Showing with 76 additions and 3 deletions.

+2 −2 lib/tls.js

+3 −1 src/node_crypto.cc

+71 −0 test/simple/test-tls-zero-clear-in.js
diff --git a/lib/tls.js b/lib/tls.js
@@ -140,7 +140,6 @@ function checkServerIdentity(host, cert) {
   //
   // Walk through altnames and generate lists of those names
   if (cert.subjectaltname) {
-    matchCN = false;
     cert.subjectaltname.split(/, /g).forEach(function(altname) {
       if (/^DNS:/.test(altname)) {
         dnsNames.push(altname.slice(4));
@@ -178,7 +177,8 @@ function checkServerIdentity(host, cert) {
 
     if (dnsNames.length > 0) matchCN = false;
 
-    // Match against Common Name (CN) only if altnames are not present.
+    // Match against Common Name (CN) only if no supported identifiers are
+    // present.
     //
     // "As noted, a client MUST NOT seek a match for a reference identifier
     //  of CN-ID if the presented identifiers include a DNS-ID, SRV-ID,

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -1476,7 +1476,9 @@ Handle<Value> Connection::ClearIn(const Arguments& args) {
 
   int bytes_written = SSL_write(ss->ssl_, buffer_data + off, len);
 
-  ss->HandleSSLError("SSL_write:ClearIn", bytes_written, kZeroIsAnError);
+  ss->HandleSSLError("SSL_write:ClearIn",
+                     bytes_written,
+                     len == 0 ? kZeroIsNotAnError : kZeroIsAnError);
   ss->SetShutdownFlags();
 
   return scope.Close(Integer::New(bytes_written));

diff --git a/test/simple/test-tls-zero-clear-in.js b/test/simple/test-tls-zero-clear-in.js
@@ -0,0 +1,71 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if (!process.versions.openssl) {
+  console.error('Skipping because node compiled without OpenSSL.');
+  process.exit(0);
+}
+
+var common = require('../common');
+var assert = require('assert');
+var fs = require('fs');
+var tls = require('tls');
+var path = require('path');
+
+var cert = fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'));
+var key = fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem'));
+
+var errorEmitted = false;
+
+var server = tls.createServer({
+  cert: cert,
+  key: key
+}, function(c) {
+  // Nop
+  setTimeout(function() {
+    c.destroy();
+    server.close();
+  }, 20);
+}).listen(common.PORT, function() {
+  var conn = tls.connect({
+    cert: cert,
+    key: key,
+    rejectUnauthorized: false,
+    port: common.PORT
+  }, function() {
+    setTimeout(function() {
+      conn.destroy();
+    }, 20);
+  });
+
+  // SSL_write() call's return value, when called 0 bytes, should not be
+  // treated as error.
+  conn.end('');
+
+  conn.on('error', function(err) {
+    console.log(err);
+    errorEmitted = true;
+  });
+});
+
+process.on('exit', function() {
+  assert.ok(!errorEmitted);
+});