From acf7802fe3ae396a69d53302f79080c8ae12eedd Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Wed, 19 Dec 2018 13:57:27 -0800 Subject: [PATCH] tls: remove unused ocsp extension parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The OCSP info from parsing the TLS ClientHello has not been used since 550c263, remove it. See: https://github.com/nodejs/node/pull/1464 PR-URL: https://github.com/nodejs/node/pull/25153 Reviewed-By: Anna Henningsen Reviewed-By: Tobias Nießen Reviewed-By: James M Snell Reviewed-By: Anatoli Papirovski --- src/node_crypto.cc | 3 --- src/node_crypto_clienthello-inl.h | 1 - src/node_crypto_clienthello.cc | 13 ------------- src/node_crypto_clienthello.h | 5 ----- 4 files changed, 22 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 7967d6a40be191..618fe14ae92c07 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1532,9 +1532,6 @@ void SSLWrap::OnClientHello(void* arg, hello_obj->Set(context, env->tls_ticket_string(), Boolean::New(env->isolate(), hello.has_ticket())).FromJust(); - hello_obj->Set(context, - env->ocsp_request_string(), - Boolean::New(env->isolate(), hello.ocsp_request())).FromJust(); Local argv[] = { hello_obj }; w->MakeCallback(env->onclienthello_string(), arraysize(argv), argv); diff --git a/src/node_crypto_clienthello-inl.h b/src/node_crypto_clienthello-inl.h index 9de8f2e5fcf731..1262186a9277d2 100644 --- a/src/node_crypto_clienthello-inl.h +++ b/src/node_crypto_clienthello-inl.h @@ -48,7 +48,6 @@ inline void ClientHelloParser::Reset() { tls_ticket_ = nullptr; servername_size_ = 0; servername_ = nullptr; - ocsp_request_ = 0; } inline void ClientHelloParser::Start(ClientHelloParser::OnHelloCb onhello_cb, diff --git a/src/node_crypto_clienthello.cc b/src/node_crypto_clienthello.cc index cbe1be32737058..b0375755774318 100644 --- a/src/node_crypto_clienthello.cc +++ b/src/node_crypto_clienthello.cc @@ -112,7 +112,6 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { hello.session_id_ = session_id_; hello.session_size_ = session_size_; hello.has_ticket_ = tls_ticket_ != nullptr && tls_ticket_size_ != 0; - hello.ocsp_request_ = ocsp_request_; hello.servername_ = servername_; hello.servername_size_ = static_cast(servername_size_); onhello_cb_(cb_arg_, hello); @@ -149,18 +148,6 @@ void ClientHelloParser::ParseExtension(const uint16_t type, } } break; - case kStatusRequest: - // We are ignoring any data, just indicating the presence of extension - if (len < kMinStatusRequestSize) - return; - - // Unknown type, ignore it - if (data[0] != kStatusRequestOCSP) - break; - - // Ignore extensions, they won't work with caching on backend anyway - ocsp_request_ = 1; - break; case kTLSSessionTicket: tls_ticket_size_ = len; tls_ticket_ = data + len; diff --git a/src/node_crypto_clienthello.h b/src/node_crypto_clienthello.h index 687e9589b6d932..2ced72c4e8d1e6 100644 --- a/src/node_crypto_clienthello.h +++ b/src/node_crypto_clienthello.h @@ -41,7 +41,6 @@ class ClientHelloParser { inline bool has_ticket() const { return has_ticket_; } inline uint8_t servername_size() const { return servername_size_; } inline const uint8_t* servername() const { return servername_; } - inline int ocsp_request() const { return ocsp_request_; } private: uint8_t session_size_; @@ -49,7 +48,6 @@ class ClientHelloParser { bool has_ticket_; uint8_t servername_size_; const uint8_t* servername_; - int ocsp_request_; friend class ClientHelloParser; }; @@ -69,7 +67,6 @@ class ClientHelloParser { static const size_t kMaxTLSFrameLen = 16 * 1024 + 5; static const size_t kMaxSSLExFrameLen = 32 * 1024; static const uint8_t kServernameHostname = 0; - static const uint8_t kStatusRequestOCSP = 1; static const size_t kMinStatusRequestSize = 5; enum ParseState { @@ -93,7 +90,6 @@ class ClientHelloParser { enum ExtensionType { kServerName = 0, - kStatusRequest = 5, kTLSSessionTicket = 35 }; @@ -115,7 +111,6 @@ class ClientHelloParser { const uint8_t* session_id_ = nullptr; uint16_t servername_size_ = 0; const uint8_t* servername_ = nullptr; - uint8_t ocsp_request_ = 0; uint16_t tls_ticket_size_ = -1; const uint8_t* tls_ticket_ = nullptr; };