Skip to content

Commit

Permalink
src: turn SSL_CTX_new CHECK/segfault into JS exception
Browse files Browse the repository at this point in the history
These operations do not usually fail, but can do so when OpenSSL
is not configured properly (I ran into this while dynamically linking
against OpenSSL with FIPS). JS exceptions are way more useful
than CHECK failures or plain segfaults.

PR-URL: #42799
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
addaleax authored Apr 28, 2022
1 parent b7cd49f commit d4699c7
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/crypto/crypto_cipher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -197,10 +197,14 @@ void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

SSLCtxPointer ctx(SSL_CTX_new(TLS_method()));
CHECK(ctx);
if (!ctx) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
}

SSLPointer ssl(SSL_new(ctx.get()));
CHECK(ssl);
if (!ssl) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_new");
}

STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl.get());

Expand Down
3 changes: 3 additions & 0 deletions src/crypto/crypto_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,9 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
}

sc->ctx_.reset(SSL_CTX_new(method));
if (!sc->ctx_) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
}
SSL_CTX_set_app_data(sc->ctx_.get(), sc);

// Disable SSLv2 in the case when method == TLS_method() and the
Expand Down

0 comments on commit d4699c7

Please sign in to comment.