tls: handle empty cert in checkServerIndentity

This resolves joyent/node#9272. `tlsSocket.getPeerCertificate` will return an empty object when the peer does not provide a certificate, but, prior to this, when the certificate is empty, `checkServerIdentity` would throw because the `subject` wasn't present on the cert. `checkServerIdentity` must return an error, not throw one, so this returns an error when the cert is empty instead of throwing a `TypeError`. PR-URL: https://github.com/nodejs/node/pull/2343 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
author: Mike Atkins <mike.atkins@lanetix.com> 2015-08-10 18:55:37 +0300
committer: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-08-21 05:24:51 +0300
commit: f1810ed1b86cbbe5560a96839f5320b4be6ec5f7 (patch)
tree: 63317705d35e276e0e51a24316ade3e86ab860ef /lib/tls.js
parent: ec6e5c79993599a8b6977050bcc09b32b187a8ac (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/tls.js b/lib/tls.js
index 714fdebfc07..0e22242bc47 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -151,7 +151,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
                            host,
                            ips.join(', '));
     }
-  } else {
+  } else if (cert.subject) {
     // Transform hostname to canonical form
     if (!/\.$/.test(host)) host += '.';
 
@@ -204,6 +204,8 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
                              cert.subject.CN);
       }
     }
+  } else {
+    reason = 'Cert is empty';
   }
 
   if (!valid) {
author	Mike Atkins <mike.atkins@lanetix.com>	2015-08-10 18:55:37 +0300
committer	Shigeki Ohtsu <ohtsu@iij.ad.jp>	2015-08-21 05:24:51 +0300
commit	f1810ed1b86cbbe5560a96839f5320b4be6ec5f7 (patch)
tree	63317705d35e276e0e51a24316ade3e86ab860ef /lib/tls.js
parent	ec6e5c79993599a8b6977050bcc09b32b187a8ac (diff)