New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: allow --tls-cipher-list in NODE_OPTIONS #13172

Merged
merged 1 commit into from May 25, 2017

Conversation

Projects
None yet
9 participants
@sam-github
Member

sam-github commented May 23, 2017

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)
src, tls

@sam-github sam-github added the tls label May 23, 2017

@refack

This comment has been minimized.

Show comment
Hide comment
@refack
Member

refack commented May 23, 2017

@sam-github

This comment has been minimized.

Show comment
Hide comment
@sam-github

sam-github May 23, 2017

Member

@refack My update and your noticing the miss passed on the wire :-)

Member

sam-github commented May 23, 2017

@refack My update and your noticing the miss passed on the wire :-)

@mscdex mscdex added the cli label May 23, 2017

@mhdawson

LGTM

@refack

refack approved these changes May 24, 2017

😄

@sam-github

This comment has been minimized.

Show comment
Hide comment
@sam-github

This comment has been minimized.

Show comment
Hide comment
@sam-github

sam-github May 25, 2017

Member

@nodejs/build FIPS failure is unrelated, but reproduceable and genuine, from https://ci.nodejs.org/job/node-test-commit-linux-fips/8660/nodes=ubuntu1404-64/console:

+ curl -LO https://openssl.org/source/openssl-fips-2.0.9.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
100   342  100   342    0     0    126      0  0:00:02  0:00:02 --:--:--   126

100  4239  100  4239    0     0   1218      0  0:00:03  0:00:03 --:--:--  1218
+ gunzip openssl-fips-2.0.9.tar.gz

gzip: openssl-fips-2.0.9.tar.gz: not in gzip format

I did this locally, the file isn't tgz, it is

<!DOCTYPE html>
<html lang="en">
<!-- head.inc -->
  <title>
  /err404.html
  </title>
  <meta charset="utf-8">
  <meta name="author" content="OpenSSL Foundation, Inc.">
...

What's up?

Member

sam-github commented May 25, 2017

@nodejs/build FIPS failure is unrelated, but reproduceable and genuine, from https://ci.nodejs.org/job/node-test-commit-linux-fips/8660/nodes=ubuntu1404-64/console:

+ curl -LO https://openssl.org/source/openssl-fips-2.0.9.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
100   342  100   342    0     0    126      0  0:00:02  0:00:02 --:--:--   126

100  4239  100  4239    0     0   1218      0  0:00:03  0:00:03 --:--:--  1218
+ gunzip openssl-fips-2.0.9.tar.gz

gzip: openssl-fips-2.0.9.tar.gz: not in gzip format

I did this locally, the file isn't tgz, it is

<!DOCTYPE html>
<html lang="en">
<!-- head.inc -->
  <title>
  /err404.html
  </title>
  <meta charset="utf-8">
  <meta name="author" content="OpenSSL Foundation, Inc.">
...

What's up?

@gibfahn

This comment has been minimized.

Show comment
Hide comment
@gibfahn

gibfahn May 25, 2017

Member

Looks like the URL has changed from:

https://www.openssl.org/source/openssl-fips-2.0.9.tar.gz to
https://www.openssl.org/source/old/fips/openssl-fips-2.0.9.tar.gz

Not sure that is the correct new link, maybe @mhdawson can confirm?

Member

gibfahn commented May 25, 2017

Looks like the URL has changed from:

https://www.openssl.org/source/openssl-fips-2.0.9.tar.gz to
https://www.openssl.org/source/old/fips/openssl-fips-2.0.9.tar.gz

Not sure that is the correct new link, maybe @mhdawson can confirm?

@sam-github

This comment has been minimized.

Show comment
Hide comment
@sam-github

sam-github May 25, 2017

Member

It seems not coincidental that this happened about when OpenSSL released:

https://www.openssl.org/source/ shows a new FIPS 2.0.13, and 2.0.9 has been shuffled to a new location. This is annoying, perhaps we can bring the lack of stable URLs up with OpenSSL? New location:

% curl -LO https://openssl.org/source/old/fips/openssl-fips-2.0.9.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   351  100   351    0     0    323      0  0:00:01  0:00:01 --:--:--   323
100 1391k  100 1391k    0     0   388k      0  0:00:03  0:00:03 --:--:-- 1022k
core/tls-node (env-ciphersuites $ u=) % file openssl-fips-2.0.9.tar.gz
openssl-fips-2.0.9.tar.gz: gzip compressed data, last modified: Sat Oct 25 12:37:15 2014, max compression, from Unix
Member

sam-github commented May 25, 2017

It seems not coincidental that this happened about when OpenSSL released:

https://www.openssl.org/source/ shows a new FIPS 2.0.13, and 2.0.9 has been shuffled to a new location. This is annoying, perhaps we can bring the lack of stable URLs up with OpenSSL? New location:

% curl -LO https://openssl.org/source/old/fips/openssl-fips-2.0.9.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   351  100   351    0     0    323      0  0:00:01  0:00:01 --:--:--   323
100 1391k  100 1391k    0     0   388k      0  0:00:03  0:00:03 --:--:-- 1022k
core/tls-node (env-ciphersuites $ u=) % file openssl-fips-2.0.9.tar.gz
openssl-fips-2.0.9.tar.gz: gzip compressed data, last modified: Sat Oct 25 12:37:15 2014, max compression, from Unix
src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: #13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

@sam-github sam-github merged commit b659385 into nodejs:master May 25, 2017

jasnell added a commit that referenced this pull request May 25, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: #13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

@sam-github sam-github deleted the sam-github:env-ciphersuites branch May 26, 2017

jasnell added a commit that referenced this pull request May 28, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: #13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

@jasnell jasnell referenced this pull request May 28, 2017

Closed

8.0.0 Release Proposal #12220

@sam-github

This comment has been minimized.

Show comment
Hide comment
@sam-github
Member

sam-github commented May 30, 2017

See #12677

@gibfahn gibfahn referenced this pull request Jun 15, 2017

Closed

Auditing for 6.11.1 #230

2 of 3 tasks complete

sam-github added a commit to sam-github/node that referenced this pull request Jul 10, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
@MylesBorins

This comment has been minimized.

Show comment
Hide comment
@MylesBorins

MylesBorins Jul 17, 2017

Member

Should this not have been semver minor?

Member

MylesBorins commented Jul 17, 2017

Should this not have been semver minor?

@sam-github

This comment has been minimized.

Show comment
Hide comment
@sam-github

sam-github Jul 17, 2017

Member

yes, semver minor

Member

sam-github commented Jul 17, 2017

yes, semver minor

sam-github added a commit to sam-github/node that referenced this pull request Jul 24, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Jul 24, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Sep 25, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Sep 25, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Oct 5, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Oct 10, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Oct 10, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Oct 10, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

sam-github added a commit to sam-github/node that referenced this pull request Oct 11, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
PR-URL: nodejs#13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

MylesBorins added a commit that referenced this pull request Oct 16, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
Backport-PR-URL: #12677
PR-URL: #13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

@MylesBorins MylesBorins referenced this pull request Oct 17, 2017

Merged

v6.12.0 proposal #16263

MylesBorins added a commit that referenced this pull request Oct 25, 2017

src: allow --tls-cipher-list in NODE_OPTIONS
Backport-PR-URL: #12677
PR-URL: #13172
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>

@MylesBorins MylesBorins referenced this pull request Nov 3, 2017

Merged

v4.8.6 proposal #16500

MylesBorins added a commit that referenced this pull request Nov 6, 2017

2017-11-07, Version 6.12.0 'Boron' (LTS)
Notable Changes:

* assert:
  - assert.fail() can now take one or two arguments (Rich Trott)
    #12293
* crypto:
  - add sign/verify support for RSASSA-PSS (Tobias Nießen)
    #11705
* deps:
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
    #16691
  - upgrade libuv to 1.15.0 (cjihrig)
    #15745
  - upgrade libuv to 1.14.1 (cjihrig)
    #14866
  - upgrade libuv to 1.13.1 (cjihrig)
    #14117
  - upgrade libuv to 1.12.0 (cjihrig)
    #13306
* fs:
  - Add support for fs.write/fs.writeSync(fd, buffer, cb) and
    fs.write/fs.writeSync(fd, buffer, offset, cb) as documented
    (Andreas Lind) #7856
* inspector:
  - enable --inspect-brk (Refael Ackermann)
    #12615
* process:
  - add --redirect-warnings command line argument (James M Snell)
    #10116
* src:
  - allow CLI args in env with NODE_OPTIONS (Sam Roberts)
    #12028)
  - --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts)
    #13932
  - allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts)
    #13172
  - use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts)
    #12677
* test:
  - remove common.fail() (Rich Trott)
    #12293

PR-URL: #16263

MylesBorins added a commit that referenced this pull request Nov 7, 2017

2017-11-07, Version 6.12.0 'Boron' (LTS)
Notable Changes:

* assert:
  - assert.fail() can now take one or two arguments (Rich Trott)
    #12293
* crypto:
  - add sign/verify support for RSASSA-PSS (Tobias Nießen)
    #11705
* deps:
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
    #16691
  - upgrade libuv to 1.15.0 (cjihrig)
    #15745
  - upgrade libuv to 1.14.1 (cjihrig)
    #14866
  - upgrade libuv to 1.13.1 (cjihrig)
    #14117
  - upgrade libuv to 1.12.0 (cjihrig)
    #13306
* fs:
  - Add support for fs.write/fs.writeSync(fd, buffer, cb) and
    fs.write/fs.writeSync(fd, buffer, offset, cb) as documented
    (Andreas Lind) #7856
* inspector:
  - enable --inspect-brk (Refael Ackermann)
    #12615
* process:
  - add --redirect-warnings command line argument (James M Snell)
    #10116
* src:
  - allow CLI args in env with NODE_OPTIONS (Sam Roberts)
    #12028)
  - --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts)
    #13932
  - allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts)
    #13172
  - use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts)
    #12677
* test:
  - remove common.fail() (Rich Trott)
    #12293

PR-URL: #16263

msoechting added a commit to hpicgs/node that referenced this pull request Feb 7, 2018

2017-11-07, Version 6.12.0 'Boron' (LTS)
Notable Changes:

* assert:
  - assert.fail() can now take one or two arguments (Rich Trott)
    nodejs#12293
* crypto:
  - add sign/verify support for RSASSA-PSS (Tobias Nießen)
    nodejs#11705
* deps:
  - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu)
    nodejs#16691
  - upgrade libuv to 1.15.0 (cjihrig)
    nodejs#15745
  - upgrade libuv to 1.14.1 (cjihrig)
    nodejs#14866
  - upgrade libuv to 1.13.1 (cjihrig)
    nodejs#14117
  - upgrade libuv to 1.12.0 (cjihrig)
    nodejs#13306
* fs:
  - Add support for fs.write/fs.writeSync(fd, buffer, cb) and
    fs.write/fs.writeSync(fd, buffer, offset, cb) as documented
    (Andreas Lind) nodejs#7856
* inspector:
  - enable --inspect-brk (Refael Ackermann)
    nodejs#12615
* process:
  - add --redirect-warnings command line argument (James M Snell)
    nodejs#10116
* src:
  - allow CLI args in env with NODE_OPTIONS (Sam Roberts)
    nodejs#12028)
  - --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts)
    nodejs#13932
  - allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts)
    nodejs#13172
  - use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts)
    nodejs#12677
* test:
  - remove common.fail() (Rich Trott)
    nodejs#12293

PR-URL: nodejs#16263
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment