crypto: clear error in GetPeerCertificate

fix #6945

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 8f2b96f..4d1303e 100644 (file)
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -972,6 +972,9 @@ void SSLWrap<Base>::GetPeerCertificate(
   Base* w = Unwrap<Base>(args.This());
   Environment* env = w->ssl_env();
 
+  ClearErrorOnReturn clear_error_on_return;
+  (void) &clear_error_on_return;  // Silence unused variable warning.
+
   Local<Object> info = Object::New();
   X509* peer_cert = SSL_get_peer_certificate(w->ssl_);
   if (peer_cert != NULL) {

diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
index 0c75a55..c063377 100644 (file)
--- a/test/fixtures/keys/Makefile
+++ b/test/fixtures/keys/Makefile
@@ -1,4 +1,4 @@
-all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem ca2-crl.pem
+all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem ca2-crl.pem ec-cert.pem
 
 
 #
@@ -130,6 +130,19 @@ ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
                -out ca2-crl.pem \
                -passin 'pass:password'
 
+ec-key.pem:
+       openssl ecparam -genkey -out ec-key.pem -name prime256v1
+
+ec-csr.pem: ec-key.pem
+       openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
+
+ec-cert.pem: ec-csr.pem ec-key.pem
+       openssl x509 -req \
+               -days 9999 \
+               -in ec-csr.pem \
+               -signkey ec-key.pem \
+               -out ec-cert.pem
+
 clean:
        rm -f *.pem *.srl ca2-database.txt ca2-serial
 

diff --git a/test/fixtures/keys/ec-cert.pem b/test/fixtures/keys/ec-cert.pem
new file mode 100644 (file)
index 0000000..f208419
--- /dev/null
+++ b/test/fixtures/keys/ec-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAY8CCQDxe0NTwQvhajAJBgcqhkjOPQQBMH0xCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzANBgNVBAoTBkpveWVudDEQMA4GA1UE
+CxMHTm9kZS5qczEPMA0GA1UEAxMGYWdlbnQyMSAwHgYJKoZIhvcNAQkBFhFyeUB0
+aW55Y2xvdWRzLm9yZzAeFw0xNDAxMjUyMzQ1NTRaFw00MTA2MTEyMzQ1NTRaMH0x
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzANBgNVBAoT
+BkpveWVudDEQMA4GA1UECxMHTm9kZS5qczEPMA0GA1UEAxMGYWdlbnQyMSAwHgYJ
+KoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABMF+Qkla0cb0tH6NcJDnd2drh0xr74hkJY8SWtsZ/7WyL8VHN8SfoDOo
+2BZDByoBmHkFy1BEC0b7JFYOCAs/ShwwCQYHKoZIzj0EAQNIADBFAiEAwcJ6lRH6
+EhV5Iywr9VlmDsPDypEGIXMWLvw4Sbe+2+cCIC/TOweK9vmYiY2Y1ewAqhO7TGeX
+9nTgmSQD2OBZrrOf
+-----END CERTIFICATE-----

diff --git a/test/fixtures/keys/ec-csr.pem b/test/fixtures/keys/ec-csr.pem
new file mode 100644 (file)
index 0000000..c77a656
--- /dev/null
+++ b/test/fixtures/keys/ec-csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBNjCB3wIBADB9MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcT
+AlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMT
+BmFnZW50MjEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwWTATBgcq
+hkjOPQIBBggqhkjOPQMBBwNCAATBfkJJWtHG9LR+jXCQ53dna4dMa++IZCWPElrb
+Gf+1si/FRzfEn6AzqNgWQwcqAZh5BctQRAtG+yRWDggLP0ocoAAwCQYHKoZIzj0E
+AQNHADBEAiBqnVIhsMk35UAXt3/dgIAKUpnE652YTQ4rgidrxgbvqQIgDXs1gfj0
+3HACt3JASAlNgFGGUYmmDvKTj/7H1gQRB7Q=
+-----END CERTIFICATE REQUEST-----

diff --git a/test/fixtures/keys/ec-key.pem b/test/fixtures/keys/ec-key.pem
new file mode 100644 (file)
index 0000000..85c8d08
--- /dev/null
+++ b/test/fixtures/keys/ec-key.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINozA3blScV9x7C5R9RCaSqV4KOkrm0Gh0Qx7vr6VcnOoAoGCCqGSM49
+AwEHoUQDQgAEwX5CSVrRxvS0fo1wkOd3Z2uHTGvviGQljxJa2xn/tbIvxUc3xJ+g
+M6jYFkMHKgGYeQXLUEQLRvskVg4ICz9KHA==
+-----END EC PRIVATE KEY-----

diff --git a/test/fixtures/keys/ec.cnf b/test/fixtures/keys/ec.cnf
new file mode 100644 (file)
index 0000000..83ac65c
--- /dev/null
+++ b/test/fixtures/keys/ec.cnf
@@ -0,0 +1,17 @@
+[ req ]
+default_bits           = 1024
+days                   = 999
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt                 = no
+
+[ req_distinguished_name ]
+C                      = US
+ST                     = CA
+L                      = SF
+O                      = Joyent
+OU                     = Node.js
+CN                     = agent2
+emailAddress           = ry@tinyclouds.org
+
+[ req_attributes ]

diff --git a/test/simple/test-tls-no-rsa-key.js b/test/simple/test-tls-no-rsa-key.js
new file mode 100644 (file)
index 0000000..d50eab9
--- /dev/null
+++ b/test/simple/test-tls-no-rsa-key.js
@@ -0,0 +1,55 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if (!process.versions.openssl) {
+  console.error('Skipping because node compiled without OpenSSL.');
+  process.exit(0);
+}
+
+var common = require('../common');
+var assert = require('assert');
+var tls = require('tls');
+var fs = require('fs');
+var fs = require('fs');
+
+var options = {
+  key: fs.readFileSync(common.fixturesDir + '/keys/ec-key.pem'),
+  cert: fs.readFileSync(common.fixturesDir + '/keys/ec-cert.pem')
+};
+
+var cert = null;
+
+var server = tls.createServer(options, function(conn) {
+  conn.end('ok');
+}).listen(common.PORT, function() {
+  var c = tls.connect(common.PORT, {
+    rejectUnauthorized: false
+  }, function() {
+    cert = c.getPeerCertificate();
+    c.destroy();
+    server.close();
+  });
+});
+
+process.on('exit', function() {
+  assert(cert);
+  assert.equal(cert.subject.C, 'US');
+});