Fix incorrect extension handling

.travis.yml

@@ -11,6 +11,8 @@ addons:
 language: node_js
 node_js:
   - "stable"
+  - "10"
+  - "8"
   - "4.0"
   - "0.12"
   - "0.10"

include/x509.h

@@ -3,19 +3,21 @@
 
 // Include header for addon version, node/v8 inclusions, etc.
 #include <addon.h>
-#include <node_version.h>
 #include <nan.h>
+#include <node_version.h>
 #include <string>
 
 // OpenSSL headers
 #include <openssl/asn1.h>
 #include <openssl/bio.h>
+#include <openssl/bn.h>
 #include <openssl/err.h>
+#include <openssl/opensslv.h>
 #include <openssl/pem.h>
 #include <openssl/x509.h>
-#include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
-#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
 
 using namespace v8;
 

package.json

@@ -13,6 +13,6 @@
   },
   "license": "MIT",
   "dependencies": {
-    "nan": "2.2.0"
+    "nan": "2.12.0"
   }
 }

src/x509.cc

@@ -1,6 +1,7 @@
+#include <x509.h>
 #include <cstring>
 #include <sstream>
-#include <x509.h>
+
 
 using namespace v8;
 
@@ -43,7 +44,7 @@ std::string parse_args(const Nan::FunctionCallbackInfo<v8::Value>& info) {
     return std::string();
   }
 
-  return *String::Utf8Value(info[0]->ToString());
+  return *Nan::Utf8String(info[0]->ToString());
 }
 
 
@@ -91,7 +92,7 @@ NAN_METHOD(verify) {
     X509_STORE_CTX_init(verify_ctx, store, cert, NULL);
     ret = X509_verify_cert(verify_ctx);
     if (ret <= 0) {
-      error =  X509_verify_cert_error_string(verify_ctx->error);
+      error =  X509_verify_cert_error_string(X509_STORE_CTX_get_error(verify_ctx));
       break;
     }
   } while(0);
@@ -237,7 +238,11 @@ Local<Value> try_parse(const std::string& dataString) {
       Nan::New<String>(stream.str()).ToLocalChecked());
 
   // Signature Algorithm
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  int sig_alg_nid = X509_get_signature_nid(cert);
+#else
   int sig_alg_nid = OBJ_obj2nid(cert->sig_alg->algorithm);
+#endif
   if (sig_alg_nid == NID_undef) {
     ERR_clear_error();
     Nan::ThrowError("unable to find specified signature algorithm name.");
@@ -272,7 +277,11 @@ Local<Value> try_parse(const std::string& dataString) {
   }
 
   // public key
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  int pkey_nid = X509_get_signature_nid(cert);
+#else
   int pkey_nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
+#endif
   if (pkey_nid == NID_undef) {
     ERR_clear_error();
     Nan::ThrowError("unable to find specified public key algorithm name.");
@@ -290,9 +299,18 @@ Local<Value> try_parse(const std::string& dataString) {
     char *rsa_e_dec, *rsa_n_hex;
     uint32_t rsa_key_length_int;
     RSA *rsa_key;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    rsa_key = EVP_PKEY_get1_RSA(pkey);
+    const BIGNUM *n;
+    const BIGNUM *e;
+    RSA_get0_key(rsa_key, &n, &e, NULL);
+    rsa_e_dec = BN_bn2dec(e);
+    rsa_n_hex = BN_bn2hex(n);
+#else
     rsa_key = pkey->pkey.rsa;
     rsa_e_dec = BN_bn2dec(rsa_key->e);
     rsa_n_hex = BN_bn2hex(rsa_key->n);
+#endif
     rsa_key_length_int = RSA_size(rsa_key) * 8;
     Nan::Set(publicKey,
       Nan::New<String>("e").ToLocalChecked(),
@@ -322,7 +340,12 @@ Local<Value> try_parse(const std::string& dataString) {
       GENERAL_NAME *current = sk_GENERAL_NAME_value(names, i);
 
       if (current->type == GEN_DNS) {
-        char *name = (char*) ASN1_STRING_data(current->d.dNSName);
+        char *name = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        name = (char *)ASN1_STRING_get0_data(current->d.dNSName);
+#else
+        name = (char *)ASN1_STRING_data(current->d.dNSName);
+#endif
 
         if (ASN1_STRING_length(current->d.dNSName) != (int) strlen(name)) {
           ERR_clear_error();
@@ -340,7 +363,11 @@ Local<Value> try_parse(const std::string& dataString) {
 
   // Extensions
   Local<Object> extensions(Nan::New<Object>());
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert);
+#else
   STACK_OF(X509_EXTENSION) *exts = cert->cert_info->extensions;
+#endif  
   int num_of_exts;
   int index_of_exts;
   if (exts) {
@@ -360,7 +387,7 @@ Local<Value> try_parse(const std::string& dataString) {
     BIO *ext_bio = BIO_new(BIO_s_mem());
     // IFNULL_FAIL(ext_bio, "unable to allocate memory for extension value BIO");
     if (!X509V3_EXT_print(ext_bio, ext, 0, 0)) {
-      M_ASN1_OCTET_STRING_print(ext_bio, ext->value);
+        ASN1_STRING_print(ext_bio, X509_EXTENSION_get_data(ext));
     }
 
     BUF_MEM *bptr;
@@ -430,21 +457,27 @@ Local<Value> parse_date(ASN1_TIME *date) {
   Local<Object> global = Nan::GetCurrentContext()->Global();
   Local<Object> DateObject = Nan::Get(global,
     Nan::New<String>("Date").ToLocalChecked()).ToLocalChecked()->ToObject();
-  return scope.Escape(DateObject->CallAsConstructor(1, args));
+  return scope.Escape(Nan::CallAsConstructor(DateObject, 1, args).ToLocalChecked());
 }
 
 Local<Object> parse_name(X509_NAME *subject) {
   Nan::EscapableHandleScope scope;
   Local<Object> cert = Nan::New<Object>();
   int i, length;
   ASN1_OBJECT *entry;
-  unsigned char *value;
+  const unsigned char *value;
   char buf[255];
   length = X509_NAME_entry_count(subject);
   for (i = 0; i < length; i++) {
     entry = X509_NAME_ENTRY_get_object(X509_NAME_get_entry(subject, i));
     OBJ_obj2txt(buf, 255, entry, 0);
-    value = ASN1_STRING_data(X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i)));
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    value = ASN1_STRING_get0_data(
+      X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i)));
+#else
+    value = ASN1_STRING_data(
+      X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i)));
+#endif
     Nan::Set(cert,
       Nan::New<String>(real_name(buf)).ToLocalChecked(),
       Nan::New<String>((const char*) value).ToLocalChecked());

test/certs/certwithattrs.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAY+gAwIBAgIUHkmY6fRP0ANTvzaBwKCkMZZPUnUwCgYIKoZIzj0EAwIw
+GzEZMBcGA1UEAxMQZmFicmljLWNhLXNlcnZlcjAeFw0xNzA5MDgwMzQyMDBaFw0x
+ODA5MDgwMzQyMDBaMB4xHDAaBgNVBAMTE015VGVzdFVzZXJXaXRoQXR0cnMwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAATmB1r3CdWvOOP3opB3DjJnW3CnN8q1ydiR
+dzmuA6A2rXKzPIltHvYbbSqISZJubsy8gVL6GYgYXNdu69RzzFF5o4GtMIGqMA4G
+A1UdDwEB/wQEAwICBDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTYKLTAvJJK08OM
+VGwIhjMQpo2DrjAfBgNVHSMEGDAWgBTEs/52DeLePPx1+65VhgTwu3/2ATAiBgNV
+HREEGzAZghdBbmlscy1NYWNCb29rLVByby5sb2NhbDAmBggqAwQFBgcIAQQaeyJh
+dHRycyI6eyJhdHRyMSI6InZhbDEifX0wCgYIKoZIzj0EAwIDSAAwRQIhAPuEqWUp
+svTTvBqLR5JeQSctJuz3zaqGRqSs2iW+QB3FAiAIP0mGWKcgSGRMMBvaqaLytBYo
+9v3hRt1r8j8vN0pMcg==
+-----END CERTIFICATE-----

test/test.js

@@ -53,4 +53,4 @@ x509.verify(
   function(err, result) {
     assert.throws(assert.ifError.bind(null, err), /Failed to load cert/)
   }
-);
+);