fix: enable TLS renegotiation in node (#25022)
This commit is contained in:
parent
3313e00578
commit
9021843850
2 changed files with 28 additions and 0 deletions
|
@ -42,3 +42,4 @@ fix_do_not_register_the_esm_loader_in_renderer_processes.patch
|
|||
fix_allow_preventing_setpromiserejectcallback.patch
|
||||
lib_use_non-symbols_in_isurlinstance_check.patch
|
||||
feat_add_implementation_of_v8_platform_postjob.patch
|
||||
fix_enable_tls_renegotiation.patch
|
||||
|
|
27
patches/node/fix_enable_tls_renegotiation.patch
Normal file
27
patches/node/fix_enable_tls_renegotiation.patch
Normal file
|
@ -0,0 +1,27 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Rose <nornagon@nornagon.net>
|
||||
Date: Tue, 18 Aug 2020 09:51:46 -0700
|
||||
Subject: fix: enable TLS renegotiation
|
||||
|
||||
This configures BoringSSL to behave more similarly to OpenSSL.
|
||||
See https://github.com/electron/electron/issues/18380.
|
||||
|
||||
This should be upstreamed.
|
||||
|
||||
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
|
||||
index bb09ee99e070172a3764119cf85f3eef4d79df87..95bbc4c6a62ccf19a9d94a6afa4f2ce277c9bd4c 100644
|
||||
--- a/src/tls_wrap.cc
|
||||
+++ b/src/tls_wrap.cc
|
||||
@@ -128,6 +128,12 @@ void TLSWrap::InitSSL() {
|
||||
// - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records
|
||||
SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY);
|
||||
|
||||
+#ifdef OPENSSL_IS_BORINGSSL
|
||||
+ // OpenSSL allows renegotiation by default, but BoringSSL disables it.
|
||||
+ // Configure BoringSSL to match OpenSSL's behavior.
|
||||
+ SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);
|
||||
+#endif
|
||||
+
|
||||
SSL_set_app_data(ssl_.get(), this);
|
||||
// Using InfoCallback isn't how we are supposed to check handshake progress:
|
||||
// https://github.com/openssl/openssl/issues/7199#issuecomment-420915993
|
Loading…
Reference in a new issue