diff options
| author | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-03-13 09:55:29 +0900 |
|---|---|---|
| committer | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-03-13 20:18:54 +0900 |
| commit | d8c4a932c9a50b7c456baabfbba046b9e4f09dd1 (patch) | |
| tree | 770acadcded1ab82d1016544d09f2597d8892b80 | |
| parent | 82f067e60bb3eb87cc1119655ae0a5968e988326 (diff) | |
| download | nodejs-d8c4a932c9a50b7c456baabfbba046b9e4f09dd1.tar.gz nodejs-d8c4a932c9a50b7c456baabfbba046b9e4f09dd1.tar.bz2 nodejs-d8c4a932c9a50b7c456baabfbba046b9e4f09dd1.zip | |
crypto: add deprecated ValiCert CA for cross cert
The host of melissadata.net has a cross root certification between
Starfield Class 2 and ValiCert Class 2. OpenSSL-1.0.1 only looks up
a cert chain to the deprecated ValiCert Class 2 CA and causes
untrusted error. We add it for a short-term remedy and it is to be
removed after upgrading OpenSSSL-1.0.2 and applying private patches
to support alternative cert chains.
See #402 and #589.
Fixes: https://github.com/iojs/io.js/issues/923
PR-URL: https://github.com/iojs/io.js/pull/1135
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
| -rw-r--r-- | src/node_root_certs.h | 19 | ||||
| -rw-r--r-- | test/internet/test-tls-connnect-melissadata.js | 7 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/node_root_certs.h b/src/node_root_certs.h index 6af5e9c97..a75431c9b 100644 --- a/src/node_root_certs.h +++ b/src/node_root_certs.h @@ -3911,3 +3911,22 @@ "ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLB\n" "sX5VYc8T1yaw15zLKYs4SgsOkI26oQ==\n" "-----END CERTIFICATE-----\n", + +/* This root cert is 1024bit RSA to be removed in future. See GH-923. */ +/* ValiCert Class 2 VA */ +"-----BEGIN CERTIFICATE-----\n" +"MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlk\n" +"YXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlD\n" +"ZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\n" +"Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29t\n" +"MB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\n" +"IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsT\n" +"LFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQD\n" +"ExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\n" +"cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2\n" +"VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQ\n" +"b7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QSv4dk+NoS/zcnwbNDu+97bi5p\n" +"9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6\n" +"EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2az\n" +"SiGM5bUMMj4QssxsodyamEwCW/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\n" +"-----END CERTIFICATE-----\n", diff --git a/test/internet/test-tls-connnect-melissadata.js b/test/internet/test-tls-connnect-melissadata.js new file mode 100644 index 000000000..61239c89c --- /dev/null +++ b/test/internet/test-tls-connnect-melissadata.js @@ -0,0 +1,7 @@ +// Test for authorized access to the server which has a cross root +// certification between Starfield Class 2 and ValiCert Class 2 +var tls = require('tls'); +var socket = tls.connect(443, 'address.melissadata.net', function() { + socket.resume(); + socket.destroy(); +}); |