projects / platform / upstream / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 30b7349) | patch
tls: use `SSL_set_cert_cb` for async SNI/OCSP
authorFedor Indutny <fedor@indutny.com>
Sat, 18 Apr 2015 08:19:23 +0000 (10:19 +0200)
committerFedor Indutny <fedor@indutny.com>
Fri, 1 May 2015 14:56:55 +0000 (16:56 +0200)
commit550c2638c0885f9cbb1022f8f5234015e21836fe
tree5bc382b6cef0b84dc1851f719a33b7eb975339b6tree | snapshot
parent30b7349176da785cd7294fec8c31cfb9c5f791e8commit | diff
tls: use `SSL_set_cert_cb` for async SNI/OCSP

Do not enable ClientHello parser for async SNI/OCSP. Use new
OpenSSL-1.0.2's API `SSL_set_cert_cb` to pause the handshake process and
load the cert/OCSP response asynchronously. Hopefuly this will make
whole async SNI/OCSP process much faster and will eventually let us
remove the ClientHello parser itself (which is currently used only for
async session, see #1462 for the discussion of removing it).

NOTE: Ported our code to `SSL_CTX_add1_chain_cert` to use
`SSL_CTX_get0_chain_certs` in `CertCbDone`. Test provided for this
feature.

Fix: https://github.com/iojs/io.js/issues/1423
PR-URL: https://github.com/iojs/io.js/pull/1464
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
23 files changed:
lib/_tls_wrap.js diff | blob | history
src/env.h diff | blob | history
src/node_crypto.cc diff | blob | history
src/node_crypto.h diff | blob | history
src/tls_wrap.cc diff | blob | history
src/tls_wrap.h diff | blob | history
test/fixtures/keys/Makefile diff | blob | history
test/fixtures/keys/agent1-cert.pem diff | blob | history
test/fixtures/keys/agent6-cert.pem [new file with mode: 0644] blob
test/fixtures/keys/agent6-csr.pem [new file with mode: 0644] blob
test/fixtures/keys/agent6-key.pem [new file with mode: 0644] blob
test/fixtures/keys/agent6.cnf [new file with mode: 0644] blob
test/fixtures/keys/ca1-cert.pem diff | blob | history
test/fixtures/keys/ca1-cert.srl diff | blob | history
test/fixtures/keys/ca1-key.pem diff | blob | history
test/fixtures/keys/ca1.cnf diff | blob | history
test/fixtures/keys/ca3-cert.pem [new file with mode: 0644] blob
test/fixtures/keys/ca3-cert.srl [new file with mode: 0644] blob
test/fixtures/keys/ca3-csr.pem [new file with mode: 0644] blob
test/fixtures/keys/ca3-key.pem [new file with mode: 0644] blob
test/fixtures/keys/ca3.cnf [new file with mode: 0644] blob
test/parallel/test-tls-peer-certificate.js diff | blob | history
test/parallel/test-tls-sni-server-client.js diff | blob | history
Domain: Web Framework / Common;