node/tls at dc609f5a81044a37cbcaff92c7fc05fcef58c52a - node

mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00

History

Tobias Nießen 559212e64c tls: fix negative sessionTimeout handling For historical reasons, the second argument of SSL_CTX_set_timeout is a signed integer, and Node.js has so far passed arbitrary (signed) int32_t values. However, new versions of OpenSSL have changed the handling of negative values inside SSL_CTX_set_timeout, and we should shield users of Node.js from both the old and the new behavior. Hence, reject any negative values by throwing an error from within createSecureContext. Refs: https://github.com/openssl/openssl/pull/19082 PR-URL: https://github.com/nodejs/node/pull/53002 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tim Perry <pimterry@gmail.com>	2024-05-18 00:26:11 +00:00
..
secure-context.js	tls: fix negative sessionTimeout handling	2024-05-18 00:26:11 +00:00
secure-pair.js	tools: add lint rule to keep primordials in ASCII order	2024-04-21 16:53:08 +00:00

tls: fix negative sessionTimeout handling

For historical reasons, the second argument of SSL_CTX_set_timeout is a
signed integer, and Node.js has so far passed arbitrary (signed) int32_t
values. However, new versions of OpenSSL have changed the handling of
negative values inside SSL_CTX_set_timeout, and we should shield users
of Node.js from both the old and the new behavior. Hence, reject any
negative values by throwing an error from within createSecureContext.

Refs: https://github.com/openssl/openssl/pull/19082
PR-URL: https://github.com/nodejs/node/pull/53002
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>

2024-05-18 00:26:11 +00:00

secure-context.js

tls: fix negative sessionTimeout handling

2024-05-18 00:26:11 +00:00

secure-pair.js

tools: add lint rule to keep primordials in ASCII order

2024-04-21 16:53:08 +00:00