tls: fix empty issuer/subject/infoAccess parsing

bnoordhuis · addaleax · commit e90af2960419 · 2017-07-27T23:48:55.000+02:00
Also issuerCertificate but that did not fit on the status line. Fixes: #11771 PR-URL: #14473 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Refael Ackermann <refack@gmail.com>
diff --git a/lib/_tls_common.js b/lib/_tls_common.js
@@ -169,12 +169,12 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
   if (!c)
     return null;
 
-  if (c.issuer) c.issuer = tls.parseCertString(c.issuer);
-  if (c.issuerCertificate && c.issuerCertificate !== c) {
+  if (c.issuer != null) c.issuer = tls.parseCertString(c.issuer);
+  if (c.issuerCertificate != null && c.issuerCertificate !== c) {
     c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);
   }
-  if (c.subject) c.subject = tls.parseCertString(c.subject);
-  if (c.infoAccess) {
+  if (c.subject != null) c.subject = tls.parseCertString(c.subject);
+  if (c.infoAccess != null) {
     var info = c.infoAccess;
     c.infoAccess = {};
 
diff --git a/test/parallel/test-tls-translate-peer-certificate.js b/test/parallel/test-tls-translate-peer-certificate.js
@@ -0,0 +1,55 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const { strictEqual, deepStrictEqual } = require('assert');
+const { translatePeerCertificate } = require('_tls_common');
+
+const certString = 'A=1\nB=2\nC=3';
+const certObject = { A: '1', B: '2', C: '3' };
+
+strictEqual(translatePeerCertificate(null), null);
+strictEqual(translatePeerCertificate(undefined), null);
+
+strictEqual(translatePeerCertificate(0), null);
+strictEqual(translatePeerCertificate(1), 1);
+
+deepStrictEqual(translatePeerCertificate({}), {});
+
+deepStrictEqual(translatePeerCertificate({ issuer: '' }),
+                { issuer: {} });
+deepStrictEqual(translatePeerCertificate({ issuer: null }),
+                { issuer: null });
+deepStrictEqual(translatePeerCertificate({ issuer: certString }),
+                { issuer: certObject });
+
+deepStrictEqual(translatePeerCertificate({ subject: '' }),
+                { subject: {} });
+deepStrictEqual(translatePeerCertificate({ subject: null }),
+                { subject: null });
+deepStrictEqual(translatePeerCertificate({ subject: certString }),
+                { subject: certObject });
+
+deepStrictEqual(translatePeerCertificate({ issuerCertificate: '' }),
+                { issuerCertificate: null });
+deepStrictEqual(translatePeerCertificate({ issuerCertificate: null }),
+                { issuerCertificate: null });
+deepStrictEqual(
+    translatePeerCertificate({ issuerCertificate: { subject: certString } }),
+    { issuerCertificate: { subject: certObject } });
+
+{
+  const cert = {};
+  cert.issuerCertificate = cert;
+  deepStrictEqual(translatePeerCertificate(cert), { issuerCertificate: cert });
+}
+
+deepStrictEqual(translatePeerCertificate({ infoAccess: '' }),
+                { infoAccess: {} });
+deepStrictEqual(translatePeerCertificate({ infoAccess: null }),
+                { infoAccess: null });
+deepStrictEqual(
+    translatePeerCertificate({ infoAccess: 'OCSP - URI:file:///etc/passwd' }),
+    { infoAccess: { 'OCSP - URI': ['file:///etc/passwd'] } });
