mirror of https://github.com/nodejs/node.git
tls: provide default cipher list from command line
Avoid storing data that depends on command line options on internal bindings. This is generally a cleaner way of accessing CLI options. PR-URL: https://github.com/nodejs/node/pull/32760 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com>pull/32744/merge
parent
bb5e7097e8
commit
1f9761f4cc
|
@ -25,6 +25,7 @@
|
|||
'use strict';
|
||||
|
||||
const {
|
||||
ObjectDefineProperty,
|
||||
ObjectDefineProperties,
|
||||
} = primordials;
|
||||
|
||||
|
@ -224,6 +225,10 @@ function getFipsForced() {
|
|||
return 1;
|
||||
}
|
||||
|
||||
ObjectDefineProperty(constants, 'defaultCipherList', {
|
||||
value: getOptionValue('--tls-cipher-list')
|
||||
});
|
||||
|
||||
ObjectDefineProperties(module.exports, {
|
||||
createCipher: {
|
||||
enumerable: false,
|
||||
|
|
|
@ -56,8 +56,7 @@ const _tls_wrap = require('_tls_wrap');
|
|||
exports.CLIENT_RENEG_LIMIT = 3;
|
||||
exports.CLIENT_RENEG_WINDOW = 600;
|
||||
|
||||
exports.DEFAULT_CIPHERS =
|
||||
internalBinding('constants').crypto.defaultCipherList;
|
||||
exports.DEFAULT_CIPHERS = getOptionValue('--tls-cipher-list');
|
||||
|
||||
exports.DEFAULT_ECDH_CURVE = 'auto';
|
||||
|
||||
|
|
|
@ -1072,12 +1072,6 @@ void DefineCryptoConstants(Local<Object> target) {
|
|||
NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_UNCOMPRESSED);
|
||||
|
||||
NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_HYBRID);
|
||||
|
||||
NODE_DEFINE_STRING_CONSTANT(
|
||||
target,
|
||||
"defaultCipherList",
|
||||
per_process::cli_options->tls_cipher_list.c_str());
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -8,11 +8,11 @@ const assert = require('assert');
|
|||
const spawn = require('child_process').spawn;
|
||||
const defaultCoreList = require('crypto').constants.defaultCoreCipherList;
|
||||
|
||||
function doCheck(arg, check) {
|
||||
function doCheck(arg, expression, check) {
|
||||
let out = '';
|
||||
arg = arg.concat([
|
||||
'-pe',
|
||||
'require("crypto").constants.defaultCipherList'
|
||||
expression
|
||||
]);
|
||||
spawn(process.execPath, arg, {})
|
||||
.on('error', common.mustNotCall())
|
||||
|
@ -24,7 +24,9 @@ function doCheck(arg, check) {
|
|||
}
|
||||
|
||||
// Test the default unmodified version
|
||||
doCheck([], defaultCoreList);
|
||||
doCheck([], 'crypto.constants.defaultCipherList', defaultCoreList);
|
||||
doCheck([], 'tls.DEFAULT_CIPHERS', defaultCoreList);
|
||||
|
||||
// Test the command line switch by itself
|
||||
doCheck(['--tls-cipher-list=ABC'], 'ABC');
|
||||
doCheck(['--tls-cipher-list=ABC'], 'crypto.constants.defaultCipherList', 'ABC');
|
||||
doCheck(['--tls-cipher-list=ABC'], 'tls.DEFAULT_CIPHERS', 'ABC');
|
||||
|
|
Loading…
Reference in New Issue