fix: enable TLS renegotiation in node (#25022)
This commit is contained in:
parent
3313e00578
commit
9021843850
2 changed files with 28 additions and 0 deletions
|
@ -42,3 +42,4 @@ fix_do_not_register_the_esm_loader_in_renderer_processes.patch
|
||||||
fix_allow_preventing_setpromiserejectcallback.patch
|
fix_allow_preventing_setpromiserejectcallback.patch
|
||||||
lib_use_non-symbols_in_isurlinstance_check.patch
|
lib_use_non-symbols_in_isurlinstance_check.patch
|
||||||
feat_add_implementation_of_v8_platform_postjob.patch
|
feat_add_implementation_of_v8_platform_postjob.patch
|
||||||
|
fix_enable_tls_renegotiation.patch
|
||||||
|
|
27
patches/node/fix_enable_tls_renegotiation.patch
Normal file
27
patches/node/fix_enable_tls_renegotiation.patch
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Rose <nornagon@nornagon.net>
|
||||||
|
Date: Tue, 18 Aug 2020 09:51:46 -0700
|
||||||
|
Subject: fix: enable TLS renegotiation
|
||||||
|
|
||||||
|
This configures BoringSSL to behave more similarly to OpenSSL.
|
||||||
|
See https://github.com/electron/electron/issues/18380.
|
||||||
|
|
||||||
|
This should be upstreamed.
|
||||||
|
|
||||||
|
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
|
||||||
|
index bb09ee99e070172a3764119cf85f3eef4d79df87..95bbc4c6a62ccf19a9d94a6afa4f2ce277c9bd4c 100644
|
||||||
|
--- a/src/tls_wrap.cc
|
||||||
|
+++ b/src/tls_wrap.cc
|
||||||
|
@@ -128,6 +128,12 @@ void TLSWrap::InitSSL() {
|
||||||
|
// - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records
|
||||||
|
SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY);
|
||||||
|
|
||||||
|
+#ifdef OPENSSL_IS_BORINGSSL
|
||||||
|
+ // OpenSSL allows renegotiation by default, but BoringSSL disables it.
|
||||||
|
+ // Configure BoringSSL to match OpenSSL's behavior.
|
||||||
|
+ SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
SSL_set_app_data(ssl_.get(), this);
|
||||||
|
// Using InfoCallback isn't how we are supposed to check handshake progress:
|
||||||
|
// https://github.com/openssl/openssl/issues/7199#issuecomment-420915993
|
Loading…
Reference in a new issue