From 5b225cd99a5833781a7a61d68b65e0dcd927c5bb Mon Sep 17 00:00:00 2001 From: Guilherme Souza Date: Tue, 21 Apr 2015 18:24:13 -0300 Subject: [PATCH 1/5] tls_wrap: use localhost if options.host is empty tls.connect(options) with no options.host should accept a certificate with CN: 'localhost'. Fix Error: Hostname/IP doesn't match certificate's altnames: "Host: undefined. is not cert's CN: localhost" 'localhost' is not added directly to defaults because that is not always desired (for example, when using options.socket) See https://github.com/iojs/io.js/issues/1489 --- lib/_tls_wrap.js | 3 ++- test/parallel/test-tls-connect-no-host.js | 31 +++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-connect-no-host.js diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 3e091b0fc1be0d..435f028fd785f9 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -858,7 +858,8 @@ exports.connect = function(/* [port, host], options, cb */) { var hostname = options.servername || options.host || - options.socket && options.socket._host, + options.socket && options.socket._host || + 'localhost', NPN = {}, context = tls.createSecureContext(options); tls.convertNPNProtocols(options.NPNProtocols, NPN); diff --git a/test/parallel/test-tls-connect-no-host.js b/test/parallel/test-tls-connect-no-host.js new file mode 100644 index 00000000000000..de2643e2d9cd87 --- /dev/null +++ b/test/parallel/test-tls-connect-no-host.js @@ -0,0 +1,31 @@ +var common = require('../common'); + +if (!common.hasCrypto) { + console.log('1..0 # Skipped: missing crypto'); + process.exit(); +} +var tls = require('tls'); + +var fs = require('fs'); +var path = require('path'); + +var cert = fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem')); +var key = fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')); + +// https://github.com/iojs/io.js/issues/1489 +// tls.connect(options) with no options.host should accept a cert with CN:'localhost' +tls.createServer({ + key: key, + cert: cert +}).listen(common.PORT); + +tls.connect({ + port: common.PORT, + ca: cert, + // No host set here. 'localhost' is the default, + // but tls.checkServerIdentity() breaks before the fix with: + // Error: Hostname/IP doesn't match certificate's altnames: "Host: undefined. is not cert's CN: localhost" +}, function () { + console.log('OK'); + process.exit(); +}); \ No newline at end of file From 51f90e82eec0a107490c0ad64be44ebd77be8c3b Mon Sep 17 00:00:00 2001 From: Guilherme Souza Date: Tue, 21 Apr 2015 18:41:58 -0300 Subject: [PATCH 2/5] Silly fix for PR1493 --- lib/_tls_wrap.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 435f028fd785f9..c1037a7096a755 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -858,7 +858,7 @@ exports.connect = function(/* [port, host], options, cb */) { var hostname = options.servername || options.host || - options.socket && options.socket._host || + (options.socket && options.socket._host) || 'localhost', NPN = {}, context = tls.createSecureContext(options); From c3c8d6ea4eed07f9d553b101bcc065cff16f0da6 Mon Sep 17 00:00:00 2001 From: Guilherme Souza Date: Tue, 21 Apr 2015 18:46:28 -0300 Subject: [PATCH 3/5] Wrap at 80 columns --- test/parallel/test-tls-connect-no-host.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-tls-connect-no-host.js b/test/parallel/test-tls-connect-no-host.js index de2643e2d9cd87..2e88895d802157 100644 --- a/test/parallel/test-tls-connect-no-host.js +++ b/test/parallel/test-tls-connect-no-host.js @@ -13,7 +13,8 @@ var cert = fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem')); var key = fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')); // https://github.com/iojs/io.js/issues/1489 -// tls.connect(options) with no options.host should accept a cert with CN:'localhost' +// tls.connect(options) with no options.host should accept a cert with +// CN:'localhost' tls.createServer({ key: key, cert: cert @@ -24,7 +25,8 @@ tls.connect({ ca: cert, // No host set here. 'localhost' is the default, // but tls.checkServerIdentity() breaks before the fix with: - // Error: Hostname/IP doesn't match certificate's altnames: "Host: undefined. is not cert's CN: localhost" + // Error: Hostname/IP doesn't match certificate's altnames: + // "Host: undefined. is not cert's CN: localhost" }, function () { console.log('OK'); process.exit(); From e5c93eba61a0e9ff943b43ca85b1318d30d2703a Mon Sep 17 00:00:00 2001 From: Guilherme Souza Date: Tue, 21 Apr 2015 23:37:54 -0300 Subject: [PATCH 4/5] Style fix --- test/parallel/test-tls-connect-no-host.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-tls-connect-no-host.js b/test/parallel/test-tls-connect-no-host.js index 2e88895d802157..1740b24b04006d 100644 --- a/test/parallel/test-tls-connect-no-host.js +++ b/test/parallel/test-tls-connect-no-host.js @@ -27,7 +27,7 @@ tls.connect({ // but tls.checkServerIdentity() breaks before the fix with: // Error: Hostname/IP doesn't match certificate's altnames: // "Host: undefined. is not cert's CN: localhost" -}, function () { +}, function() { console.log('OK'); process.exit(); -}); \ No newline at end of file +}); From 2d7f52ce4c5d9988b9702018851bc24f8dc844e0 Mon Sep 17 00:00:00 2001 From: Guilherme Souza Date: Wed, 22 Apr 2015 20:10:52 -0300 Subject: [PATCH 5/5] Make test quiet --- test/parallel/test-tls-connect-no-host.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-tls-connect-no-host.js b/test/parallel/test-tls-connect-no-host.js index 1740b24b04006d..41aac1acabd781 100644 --- a/test/parallel/test-tls-connect-no-host.js +++ b/test/parallel/test-tls-connect-no-host.js @@ -6,6 +6,7 @@ if (!common.hasCrypto) { } var tls = require('tls'); +var assert = require('assert'); var fs = require('fs'); var path = require('path'); @@ -20,7 +21,7 @@ tls.createServer({ cert: cert }).listen(common.PORT); -tls.connect({ +var socket = tls.connect({ port: common.PORT, ca: cert, // No host set here. 'localhost' is the default, @@ -28,6 +29,6 @@ tls.connect({ // Error: Hostname/IP doesn't match certificate's altnames: // "Host: undefined. is not cert's CN: localhost" }, function() { - console.log('OK'); + assert(socket.authorized); process.exit(); });