projects / platform / upstream / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96165f9) | patch
crypto: add cert check to CNNIC Whitelist
authorShigeki Ohtsu <ohtsu@iij.ad.jp>
Thu, 4 Jun 2015 08:50:33 +0000 (17:50 +0900)
committerShigeki Ohtsu <ohtsu@iij.ad.jp>
Tue, 16 Jun 2015 14:26:29 +0000 (23:26 +0900)
commit3beb880716654dbb2bbb9e333758825172951775
tree59a6bcbff9260a7c399be7dbf56b12b19b243786tree | snapshot
parent96165f9be2365eeb4c4669553cb7f12d6f5a374ccommit | diff
crypto: add cert check to CNNIC Whitelist

When client connect to the server with certification issued by either
CNNIC Root CA or CNNIC EV Root CA, check hash of server
certification in the list of CNNICHashWhitelist.inc. If it's not,
CERT_REVOKED error returns.

See for details in
https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/

PR-URL: https://github.com/nodejs/io.js/pull/1895
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
14 files changed:
src/CNNICHashWhitelist.inc [new file with mode: 0644] blob
src/node_crypto.cc diff | blob | history
src/node_crypto.h diff | blob | history
test/fixtures/keys/Makefile diff | blob | history
test/fixtures/keys/agent7-cert.pem [new file with mode: 0644] blob
test/fixtures/keys/agent7-csr.pem [new file with mode: 0644] blob
test/fixtures/keys/agent7-key.pem [new file with mode: 0644] blob
test/fixtures/keys/agent7.cnf [new file with mode: 0644] blob
test/fixtures/keys/fake-cnnic-root-cert.pem [new file with mode: 0644] blob
test/fixtures/keys/fake-cnnic-root-cert.srl [new file with mode: 0644] blob
test/fixtures/keys/fake-cnnic-root-key.pem [new file with mode: 0644] blob
test/fixtures/keys/fake-cnnic-root.cnf [new file with mode: 0644] blob
test/internet/test-tls-connnect-cnnic.js [new file with mode: 0644] blob
test/parallel/test-tls-cnnic-whitelist.js [new file with mode: 0644] blob
Domain: Web Framework / Common;