Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: add ticketKeys option in createSecureContext #20916

Closed
wants to merge 4 commits into from
Closed

crypto: add ticketKeys option in createSecureContext #20916

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2594cd2
crypto: add ticketKeys option in createSecureContext
ryzokuken May 23, 2018
6269853
fixup! crypto: add ticketKeys option in createSecureContext
ryzokuken May 24, 2018
38e22dc
fixup! crypto: add ticketKeys option in createSecureContext
ryzokuken May 26, 2018
3964032
fixup! crypto: add ticketKeys option in createSecureContext
ryzokuken May 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions lib/_tls_common.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,15 @@ function SecureContext(secureProtocol, secureOptions, context) {
if (secureOptions) this.context.setOptions(secureOptions);
}

SecureContext.prototype.getTicketKeys = function getTicketKeys(keys) {
return this.context.getTicketKeys(keys);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realize you copied this from elsewhere but this method doesn't take any arguments, it returns a new buffer.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bnoordhuis quite right, I actually took my cues from https://github.com/ryzokuken/node/blob/6269853a9a444a3fbed351ddeb12a6e97114543d/lib/_tls_wrap.js#L928

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd look into the original context's getTicketKeys() method and try working with that one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Umm, it can take arguments? Idk, the code was:

void SecureContext::GetTicketKeys(const FunctionCallbackInfo<Value>& args) {
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_get_tlsext_ticket_keys)

  SecureContext* wrap;
  ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());

  Local<Object> buff = Buffer::New(wrap->env(), 48).ToLocalChecked();
  memcpy(Buffer::Data(buff), wrap->ticket_key_name_, 16);
  memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16);
  memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16);

  args.GetReturnValue().Set(buff);
#endif  // !def(OPENSSL_NO_TLSEXT) && def(SSL_CTX_get_tlsext_ticket_keys)
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anyway, I think most if not all people call it without any args plus no arguments mentioned in the docs, so I'll make the change.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean args? Any C++ API function takes that as its argument.

If you're referring to args.Holder(), that's the this object. Positional arguments are accessed using array notation, i.e., args[0].

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bnoordhuis TIL, I guess 😅 Not super good at the C++ part of things.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case, getTicketKeys indeed doesn't use any arguments while setTicketKeys takes one, perfect.

};


SecureContext.prototype.setTicketKeys = function setTicketKeys(keys) {
this.context.setTicketKeys(keys);
};

function validateKeyCert(name, value) {
if (typeof value !== 'string' && !isArrayBufferView(value)) {
throw new ERR_INVALID_ARG_TYPE(
Expand Down Expand Up @@ -223,6 +232,14 @@ exports.createSecureContext = function createSecureContext(options, context) {
options.clientCertEngine);
}

if (options.ticketKeys) {
c.context.setTicketKeys(options.ticketKeys);
}

if (options.sessionTimeout) {
c.context.setSessionTimeout(options.sessionTimeout);
}

return c;
};

Expand Down
12 changes: 3 additions & 9 deletions lib/_tls_wrap.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -885,7 +885,9 @@ function Server(options, listener) {
secureOptions: this.secureOptions,
honorCipherOrder: this.honorCipherOrder,
crl: this.crl,
sessionIdContext: this.sessionIdContext
sessionIdContext: this.sessionIdContext,
ticketKeys: this.ticketKeys,
sessionTimeout: this.sessionTimeout,
});

this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000);
Expand All @@ -896,14 +898,6 @@ function Server(options, listener) {
'options.handshakeTimeout', 'number', options.handshakeTimeout);
}

if (this.sessionTimeout) {
this._sharedCreds.context.setSessionTimeout(this.sessionTimeout);
}

if (this.ticketKeys) {
this._sharedCreds.context.setTicketKeys(this.ticketKeys);
}

// constructor call
net.Server.call(this, tlsConnectionListener);

Expand Down