tls: provide default cipher list from command line

Avoid storing data that depends on command line options on internal
bindings. This is generally a cleaner way of accessing CLI options.

PR-URL: https://github.com/nodejs/node/pull/32760
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
pull/32744/merge
Anna Henningsen 2020-04-10 13:04:10 +02:00
parent bb5e7097e8
commit 1f9761f4cc
No known key found for this signature in database
GPG Key ID: A94130F0BFC8EBE9
4 changed files with 12 additions and 12 deletions

View File

@ -25,6 +25,7 @@
'use strict';
const {
ObjectDefineProperty,
ObjectDefineProperties,
} = primordials;
@ -224,6 +225,10 @@ function getFipsForced() {
return 1;
}
ObjectDefineProperty(constants, 'defaultCipherList', {
value: getOptionValue('--tls-cipher-list')
});
ObjectDefineProperties(module.exports, {
createCipher: {
enumerable: false,

View File

@ -56,8 +56,7 @@ const _tls_wrap = require('_tls_wrap');
exports.CLIENT_RENEG_LIMIT = 3;
exports.CLIENT_RENEG_WINDOW = 600;
exports.DEFAULT_CIPHERS =
internalBinding('constants').crypto.defaultCipherList;
exports.DEFAULT_CIPHERS = getOptionValue('--tls-cipher-list');
exports.DEFAULT_ECDH_CURVE = 'auto';

View File

@ -1072,12 +1072,6 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_UNCOMPRESSED);
NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_HYBRID);
NODE_DEFINE_STRING_CONSTANT(
target,
"defaultCipherList",
per_process::cli_options->tls_cipher_list.c_str());
#endif
}

View File

@ -8,11 +8,11 @@ const assert = require('assert');
const spawn = require('child_process').spawn;
const defaultCoreList = require('crypto').constants.defaultCoreCipherList;
function doCheck(arg, check) {
function doCheck(arg, expression, check) {
let out = '';
arg = arg.concat([
'-pe',
'require("crypto").constants.defaultCipherList'
expression
]);
spawn(process.execPath, arg, {})
.on('error', common.mustNotCall())
@ -24,7 +24,9 @@ function doCheck(arg, check) {
}
// Test the default unmodified version
doCheck([], defaultCoreList);
doCheck([], 'crypto.constants.defaultCipherList', defaultCoreList);
doCheck([], 'tls.DEFAULT_CIPHERS', defaultCoreList);
// Test the command line switch by itself
doCheck(['--tls-cipher-list=ABC'], 'ABC');
doCheck(['--tls-cipher-list=ABC'], 'crypto.constants.defaultCipherList', 'ABC');
doCheck(['--tls-cipher-list=ABC'], 'tls.DEFAULT_CIPHERS', 'ABC');