From 3a6392b2836cdcce519213660adc8b97ec59e359 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 24 Jul 2017 14:36:36 +0200
Subject: [PATCH] tls: fix empty issuer/subject/infoAccess parsing

Also issuerCertificate but that did not fit on the status line.

Fixes: https://github.com/nodejs/node/issues/11771
PR-URL: https://github.com/nodejs/node/pull/14473
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
---
 lib/_tls_common.js                            |  8 +--
 .../test-tls-translate-peer-certificate.js    | 55 +++++++++++++++++++
 2 files changed, 59 insertions(+), 4 deletions(-)
 create mode 100644 test/parallel/test-tls-translate-peer-certificate.js

diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index 669110d826f7bd..5b37c119718c24 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -149,12 +149,12 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
   if (!c)
     return null;
 
-  if (c.issuer) c.issuer = tls.parseCertString(c.issuer);
-  if (c.issuerCertificate && c.issuerCertificate !== c) {
+  if (c.issuer != null) c.issuer = tls.parseCertString(c.issuer);
+  if (c.issuerCertificate != null && c.issuerCertificate !== c) {
     c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);
   }
-  if (c.subject) c.subject = tls.parseCertString(c.subject);
-  if (c.infoAccess) {
+  if (c.subject != null) c.subject = tls.parseCertString(c.subject);
+  if (c.infoAccess != null) {
     var info = c.infoAccess;
     c.infoAccess = {};
 
diff --git a/test/parallel/test-tls-translate-peer-certificate.js b/test/parallel/test-tls-translate-peer-certificate.js
new file mode 100644
index 00000000000000..537c00a009697a
--- /dev/null
+++ b/test/parallel/test-tls-translate-peer-certificate.js
@@ -0,0 +1,55 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const { strictEqual, deepStrictEqual } = require('assert');
+const { translatePeerCertificate } = require('_tls_common');
+
+const certString = 'A=1\nB=2\nC=3';
+const certObject = { A: '1', B: '2', C: '3' };
+
+strictEqual(translatePeerCertificate(null), null);
+strictEqual(translatePeerCertificate(undefined), null);
+
+strictEqual(translatePeerCertificate(0), null);
+strictEqual(translatePeerCertificate(1), 1);
+
+deepStrictEqual(translatePeerCertificate({}), {});
+
+deepStrictEqual(translatePeerCertificate({ issuer: '' }),
+                { issuer: {} });
+deepStrictEqual(translatePeerCertificate({ issuer: null }),
+                { issuer: null });
+deepStrictEqual(translatePeerCertificate({ issuer: certString }),
+                { issuer: certObject });
+
+deepStrictEqual(translatePeerCertificate({ subject: '' }),
+                { subject: {} });
+deepStrictEqual(translatePeerCertificate({ subject: null }),
+                { subject: null });
+deepStrictEqual(translatePeerCertificate({ subject: certString }),
+                { subject: certObject });
+
+deepStrictEqual(translatePeerCertificate({ issuerCertificate: '' }),
+                { issuerCertificate: null });
+deepStrictEqual(translatePeerCertificate({ issuerCertificate: null }),
+                { issuerCertificate: null });
+deepStrictEqual(
+  translatePeerCertificate({ issuerCertificate: { subject: certString } }),
+  { issuerCertificate: { subject: certObject } });
+
+{
+  const cert = {};
+  cert.issuerCertificate = cert;
+  deepStrictEqual(translatePeerCertificate(cert), { issuerCertificate: cert });
+}
+
+deepStrictEqual(translatePeerCertificate({ infoAccess: '' }),
+                { infoAccess: {} });
+deepStrictEqual(translatePeerCertificate({ infoAccess: null }),
+                { infoAccess: null });
+deepStrictEqual(
+  translatePeerCertificate({ infoAccess: 'OCSP - URI:file:///etc/passwd' }),
+  { infoAccess: { 'OCSP - URI': ['file:///etc/passwd'] } });