mirror of
https://github.com/electron/electron.git
synced 2026-04-10 03:01:51 -04:00
f769da64ad
* fix: enable TLS renegotiation in node * Update .patches * update patches Co-authored-by: Jeremy Rose <nornagon@nornagon.net> Co-authored-by: Jeremy Rose <jeremya@chromium.org> Co-authored-by: Electron Bot <anonymous@electronjs.org>
28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Rose <nornagon@nornagon.net>
|
|
Date: Tue, 18 Aug 2020 09:51:46 -0700
|
|
Subject: fix: enable TLS renegotiation
|
|
|
|
This configures BoringSSL to behave more similarly to OpenSSL.
|
|
See https://github.com/electron/electron/issues/18380.
|
|
|
|
This should be upstreamed.
|
|
|
|
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
|
|
index 42b9469e38189f04745732afdeadd59e3ce6ad4c..f664f280d605a32d9f97121ab2816fab0fbe28c9 100644
|
|
--- a/src/tls_wrap.cc
|
|
+++ b/src/tls_wrap.cc
|
|
@@ -125,6 +125,12 @@ void TLSWrap::InitSSL() {
|
|
// - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records
|
|
SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY);
|
|
|
|
+#ifdef OPENSSL_IS_BORINGSSL
|
|
+ // OpenSSL allows renegotiation by default, but BoringSSL disables it.
|
|
+ // Configure BoringSSL to match OpenSSL's behavior.
|
|
+ SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);
|
|
+#endif
|
|
+
|
|
SSL_set_app_data(ssl_.get(), this);
|
|
// Using InfoCallback isn't how we are supposed to check handshake progress:
|
|
// https://github.com/openssl/openssl/issues/7199#issuecomment-420915993
|