This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tls: fix segfault in pummel/test-tls-ci-reneg-attack
Commit 4e5fe2d changed the way how process.nextTick() works: process.nextTick(function foo() { process.nextTick(function bar() { // ... }); }); Before said commit, foo() and bar() used to run on separate event loop ticks but that is no longer the case. However, that's exactly the behavior that the TLS renegotiation attack guard relies on. It gets called by OpenSSL and needs to defer the 'error' event to a later tick because the default action is to destroy the TLS context - the same context that OpenSSL currently operates on. When things change underneath your feet, bad things happen and OpenSSL is no exception. Ergo, use setImmediate() instead of process.nextTick() to ensure that the 'error' event is actually emitted at a later tick. Fixes #3840.
- Loading branch information