crypto: surface OpenSSL errors in X509Certificate.toLegacyObject#63301
Open
fru1tworld wants to merge 1 commit into
Open
crypto: surface OpenSSL errors in X509Certificate.toLegacyObject#63301fru1tworld wants to merge 1 commit into
fru1tworld wants to merge 1 commit into
Conversation
Refs: nodejs#63265 Signed-off-by: fru1tworld <fruitworld.planet@gmail.com>
Collaborator
|
Review requested:
|
nodejs-github-bot
added
c++
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
X509Certificate.toLegacyObject()silently omits thesubjectaltnameand
infoAccessproperties when an internal OpenSSL call fails (e.g.BIO_newallocation failure), making "extension absent"indistinguishable from an internal error.
Switch the corresponding ncrypto helpers to
MarkPopErrorOnReturnandthrow via
ThrowCryptoErrorwhen the OpenSSL error queue is non-empty.An empty queue is still treated as "extension absent" and yields
undefined, preserving existing behavior. The remaining call siteslisted in #63265 are out of scope here.
Refs: #63265