Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a11ff31

Browse filesBrowse files
CallMeLaNNtargos
CallMeLaNN
authored and
targos
committed
tls: permit null as a pfx value
Allow null along with undefined for pfx value. This is to avoid breaking change when upgrading v14 to v16 and 3rd party library passing null to pfx Fixes: #36292 PR-URL: #41170 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
1 parent 4079fc4 commit a11ff31
Copy full SHA for a11ff31

File tree

Expand file treeCollapse file tree

2 files changed

+50
-18
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+50
-18
lines changed
Open diff view settings
Collapse file

‎lib/internal/tls/secure-context.js‎

Copy file name to clipboardExpand all lines: lib/internal/tls/secure-context.js
+22-18Lines changed: 22 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ function validateKeyOrCertOption(name, value) {
8383

8484
function setKey(context, key, passphrase, name) {
8585
validateKeyOrCertOption(`${name}.key`, key);
86-
if (passphrase != null)
86+
if (passphrase !== undefined && passphrase !== null)
8787
validateString(passphrase, `${name}.passphrase`);
8888
context.setKey(key, passphrase);
8989
}
@@ -160,16 +160,20 @@ function configSecureContext(context, options = {}, name = 'options') {
160160
if (ArrayIsArray(key)) {
161161
for (let i = 0; i < key.length; ++i) {
162162
const val = key[i];
163-
// eslint-disable-next-line eqeqeq
164-
const pem = (val != undefined && val.pem !== undefined ? val.pem : val);
165-
setKey(context, pem, val.passphrase || passphrase, name);
163+
const pem = (
164+
val !== undefined && val !== null &&
165+
val.pem !== undefined ? val.pem : val);
166+
const pass = (
167+
val !== undefined && val !== null &&
168+
val.passphrase !== undefined ? val.passphrase : passphrase);
169+
setKey(context, pem, pass, name);
166170
}
167171
} else {
168172
setKey(context, key, passphrase, name);
169173
}
170174
}
171175

172-
if (sigalgs !== undefined) {
176+
if (sigalgs !== undefined && sigalgs !== null) {
173177
validateString(sigalgs, `${name}.sigalgs`);
174178

175179
if (sigalgs === '')
@@ -178,8 +182,8 @@ function configSecureContext(context, options = {}, name = 'options') {
178182
context.setSigalgs(sigalgs);
179183
}
180184

181-
if (privateKeyIdentifier !== undefined) {
182-
if (privateKeyEngine === undefined) {
185+
if (privateKeyIdentifier !== undefined && privateKeyIdentifier !== null) {
186+
if (privateKeyEngine === undefined || privateKeyEngine === null) {
183187
// Engine is required when privateKeyIdentifier is present
184188
throw new ERR_INVALID_ARG_VALUE(`${name}.privateKeyEngine`,
185189
privateKeyEngine);
@@ -198,16 +202,16 @@ function configSecureContext(context, options = {}, name = 'options') {
198202
throw new ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED();
199203
} else if (typeof privateKeyIdentifier !== 'string') {
200204
throw new ERR_INVALID_ARG_TYPE(`${name}.privateKeyIdentifier`,
201-
['string', 'undefined'],
205+
['string', 'null', 'undefined'],
202206
privateKeyIdentifier);
203207
} else {
204208
throw new ERR_INVALID_ARG_TYPE(`${name}.privateKeyEngine`,
205-
['string', 'undefined'],
209+
['string', 'null', 'undefined'],
206210
privateKeyEngine);
207211
}
208212
}
209213

210-
if (ciphers != null)
214+
if (ciphers !== undefined && ciphers !== null)
211215
validateString(ciphers, `${name}.ciphers`);
212216

213217
// Work around an OpenSSL API quirk. cipherList is for TLSv1.2 and below,
@@ -237,14 +241,14 @@ function configSecureContext(context, options = {}, name = 'options') {
237241
validateString(ecdhCurve, `${name}.ecdhCurve`);
238242
context.setECDHCurve(ecdhCurve);
239243

240-
if (dhparam !== undefined) {
244+
if (dhparam !== undefined && dhparam !== null) {
241245
validateKeyOrCertOption(`${name}.dhparam`, dhparam);
242246
const warning = context.setDHParam(dhparam);
243247
if (warning)
244248
process.emitWarning(warning, 'SecurityWarning');
245249
}
246250

247-
if (crl !== undefined) {
251+
if (crl !== undefined && crl !== null) {
248252
if (ArrayIsArray(crl)) {
249253
for (const val of crl) {
250254
validateKeyOrCertOption(`${name}.crl`, val);
@@ -256,17 +260,17 @@ function configSecureContext(context, options = {}, name = 'options') {
256260
}
257261
}
258262

259-
if (sessionIdContext !== undefined) {
263+
if (sessionIdContext !== undefined && sessionIdContext !== null) {
260264
validateString(sessionIdContext, `${name}.sessionIdContext`);
261265
context.setSessionIdContext(sessionIdContext);
262266
}
263267

264-
if (pfx !== undefined) {
268+
if (pfx !== undefined && pfx !== null) {
265269
if (ArrayIsArray(pfx)) {
266270
ArrayPrototypeForEach(pfx, (val) => {
267271
const raw = val.buf ? val.buf : val;
268272
const pass = val.passphrase || passphrase;
269-
if (pass !== undefined) {
273+
if (pass !== undefined && pass !== null) {
270274
context.loadPKCS12(toBuf(raw), toBuf(pass));
271275
} else {
272276
context.loadPKCS12(toBuf(raw));
@@ -284,13 +288,13 @@ function configSecureContext(context, options = {}, name = 'options') {
284288
throw new ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED();
285289
else
286290
context.setClientCertEngine(clientCertEngine);
287-
} else if (clientCertEngine !== undefined) {
291+
} else if (clientCertEngine !== undefined && clientCertEngine !== null) {
288292
throw new ERR_INVALID_ARG_TYPE(`${name}.clientCertEngine`,
289293
['string', 'null', 'undefined'],
290294
clientCertEngine);
291295
}
292296

293-
if (ticketKeys !== undefined) {
297+
if (ticketKeys !== undefined && ticketKeys !== null) {
294298
if (!isArrayBufferView(ticketKeys)) {
295299
throw new ERR_INVALID_ARG_TYPE(
296300
`${name}.ticketKeys`,
@@ -306,7 +310,7 @@ function configSecureContext(context, options = {}, name = 'options') {
306310
context.setTicketKeys(ticketKeys);
307311
}
308312

309-
if (sessionTimeout !== undefined) {
313+
if (sessionTimeout !== undefined && sessionTimeout !== null) {
310314
validateInt32(sessionTimeout, `${name}.sessionTimeout`);
311315
context.setSessionTimeout(sessionTimeout);
312316
}
Collapse file

‎test/parallel/test-tls-connect-secure-context.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-tls-connect-secure-context.js
+28Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,3 +23,31 @@ connect({
2323
assert.ifError(err);
2424
return cleanup();
2525
});
26+
27+
connect({
28+
client: {
29+
servername: 'agent1',
30+
secureContext: tls.createSecureContext({
31+
ca: keys.agent1.ca,
32+
ciphers: null,
33+
clientCertEngine: null,
34+
crl: null,
35+
dhparam: null,
36+
passphrase: null,
37+
pfx: null,
38+
privateKeyIdentifier: null,
39+
privateKeyEngine: null,
40+
sessionIdContext: null,
41+
sessionTimeout: null,
42+
sigalgs: null,
43+
ticketKeys: null,
44+
}),
45+
},
46+
server: {
47+
cert: keys.agent1.cert,
48+
key: keys.agent1.key,
49+
},
50+
}, function(err, pair, cleanup) {
51+
assert.ifError(err);
52+
return cleanup();
53+
});

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.