Skip to content

[v10.x backport] TLS1.3 (and dependent PRs) #27432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sam-github wants to merge 21 commits into from
Closed

[v10.x backport] TLS1.3 (and dependent PRs) #27432

Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
a868ebe
deps: update OpenSSL upgrade process
sam-github Mar 1, 2019
c80bff3
deps: upgrade openssl sources to 1.1.1b
sam-github Apr 25, 2019
63aa831
deps: openssl-1.1.1b no longer packages .gitignore
sam-github Feb 26, 2019
1cea121
deps: add ARM64 Windows support in openssl
shigeki Feb 23, 2019
c2310c7
deps: add s390 asm rules for OpenSSL-1.1.1
shigeki Mar 7, 2018
f54db0b
deps: update archs files for OpenSSL-1.1.1b
sam-github Apr 25, 2019
f47e208
tls: support changing credentials dynamically
cjihrig Oct 13, 2018
5f5d3c9
tls: get the local certificate after tls handshake
sam-github Nov 8, 2018
4a82835
tls: fix initRead socket argument name
sam-github Dec 19, 2018
78b42fc
tls: do not confuse session and session ID
sam-github Dec 19, 2018
a6635b2
src: use consistent names for JSStream
sam-github Dec 19, 2018
ae7c74c
tls: remove unused ocsp extension parsing
sam-github Dec 19, 2018
6b327e5
src: in-source comments and minor TLS cleanups
sam-github Jan 16, 2019
2d25b65
tls: introduce client 'session' event
sam-github Jan 30, 2019
8c7406f
tls: do not free cert in `.getCertificate()`
addaleax Jan 14, 2019
38838af
src: remove unused TLWrap::EnableTrace()
sam-github Jan 31, 2019
d3c7020
src: organize TLSWrap declarations by parent
sam-github Jan 31, 2019
1c3c9f3
tls: don't shadow the tls global with a local
sam-github Jan 31, 2019
750b906
src: const_cast is necessary for 1.1.1, not 0.9.7
sam-github Jan 31, 2019
5febe41
src: refactor SSLError case statement
sam-github Jan 31, 2019
1f65f18
tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
sam-github Nov 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
src: const_cast is necessary for 1.1.1, not 0.9.7 
The const_cast used to be necessary for SSL_get_app_data() in OpenSSL
0.9.7, but node doesn't compile against OpenSSL versions that old.
However, now it's needed for the recently introduced
SSL_renegotiate_pending(), which is not const-correct as of 1.1.1a.

PR-URL: #25861
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
  • Loading branch information
@sam-github
sam-github committed Apr 29, 2019
commit 750b9060227b1fc89988c718e6707a66ce46cda5
5 changes: 2 additions & 3 deletions src/tls_wrap.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,10 +211,9 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {
if (!(where & (SSL_CB_HANDSHAKE_START | SSL_CB_HANDSHAKE_DONE)))
return;

// Be compatible with older versions of OpenSSL. SSL_get_app_data() wants
// a non-const SSL* in OpenSSL <= 0.9.7e.
// SSL_renegotiate_pending() should take `const SSL*`, but it does not.
SSL* ssl = const_cast<SSL*>(ssl_);
TLSWrap* c = static_cast<TLSWrap*>(SSL_get_app_data(ssl));
TLSWrap* c = static_cast<TLSWrap*>(SSL_get_app_data(ssl_));
Environment* env = c->env();
HandleScope handle_scope(env->isolate());
Context::Scope context_scope(env->context());
Expand Down