Commits on Mar 13, 2013

1. crypto: check key type in GetPeerCertificate() …

   Works around the following exception:
   
     Error: 140463203215168:error:0607907F:digital envelope
     routines:EVP_PKEY_get1_RSA:expecting an rsa key:
     ../deps/openssl/openssl/crypto/evp/p_lib.c:288:
       at CleartextStream._pusher (tls.js:656:24)
       at SlabBuffer.use (tls.js:199:18)
       at CleartextStream.CryptoStream._push (tls.js:483:33)
       at SecurePair.cycle (tls.js:880:20)
       <snip>
   
   The issue has been solved properly in v0.10 and the master branch as of
   commit c6e2db2 ("crypto: clear error stack"). This is the "back-port"
   to v0.8.
   
   For some (rather unquantifiable) reason the original fix only works for
   the tls module in v0.8 but not the https module unless OpenSSL is
   downgraded to 0.9.8. Upgrading OpenSSL does *not* fix it, however.
   
   The https module doesn't appear to be at fault; upgrading it to v0.10
   doesn't fix the issue. That leaves either the tls or the http module
   (that https derives from) but the changes to those modules are too
   massive to back-port as-is.
   
   `git bisect` over the v0.8 -> v0.10 commits didn't show up anything
   useful, it pinpoints c6e2db2 as the commit that fixes things.
   
   I've spent several hours on this now and seeing that v0.8 is in
   maintenance mode, this cheap hack will have to do.
   
   Fixes #4771.

   

   bnoordhuis committed Mar 13, 2013
   Copy the full SHA

   2c41a80 View commit details

   Browse the repository at this point in the history