diff options
| author | Eric Bickle <ebickle@users.noreply.github.com> | 2020-03-04 00:35:28 +0300 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2020-03-11 19:33:01 +0300 |
| commit | 091444a49db534ed099b5a099060d95a209939bb (patch) | |
| tree | e8cd3203fb0da5c588dfcfb2fe9219e7e79fc9c1 /src/node_crypto.cc | |
| parent | 943887f5bec93ca8f3849c15965073aad3907790 (diff) | |
src: fix missing extra ca in tls.rootCertificates
Fixes tls.rootCertificates missing certificates loaded from
NODE_EXTRA_CA_CERTS.
Fixes: https://github.com/nodejs/node/issues/32074
PR-URL: https://github.com/nodejs/node/pull/32075
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_crypto.cc')
| -rw-r--r-- | src/node_crypto.cc | 63 |
1 files changed, 45 insertions, 18 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 8286e41af91..1480eb04f88 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -986,24 +986,6 @@ static X509_STORE* NewRootCertStore() { } -void GetRootCertificates(const FunctionCallbackInfo<Value>& args) { - Environment* env = Environment::GetCurrent(args); - Local<Value> result[arraysize(root_certs)]; - - for (size_t i = 0; i < arraysize(root_certs); i++) { - if (!String::NewFromOneByte( - env->isolate(), - reinterpret_cast<const uint8_t*>(root_certs[i]), - NewStringType::kNormal).ToLocal(&result[i])) { - return; - } - } - - args.GetReturnValue().Set( - Array::New(env->isolate(), result, arraysize(root_certs))); -} - - void SecureContext::AddCACert(const FunctionCallbackInfo<Value>& args) { Environment* env = Environment::GetCurrent(args); @@ -2680,6 +2662,21 @@ static inline Local<Value> BIOToStringOrBuffer(Environment* env, } } +static MaybeLocal<Value> X509ToPEM(Environment* env, X509* cert) { + BIOPointer bio(BIO_new(BIO_s_mem())); + if (!bio) { + ThrowCryptoError(env, ERR_get_error(), "BIO_new"); + return MaybeLocal<Value>(); + } + + if (PEM_write_bio_X509(bio.get(), cert) == 0) { + ThrowCryptoError(env, ERR_get_error(), "PEM_write_bio_X509"); + return MaybeLocal<Value>(); + } + + return BIOToStringOrBuffer(env, bio.get(), kKeyFormatPEM); +} + static bool WritePublicKeyInner(EVP_PKEY* pkey, const BIOPointer& bio, const PublicKeyEncodingConfig& config) { @@ -6660,6 +6657,36 @@ void ExportChallenge(const FunctionCallbackInfo<Value>& args) { } +void GetRootCertificates(const FunctionCallbackInfo<Value>& args) { + Environment* env = Environment::GetCurrent(args); + + if (root_cert_store == nullptr) + root_cert_store = NewRootCertStore(); + + stack_st_X509_OBJECT* objs = X509_STORE_get0_objects(root_cert_store); + int num_objs = sk_X509_OBJECT_num(objs); + + std::vector<Local<Value>> result; + result.reserve(num_objs); + + for (int i = 0; i < num_objs; i++) { + X509_OBJECT* obj = sk_X509_OBJECT_value(objs, i); + if (X509_OBJECT_get_type(obj) == X509_LU_X509) { + X509* cert = X509_OBJECT_get0_X509(obj); + + Local<Value> value; + if (!X509ToPEM(env, cert).ToLocal(&value)) + return; + + result.push_back(value); + } + } + + args.GetReturnValue().Set( + Array::New(env->isolate(), result.data(), result.size())); +} + + // Convert the input public key to compressed, uncompressed, or hybrid formats. void ConvertKey(const FunctionCallbackInfo<Value>& args) { MarkPopErrorOnReturn mark_pop_error_on_return; |