OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

tls: check result of SSL_CTX_set_*_proto_version

Browse Source 
These functions generally should not fail, but we also shouldn't ignore
potential failures entirely since security properties of the application
might depend on successful configuration.

This also is consistent with the existing CHECKs in SetMinProto() and
SetMaxProto().

PR-URL: https://github.com/nodejs/node/pull/53459
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
This commit is contained in:
Tobias Nießen
2024-06-17 00:53:04 +02:00
committed by GitHub
parent 103623b5ae
commit 474d2f4834
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/crypto/crypto_context.cc
View File

@@ -540,8 +540,8 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
SSL_SESS_CACHE_NO_INTERNAL |
SSL_SESS_CACHE_NO_AUTO_CLEAR);
SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version);
SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version);
CHECK(SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version));
CHECK(SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version));
// OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
// exposed in the public API. To retain compatibility, install a callback