This requires some background to properly understand what I'm attempting:
Amazon S3 allows static website hosting, but with a requirement that the
bucket name must match your domain name. This means your bucket name will
look like: mydomain.com. Amazon S3 also provides a wildcard SSL certificate
for *.s3.amazonaws.com. By the rules of TLS, this means
com.s3.amazonaws.com IS covered by the certificate, but
mybucket.com.s3.amazonaws.com is not. Node applications, like Knox that
connect to *.com.s3.amazonaws.com should really be able to trust that
certificate, even though it breaks the rules of TLS, since the knox library
is a 'closed system': it only ever connects to an Amazon property.
The Node module https relies on tls.js, and tls.js has this function:
function checkServerIdentity(host, cert) {...// "The client SHOULD NOT attempt
to match a presented identifier in// which the wildcard character comprises a
label other than the// left-most label (e.g., do not match
bar.*.example.net)."// RFC6125if (!wildcards && /*/.test(host) ||
/[.*].**/.test(host) ||
/*/.test(host) && !/*.*..+..+/.test(host)) {
return /$./;
}
Which will properly return a "Certificate Mismatch" error. My understanding
of the Node Global Module Cache is that if the Knox module overrides the
checkServerIdentity function, which is several levels down and not called
directly by Knox, the override will be in the global cache for tls.js, so
any other Node app on that system will also get the overriden
checkServerIdentity function, which WOULD possibly be a security issue.
Is this the case? Is there a way to override node internals for my
app/module only?
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
