mirror of https://github.com/nodejs/node.git
https: fix renegotation attack protection
Listen for the 'clientError' event that is emitted when a renegotation attack is detected and close the connection. Fixes test/pummel/test-https-ci-reneg-attack.jspull/24504/head
Ben Noordhuis
parent
7394e89ff6
commit
0ad005852c
|
|
@ -127,10 +127,13 @@ sent to the server on that socket.
|
|||
|
||||
### Event: 'clientError'
|
||||
|
||||
`function (exception) { }`
|
||||
`function (exception, socket) { }`
|
||||
|
||||
If a client connection emits an 'error' event - it will forwarded here.
|
||||
|
||||
`socket` is the `net.Socket` object that the error originated from.
|
||||
|
||||
|
||||
### server.listen(port, [hostname], [backlog], [callback])
|
||||
|
||||
Begin accepting connections on the specified port and hostname. If the
|
||||
|
|
|
|||
|
|
@ -367,11 +367,13 @@ SNI.
|
|||
|
||||
### Event: 'clientError'
|
||||
|
||||
`function (exception) { }`
|
||||
`function (exception, securePair) { }`
|
||||
|
||||
When a client connection emits an 'error' event before secure connection is
|
||||
established - it will be forwarded here.
|
||||
|
||||
`securePair` is the `tls.SecurePair` that the error originated from.
|
||||
|
||||
|
||||
### Event: 'newSession'
|
||||
|
||||
|
|
|
|||
|
|
@ -1647,6 +1647,10 @@ function Server(requestListener) {
|
|||
this.httpAllowHalfOpen = false;
|
||||
|
||||
this.addListener('connection', connectionListener);
|
||||
|
||||
this.addListener('clientError', function(err, conn) {
|
||||
conn.destroy(err);
|
||||
});
|
||||
}
|
||||
util.inherits(Server, net.Server);
|
||||
|
||||
|
|
@ -1705,7 +1709,7 @@ function connectionListener(socket) {
|
|||
}
|
||||
|
||||
socket.addListener('error', function(e) {
|
||||
self.emit('clientError', e);
|
||||
self.emit('clientError', e, this);
|
||||
});
|
||||
|
||||
socket.ondata = function(d, start, end) {
|
||||
|
|
|
|||
|
|
@ -39,6 +39,10 @@ function Server(opts, requestListener) {
|
|||
if (requestListener) {
|
||||
this.addListener('request', requestListener);
|
||||
}
|
||||
|
||||
this.addListener('clientError', function(err, conn) {
|
||||
conn.destroy(err);
|
||||
});
|
||||
}
|
||||
inherits(Server, tls.Server);
|
||||
|
||||
|
|
|
|||
|
|
@ -1155,7 +1155,7 @@ function Server(/* [options], listener */) {
|
|||
}
|
||||
});
|
||||
pair.on('error', function(err) {
|
||||
self.emit('clientError', err);
|
||||
self.emit('clientError', err, this);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue