From 84a1b182321f497f6c08bb151cccc11683d21a04 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Tue, 20 Nov 2018 15:30:34 -0800 Subject: [PATCH] tls: add code for ERR_TLS_INVALID_PROTOCOL_METHOD Add an error code property to invalid `secureProtocol` method exceptions. PR-URL: https://github.com/nodejs/node/pull/24729 Reviewed-By: Joyee Cheung Reviewed-By: James M Snell --- doc/api/errors.md | 6 ++++++ src/node_crypto.cc | 23 ++++++++++++++++------- src/node_errors.h | 1 + 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/doc/api/errors.md b/doc/api/errors.md index 986c8e7e7e8d71..ee5421c0ec7d18 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -1724,6 +1724,12 @@ recommended to use 2048 bits or larger for stronger security. A TLS/SSL handshake timed out. In this case, the server must also abort the connection. + +### ERR_TLS_INVALID_PROTOCOL_METHOD + +The specified `secureProtocol` method is invalid. It is either unknown, or +disabled because it is insecure. + ### ERR_TLS_INVALID_PROTOCOL_VERSION diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 68af2f58b5cfee..69acc90e752da8 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -54,6 +54,8 @@ static const int X509_NAME_FLAGS = ASN1_STRFLGS_ESC_CTRL namespace node { namespace crypto { +using node::THROW_ERR_TLS_INVALID_PROTOCOL_METHOD; + using v8::Array; using v8::ArrayBufferView; using v8::Boolean; @@ -413,17 +415,23 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { // protocols are supported unless explicitly disabled (which we do below // for SSLv2 and SSLv3.) if (strcmp(*sslmethod, "SSLv2_method") == 0) { - return env->ThrowError("SSLv2 methods disabled"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); + return; } else if (strcmp(*sslmethod, "SSLv2_server_method") == 0) { - return env->ThrowError("SSLv2 methods disabled"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); + return; } else if (strcmp(*sslmethod, "SSLv2_client_method") == 0) { - return env->ThrowError("SSLv2 methods disabled"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); + return; } else if (strcmp(*sslmethod, "SSLv3_method") == 0) { - return env->ThrowError("SSLv3 methods disabled"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); + return; } else if (strcmp(*sslmethod, "SSLv3_server_method") == 0) { - return env->ThrowError("SSLv3 methods disabled"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); + return; } else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) { - return env->ThrowError("SSLv3 methods disabled"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); + return; } else if (strcmp(*sslmethod, "SSLv23_method") == 0) { // noop } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) { @@ -467,7 +475,8 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { max_version = TLS1_2_VERSION; method = TLS_client_method(); } else { - return env->ThrowError("Unknown method"); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "Unknown method"); + return; } } diff --git a/src/node_errors.h b/src/node_errors.h index 2e9fd761a8319d..835794b17820cc 100644 --- a/src/node_errors.h +++ b/src/node_errors.h @@ -55,6 +55,7 @@ void FatalException(v8::Isolate* isolate, V(ERR_SCRIPT_EXECUTION_INTERRUPTED, Error) \ V(ERR_SCRIPT_EXECUTION_TIMEOUT, Error) \ V(ERR_STRING_TOO_LONG, Error) \ + V(ERR_TLS_INVALID_PROTOCOL_METHOD, TypeError) \ V(ERR_TRANSFERRING_EXTERNALIZED_SHAREDARRAYBUFFER, TypeError) \ #define V(code, type) \