tls: allow obvious key/passphrase combinations #10294
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
c++
Fishrock123
added
the
semver-minor
|
Sounds like a feature add? |
|
/to @shigeki @indutny @bnoordhuis @silverwind @mscdex @silverwind Yes, its semver-minor, I forgot the label. Why does the nodejs-github-bot say not to land it on 7.x? |
|
I was told the dont-land label is just a bug in the bot, I removed it. |
|
This doesn't land cleanly on v7.x. That is why the bot labeled it. |
bnoordhuis
approved these changes
Dec 19, 2016
| cert: cert, | ||
| rejectUnauthorized: false | ||
| }); | ||
| }, /bad password read/); |
There was a problem hiding this comment.
Duplicate of the preceding test?
There was a problem hiding this comment.
good catch, thank you.
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
sam-github
force-pushed
the
complete-key-passphrase-support
branch
from
84ba0f1
to
73ad15a
Compare
sam-github
added a commit
that referenced
this pull request
Dec 19, 2016
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: #10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
Landed in 0b44384 |
cjihrig
pushed a commit
to cjihrig/node
that referenced
this pull request
Dec 20, 2016
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: nodejs#10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Merged
cjihrig
added a commit
to cjihrig/node
that referenced
this pull request
Dec 20, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) nodejs#9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
nodejs#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
nodejs#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
nodejs#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) nodejs#9484
PR-URL: nodejs#10277
cjihrig
added a commit
to cjihrig/node
that referenced
this pull request
Dec 20, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) nodejs#9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
nodejs#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
nodejs#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
nodejs#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) nodejs#9484
PR-URL: nodejs#10277
cjihrig
pushed a commit
that referenced
this pull request
Dec 20, 2016
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: #10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cjihrig
added a commit
that referenced
this pull request
Dec 20, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) #9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) #9484
PR-URL: #10277
imyller
added a commit
to imyller/meta-nodejs
that referenced
this pull request
Dec 21, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) nodejs/node#9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs/node#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
nodejs/node#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Bohlmark)
nodejs/node#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs/node#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
nodejs/node#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) nodejs/node#9484
PR-URL: nodejs/node#10277
Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
|
@MylesBorins this should land on v6.x |
31 tasks
MylesBorins
pushed a commit
that referenced
this pull request
May 16, 2017
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: #10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins
pushed a commit
that referenced
this pull request
May 18, 2017
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: #10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Merged
MylesBorins
added a commit
that referenced
this pull request
Jun 6, 2017
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.
Notable Changes:
* build:
- support for building mips64el (nanxiongchao)
#10991
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
#10019
* crypto:
- ability to select cert store at runtime (Adam Majer)
#8334
- Use system CAs instead of using bundled ones (Adam Majer)
#8334
- The `Decipher` methods `setAuthTag()` and `setAAD` now return
`this`. (Kirill Fomichev)
#9398
- adding support for OPENSSL_CONF again (Sam Roberts)
#11006
- make LazyTransform compabile with Streams1 (Matteo Collina)
#12380
* deps:
- upgrade libuv to 1.11.0 (cjihrig)
#11094
- upgrade libuv to 1.10.2 (cjihrig)
#10717
- upgrade libuv to 1.10.1 (cjihrig)
#9647
- upgrade libuv to 1.10.0 (cjihrig)
#9267
* dns:
- Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
(Ben Noordhuis)
#9296
* process:
- add NODE_NO_WARNINGS environment variable (cjihrig)
#10842
* readline:
- add option to stop duplicates in history (Danny Nemer)
#2982
* src:
- support "--" after "-e" as end-of-options (John Barboza)
#10651
* tls:
- new tls.TLSSocket() supports sec ctx options (Sam Roberts)
#11005
- Allow obvious key/passphrase combinations. (Sam Roberts)
#10294
PR-URL: #13059
MylesBorins
added a commit
that referenced
this pull request
Jun 6, 2017
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.
Notable Changes:
* build:
- support for building mips64el (nanxiongchao)
#10991
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
#10019
* crypto:
- ability to select cert store at runtime (Adam Majer)
#8334
- Use system CAs instead of using bundled ones (Adam Majer)
#8334
- The `Decipher` methods `setAuthTag()` and `setAAD` now return
`this`. (Kirill Fomichev)
#9398
- adding support for OPENSSL_CONF again (Sam Roberts)
#11006
- make LazyTransform compabile with Streams1 (Matteo Collina)
#12380
* deps:
- upgrade libuv to 1.11.0 (cjihrig)
#11094
- upgrade libuv to 1.10.2 (cjihrig)
#10717
- upgrade libuv to 1.10.1 (cjihrig)
#9647
- upgrade libuv to 1.10.0 (cjihrig)
#9267
* dns:
- Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
(Ben Noordhuis)
#9296
* process:
- add NODE_NO_WARNINGS environment variable (cjihrig)
#10842
* readline:
- add option to stop duplicates in history (Danny Nemer)
#2982
* src:
- support "--" after "-e" as end-of-options (John Barboza)
#10651
* tls:
- new tls.TLSSocket() supports sec ctx options (Sam Roberts)
#11005
- Allow obvious key/passphrase combinations. (Sam Roberts)
#10294
PR-URL: #13059
andrew749
pushed a commit
to michielbaird/node
that referenced
this pull request
Jul 19, 2017
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: nodejs/node#10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
andrew749
pushed a commit
to michielbaird/node
that referenced
this pull request
Jul 19, 2017
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.
Notable Changes:
* build:
- support for building mips64el (nanxiongchao)
nodejs/node#10991
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs/node#10019
* crypto:
- ability to select cert store at runtime (Adam Majer)
nodejs/node#8334
- Use system CAs instead of using bundled ones (Adam Majer)
nodejs/node#8334
- The `Decipher` methods `setAuthTag()` and `setAAD` now return
`this`. (Kirill Fomichev)
nodejs/node#9398
- adding support for OPENSSL_CONF again (Sam Roberts)
nodejs/node#11006
- make LazyTransform compabile with Streams1 (Matteo Collina)
nodejs/node#12380
* deps:
- upgrade libuv to 1.11.0 (cjihrig)
nodejs/node#11094
- upgrade libuv to 1.10.2 (cjihrig)
nodejs/node#10717
- upgrade libuv to 1.10.1 (cjihrig)
nodejs/node#9647
- upgrade libuv to 1.10.0 (cjihrig)
nodejs/node#9267
* dns:
- Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
(Ben Noordhuis)
nodejs/node#9296
* process:
- add NODE_NO_WARNINGS environment variable (cjihrig)
nodejs/node#10842
* readline:
- add option to stop duplicates in history (Danny Nemer)
nodejs/node#2982
* src:
- support "--" after "-e" as end-of-options (John Barboza)
nodejs/node#10651
* tls:
- new tls.TLSSocket() supports sec ctx options (Sam Roberts)
nodejs/node#11005
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs/node#10294
PR-URL: nodejs/node#13059
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
make -j4 test(UNIX), orvcbuild test nosign(Windows) passesAffected core subsystem(s)
tls
Description of change
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]