On Thu, Nov 22, 2012 at 9:19 PM, Steve Freegard <s...@fsl.com> wrote: > Ben, > > On Thursday, November 22, 2012 5:13:23 PM UTC, Steve Freegard wrote: > >> Ok - I tried various options OR'd together to no avail, so finally decided >> to hack this in rather than to rebuild Node on this box just to see if it >> cured the problem: >> >> if (!options) options = {}; >> options.secureOptions = 2147483648; >> var sslcontext = crypto.createCredentials(options); >> >> Unfortunately - I'm still seeing the error: >> >> client co9ehsobe002.messaging.microsoft.com [207.46.163.25] connection >> error: Error: 3075274448:error:06065064:digital envelope >> routines:EVP_DecryptFinal_ex:bad >> decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:#0123075274448:error:06065064:digital >> envelope routines:EVP_DecryptFinal_ex:bad >> decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467: >> >> Is there anything else I can try? >> > > Replying to myself - I've been looking through Node's lib/crypto.js and > lib/tls.js and I think I can see why this wasn't effective for me. > > Here's the relevant code from Haraka: > https://github.com/baudehlo/Haraka/blob/master/tls_socket.js#L186 > > I've modified that to look like this: > > if (!options) options = {}; > options.secureOptions = 2147483648; > var sslcontext = crypto.createCredentials(options); > var pair = tls.createSecurePair(sslcontext, true, true, false); > > However looking at lib/tls.js - tls.createSecurePair creates a SecurePair > object but does not allow for 'options' to be passed in. It also does not > copy any relevant options from the 'credentials' object, so it appears not > to be possible for me to pass secureOptions to it like this which looks to > be why your suggested fix did not work. > > I therefore propose the following changes which would not break the existing > API: > https://github.com/smfreegard/node/commit/ea8d14b7388cf559cd4e340d8c88f3e92efed9dc > > That would then allow me to avoid calling createCredentials() directly and > pass all the necessary options through to both.
I don't see why a change to the crypto/tls API is necessary. Haraka just needs to be a little more flexible here. By the way, the value of SSL_OP_ALL is 0x80000bff, not 0x80000000 (2147486719 vs 2147483648). That value in the commit log was just for demonstration purposes, it's the smallest value that shows the wraparound behavior. -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en