Merge pull request #86 from mbrand1/master

konklone · konklone · commit 4ba8101c5dc6 · 2016-01-17T22:28:07.000-05:00
Prevent adding known roots to tls connect response.
diff --git a/shaaaaa.js b/shaaaaa.js
@@ -105,6 +105,7 @@ var Shaaa = {
     var tlsOptions = {
       host: domain,
       servername: domain,
+      ca: 'x', // prevents adding known roots to response
       port: port,
       rejectUnauthorized: false
     };
@@ -118,19 +119,24 @@ var Shaaa = {
     socket.on('close', function() {
       if (options.verbose || options.debug) console.log('[tlsSocket] disconnected');
 
-      // Walk through peerCert object.  Grab DER-encoded certs.  Convert to PEM and push to certsArray.
+      // Walk the depth of the peerCert object.  Grab DER-encoded certs.  Convert to PEM and push to certsArray.
       var certsArray = [];
-      function eachDer(cert) {
-        if (cert) {
-          var pem = Shaaa.derToPem(cert.raw);
+      var maxdepth = 7;
+      if (peerCert) {
+        var depth = 0;
+        while (depth < maxdepth) {
+          var pem = Shaaa.derToPem(peerCert.raw);
           if (pem) {
             certsArray.push(x509.parseCert(pem));
-            if (cert.issuerCertificate !== cert) // peerCert contains circular obj ref.  This stops us.
-              eachDer(cert.issuerCertificate);
-          }
+            if (peerCert.issuerCertificate && (peerCert.issuerCertificate !== peerCert))
+              peerCert = peerCert.issuerCertificate;
+            else
+              break; // no more depth levels
+          } else
+            break; // no more certs
+          ++depth;
         }
       }
-      eachDer(peerCert);
 
       if (certsArray.length == 0)
         callback({message: "No certs returned"});
