crypto: return a clearer error when loading an unsupported pkcs12

PR-URL: https://github.com/nodejs/node/pull/54485
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This commit is contained in:
Tim Perry 2024-09-05 16:15:01 +02:00 committed by GitHub
parent a48852be17
commit 65b4fb840e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 37 additions and 0 deletions

View File

@ -1148,6 +1148,16 @@ done:
if (!ret) { if (!ret) {
// TODO(@jasnell): Should this use ThrowCryptoError? // TODO(@jasnell): Should this use ThrowCryptoError?
unsigned long err = ERR_get_error(); // NOLINT(runtime/int) unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
#if OPENSSL_VERSION_MAJOR >= 3
if (ERR_GET_REASON(err) == ERR_R_UNSUPPORTED) {
// OpenSSL's "unsupported" error without any context is very
// common and not very helpful, so we override it:
return THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(
env, "Unsupported PKCS12 PFX data");
}
#endif
const char* str = ERR_reason_error_string(err); const char* str = ERR_reason_error_string(err);
str = str != nullptr ? str : "Unknown error"; str = str != nullptr ? str : "Unknown error";

BIN
test/fixtures/keys/legacy.pfx vendored Normal file

Binary file not shown.

View File

@ -0,0 +1,27 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.hasOpenSSL3)
common.skip('OpenSSL legacy failures are only testable with OpenSSL 3+');
const fixtures = require('../common/fixtures');
const {
assert, connect, keys
} = require(fixtures.path('tls-connect'));
const legacyPfx = fixtures.readKey('legacy.pfx');
connect({
client: {
pfx: legacyPfx,
passphrase: 'legacy',
rejectUnauthorized: false
},
server: keys.agent1
}, common.mustCall((e, pair, cleanup) => {
assert.strictEqual(e.code, 'ERR_CRYPTO_UNSUPPORTED_OPERATION');
assert.strictEqual(e.message, 'Unsupported PKCS12 PFX data');
cleanup();
}));