OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

tls: add code for ERR_TLS_INVALID_PROTOCOL_METHOD

Browse Source 
Add an error code property to invalid `secureProtocol` method
exceptions.

Backport-PR-URL: https://github.com/nodejs/node/pull/26951
PR-URL: https://github.com/nodejs/node/pull/24729
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Sam Roberts 2018-11-20 15:30:34 -08:00 committed by Beth Griggs
parent bd07ad2941
commit 00688b6042
No known key found for this signature in database
GPG Key ID: D7062848A1AB005C
3 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/api/errors.md
View File

@ -1714,6 +1714,12 @@ recommended to use 2048 bits or larger for stronger security.
A TLS/SSL handshake timed out. In this case, the server must also abort the
connection.
<a id="ERR_TLS_INVALID_PROTOCOL_METHOD"></a>
### ERR_TLS_INVALID_PROTOCOL_METHOD
The specified `secureProtocol` method is invalid. It is either unknown, or
disabled because it is insecure.
<a id="ERR_TLS_INVALID_PROTOCOL_VERSION"></a>
### ERR_TLS_INVALID_PROTOCOL_VERSION

23
src/node_crypto.cc
View File

@ -65,6 +65,8 @@ static const int X509_NAME_FLAGS = ASN1_STRFLGS_ESC_CTRL
namespace node {
namespace crypto {
using node::THROW_ERR_TLS_INVALID_PROTOCOL_METHOD;
using v8::Array;
using v8::ArrayBufferView;
using v8::Boolean;
@ -424,17 +426,23 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
// protocols are supported unless explicitly disabled (which we do below
// for SSLv2 and SSLv3.)
if (strcmp(*sslmethod, "SSLv2_method") == 0) {
return env->ThrowError("SSLv2 methods disabled");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled");
return;
} else if (strcmp(*sslmethod, "SSLv2_server_method") == 0) {
return env->ThrowError("SSLv2 methods disabled");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled");
return;
} else if (strcmp(*sslmethod, "SSLv2_client_method") == 0) {
return env->ThrowError("SSLv2 methods disabled");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled");
return;
} else if (strcmp(*sslmethod, "SSLv3_method") == 0) {
return env->ThrowError("SSLv3 methods disabled");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled");
return;
} else if (strcmp(*sslmethod, "SSLv3_server_method") == 0) {
return env->ThrowError("SSLv3 methods disabled");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled");
return;
} else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) {
return env->ThrowError("SSLv3 methods disabled");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled");
return;
} else if (strcmp(*sslmethod, "SSLv23_method") == 0) {
// noop
} else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) {
@ -478,7 +486,8 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
max_version = TLS1_2_VERSION;
method = TLS_client_method();
} else {
return env->ThrowError("Unknown method");
THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "Unknown method");
return;
}
}

1
src/node_errors.h
View File

@ -55,6 +55,7 @@ void FatalException(v8::Isolate* isolate,
V(ERR_SCRIPT_EXECUTION_INTERRUPTED, Error) \
V(ERR_SCRIPT_EXECUTION_TIMEOUT, Error) \
V(ERR_STRING_TOO_LONG, Error) \
V(ERR_TLS_INVALID_PROTOCOL_METHOD, TypeError) \
V(ERR_TRANSFERRING_EXTERNALIZED_SHAREDARRAYBUFFER, TypeError) \
#define V(code, type) \