Skip to content

Commit

Permalink
crypto: clear some SSL_METHOD deprecation warnings
Browse files Browse the repository at this point in the history
Fixing the rest will be rather involved. I think the cleanest option is
to deprecate the method string APIs which are weird to begin with.

PR-URL: #16130
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Rod Vagg <[email protected]>
  • Loading branch information
davidben authored and evanlucas committed Nov 13, 2017
1 parent a5e7255 commit f952caa
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,8 @@ static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) {
return 1;
}

static const SSL_METHOD* TLS_method() { return SSLv23_method(); }

static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
const unsigned char** tick, size_t* len) {
*len = s->tlsext_ticklen;
Expand Down Expand Up @@ -548,12 +550,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
Environment* env = sc->env();

const SSL_METHOD* method = SSLv23_method();
const SSL_METHOD* method = TLS_method();

if (args.Length() == 1 && args[0]->IsString()) {
const node::Utf8Value sslmethod(env->isolate(), args[0]);

// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends
// Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends
// are still accepted. They are OpenSSL's way of saying that all known
// protocols are supported unless explicitly disabled (which we do below
// for SSLv2 and SSLv3.)
Expand Down Expand Up @@ -601,7 +603,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
sc->ctx_ = SSL_CTX_new(method);
SSL_CTX_set_app_data(sc->ctx_, sc);

// Disable SSLv2 in the case when method == SSLv23_method() and the
// Disable SSLv2 in the case when method == TLS_method() and the
// cipher list contains SSLv2 ciphers (not the default, should be rare.)
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
Expand Down Expand Up @@ -5817,7 +5819,7 @@ void RandomBytesBuffer(const FunctionCallbackInfo<Value>& args) {
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

SSL_CTX* ctx = SSL_CTX_new(TLSv1_server_method());
SSL_CTX* ctx = SSL_CTX_new(TLS_method());
CHECK_NE(ctx, nullptr);

SSL* ssl = SSL_new(ctx);
Expand Down

0 comments on commit f952caa

Please sign in to comment.