Skip to content

Commit

Permalink
crypto: clear some SSL_METHOD deprecation warnings
Browse files Browse the repository at this point in the history
Fixing the rest will be rather involved. I think the cleanest option is
to deprecate the method string APIs which are weird to begin with.

PR-URL: #16130
Backport-PR-URL: #18622
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
  • Loading branch information
davidben authored and gibfahn committed Feb 18, 2018
1 parent 7873826 commit b0526ba
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,8 @@ static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) {
return 1;
}

static const SSL_METHOD* TLS_method() { return SSLv23_method(); }

static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
const unsigned char** tick, size_t* len) {
*len = s->tlsext_ticklen;
Expand Down Expand Up @@ -547,12 +549,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
Environment* env = sc->env();

const SSL_METHOD* method = SSLv23_method();
const SSL_METHOD* method = TLS_method();

if (args.Length() == 1 && args[0]->IsString()) {
const node::Utf8Value sslmethod(env->isolate(), args[0]);

// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends
// Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends
// are still accepted. They are OpenSSL's way of saying that all known
// protocols are supported unless explicitly disabled (which we do below
// for SSLv2 and SSLv3.)
Expand Down Expand Up @@ -600,7 +602,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
sc->ctx_ = SSL_CTX_new(method);
SSL_CTX_set_app_data(sc->ctx_, sc);

// Disable SSLv2 in the case when method == SSLv23_method() and the
// Disable SSLv2 in the case when method == TLS_method() and the
// cipher list contains SSLv2 ciphers (not the default, should be rare.)
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
Expand Down Expand Up @@ -5947,7 +5949,7 @@ void RandomBytesBuffer(const FunctionCallbackInfo<Value>& args) {
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

SSL_CTX* ctx = SSL_CTX_new(TLSv1_server_method());
SSL_CTX* ctx = SSL_CTX_new(TLS_method());
if (ctx == nullptr) {
return env->ThrowError("SSL_CTX_new() failed.");
}
Expand Down

0 comments on commit b0526ba

Please sign in to comment.