Skip to content

Commit

Permalink
tls: throw error on bad ciphers option
Browse files Browse the repository at this point in the history
PR-URL: #21557
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tiancheng "Timothy" Gu <[email protected]>
  • Loading branch information
mscdex committed Jul 3, 2018
1 parent c267639 commit a15ea5d
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 24 deletions.
8 changes: 7 additions & 1 deletion src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -904,7 +904,13 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
THROW_AND_RETURN_IF_NOT_STRING(env, args[0], "Ciphers");

const node::Utf8Value ciphers(args.GetIsolate(), args[0]);
SSL_CTX_set_cipher_list(sc->ctx_.get(), *ciphers);
if (!SSL_CTX_set_cipher_list(sc->ctx_.get(), *ciphers)) {
unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
if (!err) {
return env->ThrowError("Failed to set ciphers");
}
return ThrowCryptoError(env, err);
}
}


Expand Down
19 changes: 7 additions & 12 deletions test/parallel/test-tls-handshake-error.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,12 @@ const server = tls.createServer({
rejectUnauthorized: true
}, function(c) {
}).listen(0, common.mustCall(function() {
const c = tls.connect({
port: this.address().port,
ciphers: 'RC4'
}, common.mustNotCall());
assert.throws(() => {
tls.connect({
port: this.address().port,
ciphers: 'RC4'
}, common.mustNotCall());
}, /no cipher match/i);

c.on('error', common.mustCall(function(err) {
assert.notStrictEqual(err.code, 'ECONNRESET');
}));

c.on('close', common.mustCall(function(err) {
assert.ok(err);
server.close();
}));
server.close();
}));
22 changes: 22 additions & 0 deletions test/parallel/test-tls-set-ciphers-error.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
'use strict';
const common = require('../common');

if (!common.hasCrypto)
common.skip('missing crypto');

const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');

{
const options = {
key: fixtures.readKey('agent2-key.pem'),
cert: fixtures.readKey('agent2-cert.pem'),
ciphers: 'aes256-sha'
};
assert.throws(() => tls.createServer(options, common.mustNotCall()),
/no cipher match/i);
options.ciphers = 'FOOBARBAZ';
assert.throws(() => tls.createServer(options, common.mustNotCall()),
/no cipher match/i);
}
19 changes: 8 additions & 11 deletions test/sequential/test-tls-connect.js
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,12 @@ const tls = require('tls');
const cert = fixtures.readSync('test_cert.pem');
const key = fixtures.readSync('test_key.pem');

const conn = tls.connect({
cert: cert,
key: key,
port: common.PORT,
ciphers: 'rick-128-roll'
}, common.mustNotCall());

conn.on(
'error',
common.mustCall((e) => { assert.strictEqual(e.code, 'ECONNREFUSED'); })
);
assert.throws(() => {
tls.connect({
cert: cert,
key: key,
port: common.PORT,
ciphers: 'rick-128-roll'
}, common.mustNotCall());
}, /no cipher match/i);
}

0 comments on commit a15ea5d

Please sign in to comment.