mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-18 06:41:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

checkpoint

Browse Source
This commit is contained in:
Alistair Smith
2025-05-14 17:11:43 -07:00
parent 18e34437d2
commit 99a76fb896
2 changed files with 31 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
packages/bun-usockets/src/crypto/openssl.c
View File

@@ -366,11 +366,18 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
verify_error.error = -1;
if (SSL_is_server(s->ssl)) {
verify_error.reason = "Wrong version number on server";
verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
} else {
verify_error.reason = unsupported_proto_reason_client;
verify_error.code = unsupported_proto_client;
SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
int min = SSL_CTX_get_min_proto_version(ctx);
int max = SSL_CTX_get_max_proto_version(ctx);
int is_legacy = (min == max) && (min == TLS1_1_VERSION || min == TLS1_VERSION);
printf("[usockets] SERVER handshake debug: min=%d, max=%d, is_legacy=%d\n", min, max, is_legacy);
if (is_legacy) {
verify_error.reason = "Wrong version number on server";
verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
} else {
verify_error.reason = "Unsupported protocol on server";
verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
}
}
} else if (
verify_error.code && (
@@ -378,9 +385,19 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
strcmp(verify_error.code, "UNSUPPORTED_PROTOCOL") == 0
)
) {
SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
int min = SSL_CTX_get_min_proto_version(ctx);
int max = SSL_CTX_get_max_proto_version(ctx);
int is_tlsv1_1_method = (min == TLS1_1_VERSION && max == TLS1_1_VERSION);
int is_tlsv1_method = (min == TLS1_VERSION && max == TLS1_VERSION);
if (is_tlsv1_1_method || is_tlsv1_method) {
verify_error.reason = "TLSv1 alert protocol version";
verify_error.code = "ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION";
} else {
verify_error.reason = unsupported_proto_reason_client;
verify_error.code = unsupported_proto_client;
}
verify_error.error = -1;
verify_error.reason = unsupported_proto_reason_client;
verify_error.code = unsupported_proto_client;
}
}
context->on_handshake(s, success, verify_error, context->handshake_data);

14
test/js/node/test/parallel/test-tls-min-max-version.js
View File

@@ -164,13 +164,13 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
// test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
// U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
// 'ERR_SSL_UNSUPPORTED_PROTOCOL');
// test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
// U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
// 'ERR_SSL_UNSUPPORTED_PROTOCOL');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
'ERR_SSL_UNSUPPORTED_PROTOCOL');
// test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
// U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
// test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
// U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
}
// if (DEFAULT_MIN_VERSION === 'TLSv1.1') {