Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit cfb2f34

Browse filesBrowse files
apapirovskiMylesBorins
apapirovski
authored and
MylesBorins
committed
tls: cleanup onhandshakestart callback
Re-arrange and cleanup the flow of the onhandshakestart to be more clear and less repetitive. Exit early in the case of a first ever handshake for a given connection. PR-URL: #20466 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
1 parent d0cbb4c commit cfb2f34
Copy full SHA for cfb2f34

File tree

Expand file treeCollapse file tree

1 file changed

+15
-19
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+15
-19
lines changed
Open diff view settings
Collapse file

‎lib/_tls_wrap.js‎

Copy file name to clipboardExpand all lines: lib/_tls_wrap.js
+15-19Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -62,32 +62,28 @@ const noop = () => {};
6262
function onhandshakestart(now) {
6363
debug('onhandshakestart');
6464

65-
assert(now >= this.lastHandshakeTime);
65+
const { lastHandshakeTime } = this;
66+
assert(now >= lastHandshakeTime);
6667

67-
const owner = this.owner;
68+
this.lastHandshakeTime = now;
6869

69-
if ((now - this.lastHandshakeTime) >= tls.CLIENT_RENEG_WINDOW * 1000) {
70-
this.handshakes = 0;
71-
}
70+
// If this is the first handshake we can skip the rest of the checks.
71+
if (lastHandshakeTime === 0)
72+
return;
7273

73-
const first = (this.lastHandshakeTime === 0);
74-
this.lastHandshakeTime = now;
75-
if (first) return;
74+
if ((now - lastHandshakeTime) >= tls.CLIENT_RENEG_WINDOW * 1000)
75+
this.handshakes = 1;
76+
else
77+
this.handshakes++;
7678

77-
if (++this.handshakes > tls.CLIENT_RENEG_LIMIT) {
78-
// Defer the error event to the next tick. We're being called from OpenSSL's
79-
// state machine and OpenSSL is not re-entrant. We cannot allow the user's
80-
// callback to destroy the connection right now, it would crash and burn.
81-
setImmediate(emitSessionAttackError, owner);
79+
const { owner } = this;
80+
if (this.handshakes > tls.CLIENT_RENEG_LIMIT) {
81+
owner._emitTLSError(new ERR_TLS_SESSION_ATTACK());
82+
return;
8283
}
8384

84-
if (owner[kDisableRenegotiation] && this.handshakes > 0) {
85+
if (owner[kDisableRenegotiation])
8586
owner._emitTLSError(new ERR_TLS_RENEGOTIATION_DISABLED());
86-
}
87-
}
88-
89-
function emitSessionAttackError(socket) {
90-
socket._emitTLSError(new ERR_TLS_SESSION_ATTACK());
9187
}
9288

9389
function onhandshakedone() {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.