From 3a6392b2836cdcce519213660adc8b97ec59e359 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Mon, 24 Jul 2017 14:36:36 +0200 Subject: [PATCH] tls: fix empty issuer/subject/infoAccess parsing Also issuerCertificate but that did not fit on the status line. Fixes: https://github.com/nodejs/node/issues/11771 PR-URL: https://github.com/nodejs/node/pull/14473 Reviewed-By: Colin Ihrig Reviewed-By: James M Snell Reviewed-By: Matteo Collina Reviewed-By: Refael Ackermann --- lib/_tls_common.js | 8 +-- .../test-tls-translate-peer-certificate.js | 55 +++++++++++++++++++ 2 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 test/parallel/test-tls-translate-peer-certificate.js diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 669110d826f7bd..5b37c119718c24 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -149,12 +149,12 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) { if (!c) return null; - if (c.issuer) c.issuer = tls.parseCertString(c.issuer); - if (c.issuerCertificate && c.issuerCertificate !== c) { + if (c.issuer != null) c.issuer = tls.parseCertString(c.issuer); + if (c.issuerCertificate != null && c.issuerCertificate !== c) { c.issuerCertificate = translatePeerCertificate(c.issuerCertificate); } - if (c.subject) c.subject = tls.parseCertString(c.subject); - if (c.infoAccess) { + if (c.subject != null) c.subject = tls.parseCertString(c.subject); + if (c.infoAccess != null) { var info = c.infoAccess; c.infoAccess = {}; diff --git a/test/parallel/test-tls-translate-peer-certificate.js b/test/parallel/test-tls-translate-peer-certificate.js new file mode 100644 index 00000000000000..537c00a009697a --- /dev/null +++ b/test/parallel/test-tls-translate-peer-certificate.js @@ -0,0 +1,55 @@ +'use strict'; +const common = require('../common'); + +if (!common.hasCrypto) + common.skip('missing crypto'); + +const { strictEqual, deepStrictEqual } = require('assert'); +const { translatePeerCertificate } = require('_tls_common'); + +const certString = 'A=1\nB=2\nC=3'; +const certObject = { A: '1', B: '2', C: '3' }; + +strictEqual(translatePeerCertificate(null), null); +strictEqual(translatePeerCertificate(undefined), null); + +strictEqual(translatePeerCertificate(0), null); +strictEqual(translatePeerCertificate(1), 1); + +deepStrictEqual(translatePeerCertificate({}), {}); + +deepStrictEqual(translatePeerCertificate({ issuer: '' }), + { issuer: {} }); +deepStrictEqual(translatePeerCertificate({ issuer: null }), + { issuer: null }); +deepStrictEqual(translatePeerCertificate({ issuer: certString }), + { issuer: certObject }); + +deepStrictEqual(translatePeerCertificate({ subject: '' }), + { subject: {} }); +deepStrictEqual(translatePeerCertificate({ subject: null }), + { subject: null }); +deepStrictEqual(translatePeerCertificate({ subject: certString }), + { subject: certObject }); + +deepStrictEqual(translatePeerCertificate({ issuerCertificate: '' }), + { issuerCertificate: null }); +deepStrictEqual(translatePeerCertificate({ issuerCertificate: null }), + { issuerCertificate: null }); +deepStrictEqual( + translatePeerCertificate({ issuerCertificate: { subject: certString } }), + { issuerCertificate: { subject: certObject } }); + +{ + const cert = {}; + cert.issuerCertificate = cert; + deepStrictEqual(translatePeerCertificate(cert), { issuerCertificate: cert }); +} + +deepStrictEqual(translatePeerCertificate({ infoAccess: '' }), + { infoAccess: {} }); +deepStrictEqual(translatePeerCertificate({ infoAccess: null }), + { infoAccess: null }); +deepStrictEqual( + translatePeerCertificate({ infoAccess: 'OCSP - URI:file:///etc/passwd' }), + { infoAccess: { 'OCSP - URI': ['file:///etc/passwd'] } });