Currently, a TypeError is incorrectly thrown if the second argument is
an object. This commit allows the args argument to be properly omitted.

Fixes: #6068
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

Expands the paragraph in the transform stream
implementation docs about the callback that is passed
to the _transform method to include details about how
two arguments may be passed, error and data.  A code
example is also included.

Reviewed-By: Fedor Indutny <fedor@indutny.com>

Otherwise the warning could be printed on some systems.

fix #8419

PR-URL: #8553
Reviewed-By: Fedor Indutny <fedor@indutny.com>

PR-URL: #8551
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

PR-URL: #8551
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Because of constant-timeness change made in openssl-1.0.1j the error is
no longer returned from EVP_DecryptFinal_ex. Now it just return 0, and
thus the error message does not contain proper error code. Adapt to this
change, there is not much that we could do about it.

This change disables SSLv2/SSLv3 use by default, and introduces a
command line flag to opt into using SSLv2/SSLv3.

SSLv2 and SSLv3 are considered unsafe, and should only be used in
situations where compatibility with other components is required and
they cannot be upgrade to support newer forms of TLS.

The order of the callbacks is non-deterministic, so don't expect the
error messages to come back in the same order every time, instead just
verify they are expected messages.

In the case of a pipe'd input, i.e. from the CI the fd will be a PIPE
and when listen() is called it will return ENOTSOCK instead of EINVAL.

Backport: cd2d3ae

Always set ssl2/ssl3 disabled based on whether they are enabled in Node.
In some corner-case scenario, node with OPENSSL_NO_SSL3 defined could
be linked to openssl that has SSL3 enabled.

adds a note to the crypto docs passing along
the advice that openssl gives about what
key derivation function they recommend.

PR-URL: #8580
Reviewed-By: Fedor Indutny <fedor@indutny.com>

Force-enable SSLv2/v3 when `secureProtocol` is explicitly set
to `SSLv2_method` or `SSLv3_method`.

see discussion at #8551

* openssl: Update to 1.0.1j (Addressing multiple CVEs)

* uv: Update to v0.10.29

* child_process: properly support optional args (cjihrig)

* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
Timothy J Fontaine, Alexis Campailla)

This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.

This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.

Specifying honorCipherOrder should not change the SSLv2/SSLv3 defaults
for a TLS server.

Use secureOptions logic in both lib/tls.js and lib/crypto.js

Reuse the secureProtocol and secureOptions of the server when creating
the secure context for incoming clients.

Add a test that goes through the whole matrix of:
- command line options (--enable-ssl*)
- secureOptions
- secureProtocols

and makes sure that compatible test setups actually work as expected.

The test works by spawning two processes for each test case: one client
and one server. The test passes if a SSL/TLS connection from the client
to the server is successful and the test case was supposed to pass, or
if the connection couldn't be established and the test case was supposed
to fail.

The test is currently located in the directory 'test/external' because
it has external dependencies.

Fixes usage of global object 'Buffer' in lib/* files by ensuring that
each file does an explicit require('buffer').Buffer.  Previously, when
running a repl, due to usage of global 'Buffer', any redefinition of
Buffer would cause a crash eg var Buffer = {}.

Fixes: #8588
PR-URL: #8603
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

This updates key size to 2048 and default hash function to sha256.

Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: #8690

Clarify and emphasize the differences between dns.lookup and the rest of
the functions in the dns module.

PR-URL: #8726
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>

Its common knowledge on unix, but node documentation depends on knowing
this, as it exposes both streams named after stdio, and the fd numbers,
so make this explicit.

Fixes: #8624
PR-URL: #8454
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

The test wasn't checking directly that an assertion was thrown. Instead,
it was checking that spawn did not sucessfully spawn a non-existent
command.

However, the command chosen, dir, exists in GNU coreutils, so it exists
on Linux (though not on BSD derived OS X). The test as written passed on
Linux, even with the TypeError it is supposed to be checking for deleted
from spawn(). It would also pass on Windows if a ls.exe existed.

The approach is unnecessarily obscure, assert.throw() is for asserting
code throws, using it is more clear and works regardless of what
commands do or do not exist.

PR-URL: #8454
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

execFile and spawn have same API signature with respect to optional arg
array and optional options object, they should have same behaviour with
respect to argument validation.

PR-URL: #8454
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

Optional fork args should be type-checked with same behaviour as the
equivalent argument to spawn.

PR-URL: #8454
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

PR-URL: #8454
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

Add v8::Isolate::SetAbortOnUncaughtException() so the user can be
notified when an uncaught exception has bubbled.

PR-URL: #8666
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

Do not abort the process if an error is thrown from within a domain, an
error handler is setup for the domain and --abort-on-uncaught-exception
was passed on the command line.

However, if an error is thrown from within the top-level domain's error
handler and --abort-on-uncaught-exception was passed on the command
line, make the process abort.

Fixes: #8631
Fixes: #8630
PR-URL: #8666
Reviewed-by: Trevor Norris <trev.norris@gmail.com>

Forgot to fix these before landing the patch.

Fixes: e17c5a7

- Add hyperlinks from spawn options to subsections detailing what
those options do.
- Clarify some verbiage around ChildProcess.prototype.std{in,out,err}.
- Remove second-person pronoun.

PR-URL: #8639
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>

The destructor isn't being called for timers that have been unref'd.

Fixes: #8364
Signed-off-by: Trevor Norris <trev.norris@gmail.com>

This is a back-port of commit 5ab863d from the master branch.

Remove unneeded functionality and tweak the generated output so we
can #include it in C++ source code.

This is a back-port of commit e159073 from the master branch.

Update tools/certdata.txt to [0] (last updated on 2014-11-14) and
rebuild src/node_root_certs.h.

Refs #8679 and #8709.

[0] https://hg.mozilla.org/mozilla-central/raw-file/64206634959a/security/nss/lib/ckfw/builtins/certdata.txt

In very unlikely case, where `deflateInit2()` may return error (right
now happening only on exhausting all memory), the `ZCtx::Error()` will
be called and will try to `Unref()` the handle. But the problem is that
this handle was never `Ref()`ed, so it will trigger an assertion error
and crash the program.

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: #8687

Replace 'a' with 'an' where appropriate.

Currently there's an example using http.ServerResponse stream, which
has a known bug and will not throw an error while writing after end().
Changed to a writable stream from fs which behaves as expected.

fix #8814

Signed-off-by: Julien Gilli <julien.gilli@joyent.com>

Code examples in documentation for net.createServer and
net.createConnection contained confusing log messages. This change makes
them clearer.

Signed-off-by: Julien Gilli <julien.gilli@joyent.com>

PR-URL: #8849
Reviewed-by: Trevor Norris <trev.norris@gmail.com>