(context, options = kEmptyObject, name = 'options')
| 127 | } |
| 128 | |
| 129 | function configSecureContext(context, options = kEmptyObject, name = 'options') { |
| 130 | validateObject(options, name); |
| 131 | |
| 132 | const { |
| 133 | allowPartialTrustChain, |
| 134 | ca, |
| 135 | cert, |
| 136 | certificateCompression, |
| 137 | ciphers = getDefaultCiphers(), |
| 138 | clientCertEngine, |
| 139 | crl, |
| 140 | dhparam, |
| 141 | ecdhCurve = getDefaultEcdhCurve(), |
| 142 | key, |
| 143 | passphrase, |
| 144 | pfx, |
| 145 | privateKeyIdentifier, |
| 146 | privateKeyEngine, |
| 147 | sessionIdContext, |
| 148 | sessionTimeout, |
| 149 | sigalgs, |
| 150 | ticketKeys, |
| 151 | } = options; |
| 152 | |
| 153 | // Set the cipher list and cipher suite before anything else because |
| 154 | // @SECLEVEL=<n> changes the security level and that affects subsequent |
| 155 | // operations. |
| 156 | if (ciphers !== undefined && ciphers !== null) |
| 157 | validateString(ciphers, `${name}.ciphers`); |
| 158 | |
| 159 | // Work around an OpenSSL API quirk. cipherList is for TLSv1.2 and below, |
| 160 | // cipherSuites is for TLSv1.3 (and presumably any later versions). TLSv1.3 |
| 161 | // cipher suites all have a standard name format beginning with TLS_, so split |
| 162 | // the ciphers and pass them to the appropriate API. |
| 163 | const { |
| 164 | cipherList, |
| 165 | cipherSuites, |
| 166 | } = processCiphers(ciphers, `${name}.ciphers`); |
| 167 | |
| 168 | if (cipherSuites !== '') |
| 169 | context.setCipherSuites(cipherSuites); |
| 170 | context.setCiphers(cipherList); |
| 171 | |
| 172 | if (cipherList === '' && |
| 173 | context.getMinProto() < TLS1_3_VERSION && |
| 174 | context.getMaxProto() > TLS1_2_VERSION) { |
| 175 | context.setMinProto(TLS1_3_VERSION); |
| 176 | } |
| 177 | |
| 178 | // Add CA before the cert to be able to load cert's issuer in C++ code. |
| 179 | // NOTE(@jasnell): ca, cert, and key are permitted to be falsy, so do not |
| 180 | // change the checks to !== undefined checks. |
| 181 | if (ca) { |
| 182 | addCACerts(context, ArrayIsArray(ca) ? ca : [ca], `${name}.ca`); |
| 183 | } else { |
| 184 | context.addRootCerts(); |
| 185 | } |
| 186 |
no test coverage detected
searching dependent graphs…