crypto: return clear errors when loading invalid PFX data #49566
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
c++
pimterry
force-pushed
the
fix-pfx-missing-key-error
branch
from
e3bebf3
to
2ad8af6
Compare
bnoordhuis
reviewed
Sep 9, 2023
bnoordhuis
approved these changes
Sep 11, 2023
debadree25
added
author ready
github-actions
bot
removed
the
request-ci
This was referenced Sep 16, 2023
aymen94
approved these changes
Sep 18, 2023
|
This is reviewed & passing CI, I think it's ready to go AFAICT. Can somebody please add to the commit queue? |
aduh95
added
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in 17b9925 |
|
Amazing thanks @aduh95! |
alexfernandez
pushed a commit
to alexfernandez/node
that referenced
this pull request
Nov 1, 2023
PR-URL: nodejs#49566 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
targos
pushed a commit
that referenced
this pull request
Nov 11, 2023
PR-URL: #49566 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
debadree25
pushed a commit
to debadree25/node
that referenced
this pull request
Apr 15, 2024
PR-URL: nodejs#49566 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes #49562
Without this change, the provided test fails with 'passed a null parameter', telling you nothing about what's actually wrong (since no nulls are present in this test code).
With this change, the test correctly receives a 'Unable to load private key from PFX data' error, telling you exactly what's wrong.
I've also covered the
certcase here. I have confirmed that the same 'null parameter' error would be unhelpfully thrown ifcertwas null, so I think that's similarly useful. I'm not sure how to actually produce a pfx that would trigger this, so I haven't included a test, and it's possible that this isn't a possible condition (i.e. maybePKCS12_parsewould fail in that case) but it seems likely that it's technically possible and worth covering, and it's very easy to do so.