d2i_X509_NAME(nullptr, &cnnic_ev_p,
sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA)-1);
-// Forcibly clear OpenSSL's error stack on return. This stops stale errors
-// from popping up later in the lifecycle of crypto operations where they
-// would cause spurious failures. It's a rather blunt method, though.
-// ERR_clear_error() isn't necessarily cheap either.
-struct ClearErrorOnReturn {
- ~ClearErrorOnReturn() { ERR_clear_error(); }
-};
-
static uv_mutex_t* locks;
const char* const root_certs[] = {
namespace node {
namespace crypto {
+// Forcibly clear OpenSSL's error stack on return. This stops stale errors
+// from popping up later in the lifecycle of crypto operations where they
+// would cause spurious failures. It's a rather blunt method, though.
+// ERR_clear_error() isn't necessarily cheap either.
+struct ClearErrorOnReturn {
+ ~ClearErrorOnReturn() { ERR_clear_error(); }
+};
+
+// Pop errors from OpenSSL's error stack that were added
+// between when this was constructed and destructed.
+struct MarkPopErrorOnReturn {
+ MarkPopErrorOnReturn() { ERR_set_mark(); }
+ ~MarkPopErrorOnReturn() { ERR_pop_to_mark(); }
+};
+
enum CheckResult {
CHECK_CERT_REVOKED = 0,
CHECK_OK = 1
using v8::String;
using v8::Value;
-
TLSWrap::TLSWrap(Environment* env,
Kind kind,
StreamBase* stream,
if (ssl_ == nullptr)
return;
+ crypto::MarkPopErrorOnReturn mark_pop_error_on_return;
+
char out[kClearOutChunkSize];
int read;
for (;;) {
if (ssl_ == nullptr)
return false;
+ crypto::MarkPopErrorOnReturn mark_pop_error_on_return;
+
int written = 0;
while (clear_in_->Length() > 0) {
size_t avail = 0;
if (ssl_ == nullptr)
return UV_EPROTO;
+ crypto::MarkPopErrorOnReturn mark_pop_error_on_return;
+
int written = 0;
for (i = 0; i < count; i++) {
written = SSL_write(ssl_, bufs[i].base, bufs[i].len);
int TLSWrap::DoShutdown(ShutdownWrap* req_wrap) {
+ crypto::MarkPopErrorOnReturn mark_pop_error_on_return;
+
if (ssl_ != nullptr && SSL_shutdown(ssl_) == 0)
SSL_shutdown(ssl_);
+
shutdown_ = true;
EncOut();
return stream_->DoShutdown(req_wrap);