Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: add --use-bundled-ca --use-openssl-ca check #12087

Closed
wants to merge 1 commit into from
Closed

src: add --use-bundled-ca --use-openssl-ca check #12087

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions src/node.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3637,6 +3637,8 @@ static void ParseArgs(int* argc,
const char** new_v8_argv = new const char*[nargs];
const char** new_argv = new const char*[nargs];
const char** local_preload_modules = new const char*[nargs];
bool use_bundled_ca = false;
bool use_openssl_ca = false;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using a simple bit field might work also. not critical tho... but if you did...

int use_ca_flag = 0;
// ...
use_ca_flag |= 1;
use_ca_flag |= 2;
//
if (use_ca_flag == 3) {
  // ... error
}

You could get by with only a single variable and a single condition check when reporting the error.

It's extremely minor so feel free to ignore tho.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that, I'll give that a go. Thx

Copy link
Member

@gibfahn gibfahn Mar 30, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jasnell This seems more opaque, would this be enough of a speed increase to warrant the loss of clarity?

cc/ @sam-github from #12087 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I generally find it more readable but that's just me ;-) .. I know there are broadly different opinions about the use of bitfields ;-)


for (unsigned int i = 0; i < nargs; ++i) {
new_exec_argv[i] = nullptr;
Expand Down Expand Up @@ -3751,7 +3753,9 @@ static void ParseArgs(int* argc,
default_cipher_list = arg + 18;
} else if (strncmp(arg, "--use-openssl-ca", 16) == 0) {
ssl_openssl_cert_store = true;
use_openssl_ca = true;
} else if (strncmp(arg, "--use-bundled-ca", 16) == 0) {
use_bundled_ca = true;
ssl_openssl_cert_store = false;
#if NODE_FIPS_MODE
} else if (strcmp(arg, "--enable-fips") == 0) {
Expand Down Expand Up @@ -3786,6 +3790,16 @@ static void ParseArgs(int* argc,
index += args_consumed;
}

#if HAVE_OPENSSL
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we shouldn't just error out immediately if --use-openssl-ca is passed and HAVE_OPENSSL is off.
/cc @nodejs/ctc

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the code already does that, since the option is only recognised and parsed if HAVE_OPENSSL is defined.

if (use_openssl_ca && use_bundled_ca) {
fprintf(stderr,
"%s: either --use-openssl-ca or --use-bundled-ca can be used, "
"not both\n",
argv[0]);
exit(9);
}
#endif

// Copy remaining arguments.
const unsigned int args_left = nargs - index;
memcpy(new_argv + new_argc, argv + index, args_left * sizeof(*argv));
Expand Down
31 changes: 31 additions & 0 deletions test/parallel/test-openssl-ca-options.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
'use strict';
// This test checks the usage of --use-bundled-ca and --use-openssl-ca arguments
// to verify that both are not used at the same time.
const common = require('../common');
if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const assert = require('assert');
const os = require('os');
const childProcess = require('child_process');
const result = childProcess.spawnSync(process.execPath, [
'--use-bundled-ca',
'--use-openssl-ca',
'-p', 'process.version'],
{encoding: 'utf8'});

assert.strictEqual(result.stderr,
process.execPath + ': either --use-openssl-ca or ' +
'--use-bundled-ca can be used, not both' + os.EOL);
assert.strictEqual(result.status, 9);

const useBundledCA = childProcess.spawnSync(process.execPath, [
'--use-bundled-ca',
'-p', 'process.version']);
assert.strictEqual(useBundledCA.status, 0);

const useOpenSSLCA = childProcess.spawnSync(process.execPath, [
'--use-openssl-ca',
'-p', 'process.version']);
assert.strictEqual(useOpenSSLCA.status, 0);