This repository has been archived by the owner. It is now read-only.
Permalink
Switch branches/tags
Commits on Oct 23, 2014
  1. tests: add TLS tests matrix

    Julien Gilli authored and tjfontaine committed Oct 23, 2014
    Add a test that goes through the whole matrix of:
    - command line options (--enable-ssl*)
    - secureOptions
    - secureProtocols
    
    and makes sure that compatible test setups actually work as expected.
    
    The test works by spawning two processes for each test case: one client
    and one server. The test passes if a SSL/TLS connection from the client
    to the server is successful and the test case was supposed to pass, or
    if the connection couldn't be established and the test case was supposed
    to fail.
    
    The test is currently located in the directory 'test/external' because
    it has external dependencies.
  2. tls: enforce secureOptions on incoming clients

    tjfontaine committed Oct 22, 2014
    Reuse the secureProtocol and secureOptions of the server when creating
    the secure context for incoming clients.
  3. tls: honorCipherOrder should not degrade defaults

    tjfontaine committed Oct 22, 2014
    Specifying honorCipherOrder should not change the SSLv2/SSLv3 defaults
    for a TLS server.
    
    Use secureOptions logic in both lib/tls.js and lib/crypto.js
Commits on Oct 21, 2014
  1. 2014.10.20, Version 0.10.33 (Stable)

    tjfontaine committed Oct 21, 2014
    * openssl: Update to 1.0.1j (Addressing multiple CVEs)
    
    * uv: Update to v0.10.29
    
    * child_process: properly support optional args (cjihrig)
    
    * crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
    Timothy J Fontaine, Alexis Campailla)
    
    This is a behavior change, by default we will not allow the negotiation to
    SSLv2 or SSLv3. If you want this behavior, run Node.js with either
    `--enable-ssl2` or `--enable-ssl3` respectively.
    
    This does not change the behavior for users specifically requesting
    `SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
    assumed you know what you're doing since you're specifically asking to use
    these methods.
Commits on Oct 20, 2014
  1. uv: Update to v0.10.29

    tjfontaine committed Oct 20, 2014
  2. crypto: allow forcing SSLv2/v3 via secureProtocol

    indutny authored and tjfontaine committed Oct 18, 2014
    Force-enable SSLv2/v3 when `secureProtocol` is explicitly set
    to `SSLv2_method` or `SSLv3_method`.
    
    see discussion at #8551
Commits on Oct 17, 2014
  1. docs: update api location

    tjfontaine committed Oct 17, 2014
Commits on Oct 16, 2014
  1. crypto: extra caution in setting ssl options

    orangemocha committed Oct 16, 2014
    Always set ssl2/ssl3 disabled based on whether they are enabled in Node.
    In some corner-case scenario, node with OPENSSL_NO_SSL3 defined could
    be linked to openssl that has SSL3 enabled.
  2. test: fix test-net-listen-fd0 for pipes

    tjfontaine committed Jan 28, 2014
    In the case of a pipe'd input, i.e. from the CI the fd will be a PIPE
    and when listen() is called it will return ENOTSOCK instead of EINVAL.
    
    Backport: cd2d3ae
  3. test: crypto-domains avoid spurious failures

    tjfontaine committed Oct 16, 2014
    The order of the callbacks is non-deterministic, so don't expect the
    error messages to come back in the same order every time, instead just
    verify they are expected messages.
  4. crypto: allow runtime opt in using SSLv2/SSLv3

    tjfontaine committed Oct 15, 2014
    This change disables SSLv2/SSLv3 use by default, and introduces a
    command line flag to opt into using SSLv2/SSLv3.
    
    SSLv2 and SSLv3 are considered unsafe, and should only be used in
    situations where compatibility with other components is required and
    they cannot be upgrade to support newer forms of TLS.
Commits on Oct 15, 2014
  1. test: fix test-crypto-stream

    indutny authored and tjfontaine committed Oct 15, 2014
    Because of constant-timeness change made in openssl-1.0.1j the error is
    no longer returned from EVP_DecryptFinal_ex. Now it just return 0, and
    thus the error message does not contain proper error code. Adapt to this
    change, there is not much that we could do about it.
  2. deps: update openssl to 1.0.1j

    indutny authored and tjfontaine committed Oct 15, 2014
  3. doc: document why SSL2/SSL3 is disabled

    indutny committed Oct 15, 2014
    PR-URL: #8551
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  4. configure: disable ssl2/ssl3 by default

    indutny committed Oct 15, 2014
    PR-URL: #8551
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  5. tls add secureOptions documentation

    Swaagie authored and indutny committed Oct 15, 2014
    PR-URL: #8553
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
Commits on Oct 13, 2014
  1. doc: update design to match nodejs.org

    fitzage authored and tjfontaine committed Jun 17, 2014
Commits on Sep 26, 2014
  1. hdr: always define NODE_WANT_INTERNALS

    indutny committed Sep 23, 2014
    Otherwise the warning could be printed on some systems.
    
    fix #8419
Commits on Sep 23, 2014
  1. doc: document _transform callback takes 2 args

    calvinmetcalf authored and indutny committed Sep 3, 2014
    Expands the paragraph in the transform stream
    implementation docs about the callback that is passed
    to the _transform method to include details about how
    two arguments may be passed, error and data.  A code
    example is also included.
    
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
Commits on Sep 17, 2014
  1. child_process: properly support optional args

    cjihrig authored and trevnorris committed Sep 17, 2014
    Currently, a TypeError is incorrectly thrown if the second argument is
    an object. This commit allows the args argument to be properly omitted.
    
    Fixes: #6068
    Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Commits on Sep 16, 2014
  1. Now working on 0.10.33

    tjfontaine committed Sep 16, 2014
  2. 2014.09.16, Version 0.10.32 (Stable)

    tjfontaine committed Sep 16, 2014
    * npm: Update to 1.4.28
    
    * v8: fix a crash introduced by previous release (Fedor Indutny)
    
    * configure: add --openssl-no-asm flag (Fedor Indutny)
    
    * crypto: use domains for any callback-taking method (Chris Dickinson)
    
    * http: do not send `0rnrn` in TE HEAD responses (Fedor Indutny)
    
    * querystring: fix unescape override (Tristan Berger)
    
    * url: Add support for RFC 3490 separators (Mathias Bynens)
  3. npm: Update to 1.4.28

    tjfontaine committed Sep 16, 2014
  4. http: do not send `0\r\n\r\n` in TE HEAD responses

    indutny authored and tjfontaine committed Sep 13, 2014
    When replying to a HEAD request, do not attempt to send the trailers and
    EOF sequence (`0\r\n\r\n`). The HEAD request MUST not have body.
    
    Quote from RFC:
    
    The presence of a message body in a response depends on both the
    request method to which it is responding and the response status code
    (Section 3.1.2).  Responses to the HEAD request method (Section 4.3.2
    of [RFC7231]) never include a message body because the associated
    response header fields (e.g., Transfer-Encoding, Content-Length,
    etc.), if present, indicate only what their values would have been if
    the request method had been GET (Section 4.3.1 of [RFC7231]).
    
    fix #8361
    
    Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
  5. crypto: use domains for any callback-taking method

    chrisdickinson authored and tjfontaine committed Sep 16, 2014
    This adds domains coverage for pdbkdf2, pseudoRandomBytes, and randomBytes.
    All others should be covered by event emitters.
    
    Fixes #5801.
    
    Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Commits on Sep 15, 2014
  1. doc: document `process.env` better

    mmalecki authored and indutny committed Nov 11, 2013
    Fixes #6424.
    
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
  2. doc: fix modules require.resolve documentation

    lo1tuma authored and indutny committed Sep 3, 2014
    The behavior of the `node_modules` lookup algorithm was
    changed in #1177, but the documentation was not updated completely
    to describe the new behavior.
    
    The pseudocode of the lookup algorithm did not metion that
    `index.json` is tried to be loaded if you require a folder.
    
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
Commits on Sep 3, 2014
  1. configure: add --openssl-no-asm flag

    indutny committed Sep 2, 2014
    see #8062
    
    Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Commits on Sep 2, 2014
  1. tests: add test for non-integer delay timers.

    Julien Gilli authored and indutny committed Aug 26, 2014
    PR #8034 came with a test to make sure that timers expiry is based on
    monotonic time and not on wall-clock time. However, a bug in the
    implementation broke timers with non-integer delays. A fix for this
    issue was provided with PR #8073, but it didn't come with a test.
    
    Because #8073 fixed a subtle issue that could reappear in the future,
    and because the impact of such an issue would be significant, I suggest
    adding this test.
    
    The test would timeout after 1 minute if the issue was reproduced.
    Otherwise it will run very quickly.
    
    Reviewed-By: Fedor Indutny <fedor@indutny.com>