tls: copy client CAs and cert store on CertCb by indutny · Pull Request #3537 · nodejs/node

indutny · 2015-10-26T23:15:29Z

Copy client CA certs and cert store when asynchronously selecting
SecureContext during SNICallback.

Fix: #2772

cc @nodejs/crypto

bnoordhuis · 2015-10-27T11:38:36Z

You should check the return code here.

Good idea, though it can't fail in current OpenSSL implementation.

bnoordhuis · 2015-10-27T11:43:56Z

Left some comments. The commit log could go into more detail into why this change is necessary.

indutny · 2015-10-27T17:55:15Z

@bnoordhuis pushed fixes, thanks!

indutny · 2015-10-27T17:55:42Z

CI: https://ci.nodejs.org/job/node-test-pull-request/631/

indutny · 2015-10-27T18:32:12Z

CI seems to be green, LGTY @bnoordhuis ?

Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772

indutny · 2015-10-27T18:46:40Z

@bnoordhuis updated commit message too

bnoordhuis · 2015-11-10T21:59:52Z

Can you add a comment explaining that SSL_set_client_CA_list takes ownership of the duplicate? And maybe explain why you copy it from the SSL_CTX to the SSL?

indutny · 2015-11-12T22:26:35Z

All fixed, PTAL @bnoordhuis

indutny · 2015-11-12T22:30:00Z

CI: https://ci.nodejs.org/job/node-test-pull-request/715/

bnoordhuis · 2015-11-13T14:40:49Z

LGTM

indutny · 2015-11-13T17:48:46Z

Landed in 483a41c, thank you!

Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: #2772 PR-URL: #3537 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

rvagg · 2016-01-15T06:04:37Z

I'm having trouble working out if this is a bugfix or something closer to a semver-minor. @indutny can you make a call on whether this would qualify for backporting to LTS?

indutny · 2016-01-15T06:19:42Z

This is a bugfix.

indutny · 2016-01-15T06:20:19Z

I think it qualifies for backport.

jasnell · 2016-01-15T06:20:50Z

The line on this one may be rather fuzzy but I tend to agree with @indutny

Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: #2772 PR-URL: #3537 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772 PR-URL: nodejs#3537 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

mscdex added the tls Issues and PRs related to the tls subsystem. label Oct 27, 2015

bnoordhuis reviewed Oct 27, 2015
View reviewed changes

tls: copy client CAs and cert store on CertCb

7f60df5

Copy client CA certs and cert store when asynchronously selecting `SecureContext` during `SNICallback`. We already copy private key, certificate, and certificate chain, but the client CA certs were missing. Fix: nodejs#2772

indutny force-pushed the fix/tls-ca-sni branch from 387e4b9 to 7f60df5 Compare October 27, 2015 18:46

bnoordhuis reviewed Nov 10, 2015
View reviewed changes

fixes

919dd47

indutny closed this Nov 13, 2015

indutny deleted the fix/tls-ca-sni branch November 13, 2015 17:48

rvagg mentioned this pull request Dec 17, 2015

Release 4.2.4 Planning #4321

Closed

MylesBorins mentioned this pull request Jan 14, 2016

Audit commits not found on v4.x-staging #4698

Closed

indutny added the lts-watch-v4.x label Jan 15, 2016

MylesBorins added land-on-v4.x and removed lts-watch-v4.x labels Jan 28, 2016

MylesBorins mentioned this pull request Feb 11, 2016

V4.3.1 proposal #5200

Merged

Uh oh!

Conversation

indutny commented Oct 26, 2015

Uh oh!

bnoordhuis Oct 27, 2015

Choose a reason for hiding this comment

Uh oh!

indutny Oct 27, 2015

Choose a reason for hiding this comment

Uh oh!

bnoordhuis commented Oct 27, 2015

Uh oh!

indutny commented Oct 27, 2015

Uh oh!

indutny commented Oct 27, 2015

Uh oh!

indutny commented Oct 27, 2015

Uh oh!

indutny commented Oct 27, 2015

Uh oh!

bnoordhuis Nov 10, 2015

Choose a reason for hiding this comment

Uh oh!

indutny Nov 12, 2015

Choose a reason for hiding this comment

Uh oh!

indutny commented Nov 12, 2015

Uh oh!

indutny commented Nov 12, 2015

Uh oh!

bnoordhuis commented Nov 13, 2015

Uh oh!

indutny commented Nov 13, 2015

Uh oh!

rvagg commented Jan 15, 2016

Uh oh!

indutny commented Jan 15, 2016

Uh oh!

indutny commented Jan 15, 2016

Uh oh!

jasnell commented Jan 15, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants