projects / platform / upstream / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8cee8f5) | patch
crypto: fix VerifyCallback in case of verify error
authorShigeki Ohtsu <ohtsu@iij.ad.jp>
Fri, 26 Jun 2015 02:44:44 +0000 (11:44 +0900)
committerShigeki Ohtsu <ohtsu@iij.ad.jp>
Sat, 27 Jun 2015 01:38:47 +0000 (10:38 +0900)
commit9e890fe8b4da4c0eab922f1e0d0ce0f69015758a
tree42095f0be2c9732d897092afcb8e3fb062783f9ctree | snapshot
parent8cee8f54fc5fe3d340bf10ba2e9dbb5648b21b83commit | diff
crypto: fix VerifyCallback in case of verify error

3beb880716654dbb2bbb9e333758825172951775 has a bug in VerifyCallback
when preverify is 1 and the cert chain has an verify error. If the
error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion
error in finding rootCA.
The whitelist check should be made only when the cert chain has no
verify error with X509_V_OK.

Fixes: https://github.com/nodejs/io.js/issues/2061
PR-URL: https://github.com/nodejs/io.js/pull/2064
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
src/node_crypto.cc diff | blob | history
test/parallel/test-tls-cnnic-whitelist.js diff | blob | history
Domain: Web Framework / Common;