Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.3.1 introduced an assertion exception #2061

Closed
ghost opened this issue Jun 25, 2015 · 3 comments
Closed

2.3.1 introduced an assertion exception #2061

ghost opened this issue Jun 25, 2015 · 3 comments
Labels
crypto Issues and PRs related to the crypto subsystem. tls Issues and PRs related to the tls subsystem.

Comments

@ghost
Copy link

ghost commented Jun 25, 2015

It appears 3beb880 introduced an assertion exception for certain certificates.

Running iojs -e "require('tls').connect(443, '143.116.116.84');" on 2.3.1 results in

iojs: ../src/node_crypto.cc:2283: node::crypto::CheckResult node::crypto::CheckWhitelistedServerCert(X509_STORE_CTX*): Assertion `(root_cert) != (nullptr)' failed.
Aborted

With 2.3.0 and earlier it executed just fine (ignoring that the certificate expired)
@brendanashworth brendanashworth added tls Issues and PRs related to the tls subsystem. crypto Issues and PRs related to the crypto subsystem. labels Jun 25, 2015
@brendanashworth
Copy link
Contributor

cc @shigeki

@shigeki
Copy link
Contributor

shigeki commented Jun 26, 2015

@neroux Thanks for reporting.
The issue was identified. I will fix it soon.

shigeki pushed a commit to shigeki/node that referenced this issue Jun 26, 2015
crypto: fix VerifyCallback in case of verify error
f987fef 
3beb880 has a bug in VerifyCallback
when preverify is 1 and the cert chain has an verify error. If the
error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion
error in finding rootCA.
The whitelist check should be made only when the cert chain has no
verify error with X509_V_OK.

Fixes: nodejs#2061
@shigeki shigeki mentioned this issue Jun 26, 2015
Closed
shigeki pushed a commit that referenced this issue Jun 27, 2015
crypto: fix VerifyCallback in case of verify error
9e890fe 
3beb880 has a bug in VerifyCallback
when preverify is 1 and the cert chain has an verify error. If the
error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion
error in finding rootCA.
The whitelist check should be made only when the cert chain has no
verify error with X509_V_OK.

Fixes: #2061
PR-URL: #2064
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@shigeki
Copy link
Contributor

shigeki commented Jun 27, 2015

This was fixed in #2064.

@shigeki shigeki closed this as completed Jun 27, 2015
mscdex pushed a commit to mscdex/io.js that referenced this issue Jul 9, 2015
@mscdex
crypto: fix VerifyCallback in case of verify error
a892184 
3beb880 has a bug in VerifyCallback
when preverify is 1 and the cert chain has an verify error. If the
error is UNABLE_TO_GET_ISSUER_CERT_LOCALLY, it leads an assertion
error in finding rootCA.
The whitelist check should be made only when the cert chain has no
verify error with X509_V_OK.

Fixes: nodejs#2061
PR-URL: nodejs#2064
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crypto: fix VerifyCallback in case of verify error shigeki/node
2 participants
@shigeki @brendanashworth