Skip to content

Commit

Permalink
tls: output warning of setDHParam to console.trace
Browse files Browse the repository at this point in the history
To make it easy to figure out where the warning comes from.
Also fix style and variable name that was made in nodejs#1739.
  • Loading branch information
Shigeki Ohtsu committed May 29, 2015
1 parent ffdd508 commit dd8a2a2
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
6 changes: 5 additions & 1 deletion lib/_tls_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,11 @@ exports.createSecureContext = function createSecureContext(options, context) {
else if (options.ecdhCurve)
c.context.setECDHCurve(options.ecdhCurve);

if (options.dhparam) c.context.setDHParam(options.dhparam);
if (options.dhparam) {
var warning = c.context.setDHParam(options.dhparam);
if (warning)
console.trace(warning);
}

if (options.crl) {
if (Array.isArray(options.crl)) {
Expand Down
10 changes: 6 additions & 4 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -757,11 +757,13 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
if (dh == nullptr)
return;

const int keylen = BN_num_bits(dh->p);
if (keylen < 1024)
const int size = BN_num_bits(dh->p);
if (size < 1024) {
return env->ThrowError("DH parameter is less than 1024 bits");
else if (keylen < 2048)
fprintf(stderr, "WARNING: DH parameter is less than 2048 bits\n");
} else if (size < 2048) {
args.GetReturnValue().Set(FIXED_ONE_BYTE_STRING(
env->isolate(), "WARNING: DH parameter is less than 2048 bits"));
}

SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE);
int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh);
Expand Down

0 comments on commit dd8a2a2

Please sign in to comment.