crypto: remove obsolete SSL_OP_* constants

tniessen · web-flow · commit 1640aeb680b1 · 2023-03-21T10:47:49.000Z
None of these constants have any effect in recent OpenSSL versions, not even in Node.js release lines that still use OpenSSL 1.1.1. It is likely rare that these options are still used (intentionally), and removing them is unlikely to break any existing applications. These constants can only be passed to the secureOptions option of tls.createSecureContext() and related APIs, and a value of undefined will be ignored. Similarly, if a bitwise combination of multiple options is used, undefined constants will not change the behavior because (a | undefined | b) === (a | b) for (small) integers a and b. Refs: #46954 Refs: #47066 PR-URL: #47073 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
diff --git a/src/node_constants.cc b/src/node_constants.cc
@@ -844,42 +844,10 @@ void DefineCryptoConstants(Local<Object> target) {
     NODE_DEFINE_CONSTANT(target, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
 #endif
 
-#ifdef SSL_OP_EPHEMERAL_RSA
-    NODE_DEFINE_CONSTANT(target, SSL_OP_EPHEMERAL_RSA);
-#endif
-
 #ifdef SSL_OP_LEGACY_SERVER_CONNECT
     NODE_DEFINE_CONSTANT(target, SSL_OP_LEGACY_SERVER_CONNECT);
 #endif
 
-#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-    NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
-#endif
-
-#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_SESS_ID_BUG);
-#endif
-
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-    NODE_DEFINE_CONSTANT(target, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_CA_DN_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CHALLENGE_BUG);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
-#endif
-
 #ifdef SSL_OP_NO_COMPRESSION
     NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION);
 #endif
@@ -928,42 +896,10 @@ void DefineCryptoConstants(Local<Object> target) {
     NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3);
 #endif
 
-#ifdef SSL_OP_PKCS1_CHECK_1
-    NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
-#endif
-
-#ifdef SSL_OP_PKCS1_CHECK_2
-    NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
-#endif
-
 #ifdef SSL_OP_PRIORITIZE_CHACHA
     NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA);
 #endif
 
-#ifdef SSL_OP_SINGLE_DH_USE
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
-#endif
-
-#ifdef SSL_OP_SINGLE_ECDH_USE
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_ECDH_USE);
-#endif
-
-#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
-#endif
-
-#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
-#endif
-
-#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_BLOCK_PADDING_BUG);
-#endif
-
-#ifdef SSL_OP_TLS_D5_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_D5_BUG);
-#endif
-
 #ifdef SSL_OP_TLS_ROLLBACK_BUG
     NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_ROLLBACK_BUG);
 #endif
diff --git a/typings/internalBinding/constants.d.ts b/typings/internalBinding/constants.d.ts
@@ -197,15 +197,7 @@ declare function InternalBinding(binding: 'constants'): {
     SSL_OP_COOKIE_EXCHANGE: 8192;
     SSL_OP_CRYPTOPRO_TLSEXT_BUG: 2147483648;
     SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: 2048;
-    SSL_OP_EPHEMERAL_RSA: 0;
     SSL_OP_LEGACY_SERVER_CONNECT: 4;
-    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: 0;
-    SSL_OP_MICROSOFT_SESS_ID_BUG: 0;
-    SSL_OP_MSIE_SSLV2_RSA_PADDING: 0;
-    SSL_OP_NETSCAPE_CA_DN_BUG: 0;
-    SSL_OP_NETSCAPE_CHALLENGE_BUG: 0;
-    SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: 0;
-    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: 0;
     SSL_OP_NO_COMPRESSION: 131072;
     SSL_OP_NO_ENCRYPT_THEN_MAC: 524288;
     SSL_OP_NO_QUERY_MTU: 4096;
@@ -218,15 +210,7 @@ declare function InternalBinding(binding: 'constants'): {
     SSL_OP_NO_TLSv1_1: 268435456;
     SSL_OP_NO_TLSv1_2: 134217728;
     SSL_OP_NO_TLSv1_3: 536870912;
-    SSL_OP_PKCS1_CHECK_1: 0;
-    SSL_OP_PKCS1_CHECK_2: 0;
     SSL_OP_PRIORITIZE_CHACHA: 2097152;
-    SSL_OP_SINGLE_DH_USE: 0;
-    SSL_OP_SINGLE_ECDH_USE: 0;
-    SSL_OP_SSLEAY_080_CLIENT_DH_BUG: 0;
-    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: 0;
-    SSL_OP_TLS_BLOCK_PADDING_BUG: 0;
-    SSL_OP_TLS_D5_BUG: 0;
     SSL_OP_TLS_ROLLBACK_BUG: 8388608;
     ENGINE_METHOD_RSA: 1;
     ENGINE_METHOD_DSA: 2;
