Skip to content

Commit

Permalink
crypto: remove obsolete SSL_OP_* constants
Browse files Browse the repository at this point in the history
None of these constants have any effect in recent OpenSSL versions, not
even in Node.js release lines that still use OpenSSL 1.1.1.

It is likely rare that these options are still used (intentionally), and
removing them is unlikely to break any existing applications. These
constants can only be passed to the secureOptions option of
tls.createSecureContext() and related APIs, and a value of undefined
will be ignored. Similarly, if a bitwise combination of multiple options
is used, undefined constants will not change the behavior because
(a | undefined | b) === (a | b) for (small) integers a and b.

Refs: nodejs#46954
Refs: nodejs#47066
PR-URL: nodejs#47073
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
  • Loading branch information
tniessen authored and pull[bot] committed Nov 24, 2023
1 parent 0771c2a commit 010897c
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 80 deletions.
64 changes: 0 additions & 64 deletions src/node_constants.cc
Original file line number Diff line number Diff line change
Expand Up @@ -844,42 +844,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
#endif

#ifdef SSL_OP_EPHEMERAL_RSA
NODE_DEFINE_CONSTANT(target, SSL_OP_EPHEMERAL_RSA);
#endif

#ifdef SSL_OP_LEGACY_SERVER_CONNECT
NODE_DEFINE_CONSTANT(target, SSL_OP_LEGACY_SERVER_CONNECT);
#endif

#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
#endif

#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_SESS_ID_BUG);
#endif

#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
NODE_DEFINE_CONSTANT(target, SSL_OP_MSIE_SSLV2_RSA_PADDING);
#endif

#ifdef SSL_OP_NETSCAPE_CA_DN_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG);
#endif

#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CHALLENGE_BUG);
#endif

#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
#endif

#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
#endif

#ifdef SSL_OP_NO_COMPRESSION
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION);
#endif
Expand Down Expand Up @@ -928,42 +896,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3);
#endif

#ifdef SSL_OP_PKCS1_CHECK_1
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
#endif

#ifdef SSL_OP_PKCS1_CHECK_2
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
#endif

#ifdef SSL_OP_PRIORITIZE_CHACHA
NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA);
#endif

#ifdef SSL_OP_SINGLE_DH_USE
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
#endif

#ifdef SSL_OP_SINGLE_ECDH_USE
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_ECDH_USE);
#endif

#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
#endif

#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
#endif

#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_BLOCK_PADDING_BUG);
#endif

#ifdef SSL_OP_TLS_D5_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_D5_BUG);
#endif

#ifdef SSL_OP_TLS_ROLLBACK_BUG
NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_ROLLBACK_BUG);
#endif
Expand Down
16 changes: 0 additions & 16 deletions typings/internalBinding/constants.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -197,15 +197,7 @@ declare function InternalBinding(binding: 'constants'): {
SSL_OP_COOKIE_EXCHANGE: 8192;
SSL_OP_CRYPTOPRO_TLSEXT_BUG: 2147483648;
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: 2048;
SSL_OP_EPHEMERAL_RSA: 0;
SSL_OP_LEGACY_SERVER_CONNECT: 4;
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: 0;
SSL_OP_MICROSOFT_SESS_ID_BUG: 0;
SSL_OP_MSIE_SSLV2_RSA_PADDING: 0;
SSL_OP_NETSCAPE_CA_DN_BUG: 0;
SSL_OP_NETSCAPE_CHALLENGE_BUG: 0;
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: 0;
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: 0;
SSL_OP_NO_COMPRESSION: 131072;
SSL_OP_NO_ENCRYPT_THEN_MAC: 524288;
SSL_OP_NO_QUERY_MTU: 4096;
Expand All @@ -218,15 +210,7 @@ declare function InternalBinding(binding: 'constants'): {
SSL_OP_NO_TLSv1_1: 268435456;
SSL_OP_NO_TLSv1_2: 134217728;
SSL_OP_NO_TLSv1_3: 536870912;
SSL_OP_PKCS1_CHECK_1: 0;
SSL_OP_PKCS1_CHECK_2: 0;
SSL_OP_PRIORITIZE_CHACHA: 2097152;
SSL_OP_SINGLE_DH_USE: 0;
SSL_OP_SINGLE_ECDH_USE: 0;
SSL_OP_SSLEAY_080_CLIENT_DH_BUG: 0;
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: 0;
SSL_OP_TLS_BLOCK_PADDING_BUG: 0;
SSL_OP_TLS_D5_BUG: 0;
SSL_OP_TLS_ROLLBACK_BUG: 8388608;
ENGINE_METHOD_RSA: 1;
ENGINE_METHOD_DSA: 2;
Expand Down

0 comments on commit 010897c

Please sign in to comment.