-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.3.1 introduced an assertion exception #2061
Comments
brendanashworth
added
tls
Issues and PRs related to the tls subsystem.
crypto
Issues and PRs related to the crypto subsystem.
labels
Jun 25, 2015
cc @shigeki |
@neroux Thanks for reporting. |
shigeki
pushed a commit
to shigeki/node
that referenced
this issue
Jun 26, 2015
3beb880 has a bug in VerifyCallback when preverify is 1 and the cert chain has an verify error. If the error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion error in finding rootCA. The whitelist check should be made only when the cert chain has no verify error with X509_V_OK. Fixes: nodejs#2061
shigeki
pushed a commit
that referenced
this issue
Jun 27, 2015
3beb880 has a bug in VerifyCallback when preverify is 1 and the cert chain has an verify error. If the error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion error in finding rootCA. The whitelist check should be made only when the cert chain has no verify error with X509_V_OK. Fixes: #2061 PR-URL: #2064 Reviewed-By: Ben Noordhuis <[email protected]>
This was fixed in #2064. |
mscdex
pushed a commit
to mscdex/io.js
that referenced
this issue
Jul 9, 2015
3beb880 has a bug in VerifyCallback when preverify is 1 and the cert chain has an verify error. If the error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion error in finding rootCA. The whitelist check should be made only when the cert chain has no verify error with X509_V_OK. Fixes: nodejs#2061 PR-URL: nodejs#2064 Reviewed-By: Ben Noordhuis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It appears 3beb880 introduced an assertion exception for certain certificates.
Running
iojs -e "require('tls').connect(443, '143.116.116.84');"
on 2.3.1 results inWith 2.3.0 and earlier it executed just fine (ignoring that the certificate expired)
The text was updated successfully, but these errors were encountered: