - -void Connection::Start(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - - int rv = 0; - if (!SSL_is_init_finished(conn->ssl_)) { - if (conn->is_server()) { - rv = SSL_accept(conn->ssl_); - conn->HandleSSLError("SSL_accept:Start", - rv, - kZeroIsAnError, - kSyscallError); - } else { - rv = SSL_connect(conn->ssl_); - conn->HandleSSLError("SSL_connect:Start", - rv, - kZeroIsAnError, - kSyscallError); - } - } - args.GetReturnValue().Set(rv); -} - - -void Connection::Close(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - conn->DestroySSL(); -} - - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -void Connection::GetServername(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - - if (conn->is_server() && !conn->servername_.IsEmpty()) { - args.GetReturnValue().Set(conn->servername_); - } else { - args.GetReturnValue().Set(false); - } -} - - -void Connection::SetSNICallback(const FunctionCallbackInfo<Value>& args) { - Connection* conn; - ASSIGN_OR_RETURN_UNWRAP(&conn, args.Holder()); - Environment* env = conn->env(); - - if (args.Length() < 1 || !args[0]->IsFunction()) { - return env->ThrowError("Must give a Function as first argument"); - } - - Local<Object> obj = Object::New(env->isolate()); - obj->Set(env->onselect_string(), args[0]); - conn->sniObject_.Reset(args.GetIsolate(), obj); -} -#endif - - void CipherBase::Initialize(Environment* env, Local<Object> target) { Local<FunctionTemplate> t = env->NewFunctionTemplate(New); @@ -6227,7 +5598,6 @@ void InitCrypto(Local<Object> target, Environment* env = Environment::GetCurrent(context); SecureContext::Initialize(env, target); - Connection::Initialize(env, target); CipherBase::Initialize(env, target); DiffieHellman::Initialize(env, target); ECDH::Initialize(env, target); diff --git a/src/node_crypto.h b/src/node_crypto.h index b866117f84..7ce40697d4 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -328,7 +328,6 @@ class SSLWrap { void* arg); static int TLSExtStatusCallback(SSL* s, void* arg); static int SSLCertCallback(SSL* s, void* arg); - static void SSLGetter(const v8::FunctionCallbackInfo<v8::Value>& info); void DestroySSL(); void WaitForCertCb(CertCb cb, void* arg); @@ -364,87 +363,6 @@ class SSLWrap { friend class SecureContext; }; -// Connection inherits from AsyncWrap because SSLWrap makes calls to -// MakeCallback, but SSLWrap doesn't store the handle itself. Instead it -// assumes that any args.This() called will be the handle from Connection. -class Connection : public AsyncWrap, public SSLWrap<Connection> { - public: - ~Connection() override { -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - sniObject_.Reset(); - servername_.Reset(); -#endif - } - - static void Initialize(Environment* env, v8::Local<v8::Object> target); - void NewSessionDoneCb(); - -#ifndef OPENSSL_NO_NEXTPROTONEG - v8::Persistent<v8::Object> npnProtos_; - v8::Persistent<v8::Value> selectedNPNProto_; -#endif - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - v8::Persistent<v8::Object> sniObject_; - v8::Persistent<v8::String> servername_; -#endif - - size_t self_size() const override { return sizeof(*this); } - - protected: - static void New(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EncIn(const v8::FunctionCallbackInfo<v8::Value>& args); - static void ClearOut(const v8::FunctionCallbackInfo<v8::Value>& args); - static void ClearPending(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EncPending(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EncOut(const v8::FunctionCallbackInfo<v8::Value>& args); - static void ClearIn(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Start(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Close(const v8::FunctionCallbackInfo<v8::Value>& args); - -#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - // SNI - static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args); - static void SetSNICallback(const v8::FunctionCallbackInfo<v8::Value>& args); - static int SelectSNIContextCallback_(SSL* s, int* ad, void* arg); -#endif - - static void OnClientHelloParseEnd(void* arg); - - int HandleBIOError(BIO* bio, const char* func, int rv); - - enum ZeroStatus { - kZeroIsNotAnError, - kZeroIsAnError - }; - - enum SyscallStatus { - kIgnoreSyscall, - kSyscallError - }; - - int HandleSSLError(const char* func, int rv, ZeroStatus zs, SyscallStatus ss); - - void SetShutdownFlags(); - - Connection(Environment* env, - v8::Local<v8::Object> wrap, - SecureContext* sc, - SSLWrap<Connection>::Kind kind); - - private: - static void SSLInfoCallback(const SSL *ssl, int where, int ret); - - BIO *bio_read_; - BIO *bio_write_; - - uint8_t hello_data_[18432]; - size_t hello_offset_; - - friend class ClientHelloParser; - friend class SecureContext; -}; - class CipherBase : public BaseObject { public: ~CipherBase() override { |