On Thu, Nov 22, 2012 at 9:19 PM, Steve Freegard <s...@fsl.com> wrote:
> Ben,
>
> On Thursday, November 22, 2012 5:13:23 PM UTC, Steve Freegard wrote:
>
>> Ok - I tried various options OR'd together to no avail, so finally decided
>> to hack this in rather than to rebuild Node on this box just to see if it
>> cured the problem:
>>
>> if (!options) options = {};
>> options.secureOptions = 2147483648;
>> var sslcontext = crypto.createCredentials(options);
>>
>> Unfortunately - I'm still seeing the error:
>>
>> client co9ehsobe002.messaging.microsoft.com [207.46.163.25] connection
>> error: Error: 3075274448:error:06065064:digital envelope
>> routines:EVP_DecryptFinal_ex:bad
>> decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:#0123075274448:error:06065064:digital
>> envelope routines:EVP_DecryptFinal_ex:bad
>> decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:
>>
>> Is there anything else I can try?
>>
>
> Replying to myself - I've been looking through Node's lib/crypto.js and
> lib/tls.js and I think I can see why this wasn't effective for me.
>
> Here's the relevant code from Haraka:
> https://github.com/baudehlo/Haraka/blob/master/tls_socket.js#L186
>
> I've modified that to look like this:
>
> if (!options) options = {};
> options.secureOptions = 2147483648;
> var sslcontext = crypto.createCredentials(options);
> var pair = tls.createSecurePair(sslcontext, true, true, false);
>
> However looking at lib/tls.js - tls.createSecurePair creates a SecurePair
> object but does not allow for 'options' to be passed in. It also does not
> copy any relevant options from the 'credentials' object, so it appears not
> to be possible for me to pass secureOptions to it like this which looks to
> be why your suggested fix did not work.
>
> I therefore propose the following changes which would not break the existing
> API:
> https://github.com/smfreegard/node/commit/ea8d14b7388cf559cd4e340d8c88f3e92efed9dc
>
> That would then allow me to avoid calling createCredentials() directly and
> pass all the necessary options through to both.
I don't see why a change to the crypto/tls API is necessary. Haraka
just needs to be a little more flexible here.
By the way, the value of SSL_OP_ALL is 0x80000bff, not 0x80000000
(2147486719 vs 2147483648). That value in the commit log was just for
demonstration purposes, it's the smallest value that shows the
wraparound behavior.
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
