OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

crypto: disable SSLv3 if shared OpenSSL lacks it

Browse Source 
Some distributions disable SSLv3 due to POODLE.  In such a case, disable
the specific SSLv3 methods and throw an exception, much like the code
already does for SSLv2.  The SSLv23* code is retained because this is
OpenSSL's terminology for "no version in particular".

Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/101
This commit is contained in:
brian m. carlson
2014-12-06 18:52:25 +00:00
committed by Fedor Indutny
parent 21a679a10f
commit ac18ebddbd
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/node_crypto.cc
View File

@@ -328,11 +328,23 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
return env->ThrowError("SSLv2 methods disabled");
#endif
} else if (strcmp(*sslmethod, "SSLv3_method") == 0) {
#ifndef OPENSSL_NO_SSL3
method = SSLv3_method();
#else
return env->ThrowError("SSLv3 methods disabled");
#endif
} else if (strcmp(*sslmethod, "SSLv3_server_method") == 0) {
#ifndef OPENSSL_NO_SSL3
method = SSLv3_server_method();
#else
return env->ThrowError("SSLv3 methods disabled");
#endif
} else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) {
#ifndef OPENSSL_NO_SSL3
method = SSLv3_client_method();
#else
return env->ThrowError("SSLv3 methods disabled");
#endif
} else if (strcmp(*sslmethod, "SSLv23_method") == 0) {
method = SSLv23_method();
} else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) {