Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls, crypto: add ALPN Support #2564

Closed
wants to merge 2 commits into from
Closed

tls, crypto: add ALPN Support #2564

wants to merge 2 commits into from

Conversation

@shigeki
Copy link
Contributor

@shigeki shigeki commented Aug 26, 2015

ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client, ALPN takes precedence over NPN and the server does not send NPN extension to the client. alpnProtocol in TLSSocket always returns false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no options.ALPNProtocols exists.

Here exist all 16x3 test cases of combination of ALPN and NPN in a server and a client. Tests shows that there are some inconsistent returns in NPN between the server and the client but they are not changed for compatibility.

NPN in Chrome will be deprecated in early 2016 as in http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html so it is better to include ALPN support in Node 4.0.

R= @nodejs/crypto

@indutny
indutny reviewed Aug 26, 2015
View changes
src/node_crypto.cc Outdated
@@ -1154,6 +1163,12 @@ void SSLWrap<Base>::AddMethods(Environment* env, Handle<FunctionTemplate> t) {
env->SetProtoMethod(t, "setNPNProtocols", SetNPNProtocols);
#endif

#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
NODE_SET_PROTOTYPE_METHOD(t, "getALPNNegotiatedProtocol",

This comment has been minimized.

@indutny

indutny Aug 26, 2015
Member

What if we will always set and declare them, but just leave their implementations empty in case of absent ALPN support?

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 25, 2015
Member

@shigeki I guess you can leave the #ifdef out. I remember from the last review that it looked like it wouldn't compile with ALPN disabled but maybe I saw that wrong.

This comment has been minimized.

@shigeki

shigeki Oct 26, 2015
Author Contributor

I removed #ifdef here and fixed to have declaration to avoid compile errors and also changed NODE_SET_PROTOTYPE_METHOD macro into env->SetProtoMethod.

@indutny
indutny reviewed Aug 26, 2015
View changes
src/node_crypto.cc Outdated
reinterpret_cast<const unsigned char*>(Buffer::Data(obj));
size_t len = Buffer::Length(obj);

int status = SSL_select_next_proto(

This comment has been minimized.

@indutny

indutny Aug 26, 2015
Member

I didn't know this existed!

@indutny
indutny reviewed Aug 26, 2015
View changes
src/node_crypto.cc Outdated
int r = SSL_set_alpn_protos(w->ssl_, alpn_protos, alpn_protos_len);
assert(r == 0);
} else {
w->alpn_protos_.Reset(args.GetIsolate(), args[0].As<Object>());

This comment has been minimized.

@indutny

indutny Aug 26, 2015
Member

What do you think about allocating and copying the data instead? I think I'm mostly against using Persistent for this reasons now.

@indutny
Copy link
Member

@indutny indutny commented Aug 26, 2015

@shigeki this test is awesome, thanks! Some nits, otherwise looking good.

@shigeki shigeki added this to the 4.0.0 milestone Aug 26, 2015
@shigeki shigeki force-pushed the shigeki:alpn_support branch Aug 27, 2015
@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Aug 27, 2015

@indutny Thanks very much for your quick review. I fixed this according your comments and I also found that Test12 was wrong to be duplicated from Test11 and fixed it to the test case of Server: NPN, Client: Nothing.
CI of https://jenkins-iojs.nodesource.com/job/node-test-commit-linux/315/ is all green.
I also made h2 server tests connected from Chrome(boringSSL) and Firefox(nss) with only ALPN and ALPN/NPN and it works fine. Unfortunately I don't have MS Edge so did not test it yet.

Can I land this?

@indutny
indutny reviewed Aug 27, 2015
View changes
lib/_tls_wrap.js Outdated
@@ -951,9 +962,10 @@ exports.connect = function(/* [port, host], options, cb */) {
options.host ||
(options.socket && options.socket._host) ||
'localhost',
NPN = {},
NPN = {}, ALPN = {},

This comment has been minimized.

@indutny

indutny Aug 27, 2015
Member

Please put it on the next line.

This comment has been minimized.

@shigeki

shigeki Aug 27, 2015
Author Contributor

Okay, I will fix this.

@indutny
indutny reviewed Aug 27, 2015
View changes
src/node_crypto.cc Outdated
@@ -1972,6 +1985,91 @@ void SSLWrap<Base>::SetNPNProtocols(const FunctionCallbackInfo<Value>& args) {
}
#endif // OPENSSL_NPN_NEGOTIATED

#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
typedef struct tlsextalpnctx_st {
unsigned char *data;

This comment has been minimized.

@indutny

indutny Aug 27, 2015
Member

unsigned char* data, please. (/me wish linter will detect this one day)

This comment has been minimized.

@shigeki

shigeki Aug 27, 2015
Author Contributor

fixed.

@indutny
indutny reviewed Aug 27, 2015
View changes
src/node_crypto.cc Outdated
int r = SSL_set_alpn_protos(w->ssl_, alpn_protos, alpn_protos_len);
assert(r == 0);
} else {
w->alpn_protos_ =

This comment has been minimized.

@indutny

indutny Aug 27, 2015
Member

You'll need to keep the reference in JS land, otherwise "bad things will happen" when the buffer will be GC-ed. I'd suggest storing the reference on the context itself.

This comment has been minimized.

@shigeki

shigeki Aug 27, 2015
Author Contributor

Okay, I will fix this.

This comment has been minimized.

@shigeki

shigeki Aug 27, 2015
Author Contributor

What do you think about allocating and copying the data instead? I think I'm mostly against using Persistent for this reasons now.

Let me confirm this. Is this what you mean or another way to avoid using Persistent? Maybe I lost the point. Thanks.

@@ -2063,7 +2063,10 @@ void SSLWrap<Base>::SetALPNProtocols(
       int r = SSL_set_alpn_protos(w->ssl_, alpn_protos, alpn_protos_len);
       assert(r == 0);
     } else {
-      w->alpn_protos_.Reset(args.GetIsolate(), args[0].As<Object>());
+      w->alpn_protos_.Reset(args.GetIsolate(), Buffer::Copy(
+          w->env(),
+          reinterpret_cast<const char*>(Buffer::Data(args[0])),
+          Buffer::Length(args[0])).ToLocalChecked());
       // Server should select ALPN protocol from list of advertised by client
       SSL_CTX_set_alpn_select_cb(w->ssl_->ctx, SelectALPNCallback, nullptr);
     }

This comment has been minimized.

@indutny

indutny Aug 27, 2015
Member

Ah, I meant doing this in js:

secureContext._alpnBuffer = alpnBuffer;
secureContext.setALPNProtocols(alpnBuffer);

This way you can just use the Buffer::Data and be sure that it won't be freed while the secureContext is alive itself.

This comment has been minimized.

@shigeki

shigeki Aug 27, 2015
Author Contributor

Thanks very much, I've got it. Is this good for it?

diff --git a/lib/_tls_legacy.js b/lib/_tls_legacy.js
index 2f26c90..4686e98 100644
--- a/lib/_tls_legacy.js
+++ b/lib/_tls_legacy.js
@@ -727,7 +727,9 @@ function SecurePair(context, isServer, requestCert, rejectUnauthorized,
   }

   if (process.features.tls_alpn && options.ALPNProtocols) {
-    this.ssl.setALPNrotocols(options.ALPNProtocols);
+    // keep reference in secureContext not to be GC-ed
+    this.ssl._secureContext.alpnBuffer = options.ALPNProtocols;
+    this.ssl.setALPNrotocols(this.ssl._secureContext.alpnBuffer);
     this.alpnProtocol = null;
   }

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c7fc5b3..e1da127 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -451,8 +451,11 @@ TLSSocket.prototype._init = function(socket, wrap) {
   if (process.features.tls_npn && options.NPNProtocols)
     ssl.setNPNProtocols(options.NPNProtocols);

-  if (process.features.tls_alpn && options.ALPNProtocols)
-    ssl.setALPNProtocols(options.ALPNProtocols);
+  if (process.features.tls_alpn && options.ALPNProtocols) {
+    // keep reference in secureContext not to be GC-ed
+    ssl._secureContext.alpnBuffer = options.ALPNProtocols;
+    ssl.setALPNProtocols(ssl._secureContext.alpnBuffer);
+  }

   if (options.handshakeTimeout > 0)
     this.setTimeout(options.handshakeTimeout, this._handleTimeout);
@shigeki shigeki removed this from the 4.0.0 milestone Aug 28, 2015
@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Aug 28, 2015

The milestone was deleted not to block 4.0 release.

@indutny Sorry, I am in a vacation from today and will work on this on the next Saturday.

@rvagg rvagg force-pushed the nodejs:master branch from 11c25c2 to ba02bd0 Sep 6, 2015
@argon
Copy link
Contributor

@argon argon commented Oct 9, 2015

What's the status of this? I may have a future dependency on http2 in a project and no ALPN may be a blocker.

@shigeki shigeki force-pushed the shigeki:alpn_support branch Oct 22, 2015
@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Oct 22, 2015

In Chrome, "Disable HTTP/2 over NPN (with OpenSSL)" https://codereview.chromium.org/1387363004 was landed today. It is better to include this in 5.0

I've rebased this against the latest master and CI is https://ci.nodejs.org/job/node-test-commit/912/ . Something wrong with tests environments is on freebsd and windows and plinux test failures are tick-processor.js and test-debug-args.js that are nothing to do with this PR. Otherwise tests are green.

@indutny Your comments are included in shigeki@9625a82. LGTM?

@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Oct 22, 2015

@argon Sorry for being late. I've just update this. Thanks for patience.

@argon
Copy link
Contributor

@argon argon commented Oct 22, 2015

Thanks for the update!

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
doc/api/tls.markdown Outdated

<!-- type=misc -->

NPN (Next Protocol Negotiation) and SNI (Server Name Indication) are TLS
ALPN(Application-Layer Protocol Negotiation Extension), NPN (Next

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

Space before (.

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
doc/api/tls.markdown Outdated
protocols. (Protocols should be ordered by their priority). When
the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client.

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

s/extension/extensions/?

This comment has been minimized.

@shigeki

shigeki Oct 22, 2015
Author Contributor

In this case, only one extension of NPN is not returned so I think it is singular.

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

Then it should be 'an NPN extension' (or possibly 'the' - reads a little awkward though.)

This comment has been minimized.

@shigeki

shigeki Oct 22, 2015
Author Contributor

Thanks, I fixed it. English article is very hard for me ;-0

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
doc/api/tls.markdown Outdated
@@ -376,6 +383,12 @@ Creates a new client connection to the given `port` and `host` (old API) or
where first byte is next protocol name's length. (Passing array should
usually be much simpler: `['hello', 'world']`.)

- `ALPNProtocols`: An array of strings or `Buffer`s containing
supported ALPN protocols. `Buffer`s should have following format:

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

'the following'

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
doc/api/tls.markdown Outdated
- `ALPNProtocols`: An array of strings or `Buffer`s containing
supported ALPN protocols. `Buffer`s should have following format:
`0x05hello0x05world`, where first byte is next protocol name's
length. (Passing array should usually be much simpler:

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

'the first byte' and 'the next protocol' and 'an array'.

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
doc/api/tls.markdown Outdated
`socket.npnProtocol` is a string containing selected NPN protocol.

`socket.npnProtocol` is a string containing selected NPN protocol and
`socket.alpnProtocol` is a string containing selected ALPN, When both

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

'the selected' (2x)

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
doc/api/tls.markdown Outdated
`tlsSocket.npnProtocol` for negotiated protocol.
`tlsSocket.authorizationError`. Also if NPN or ALPN was used - you can
check `tlsSocket.npnProtocol` or `tlsSocket.alpnProtocol` for
negotiated protocol.

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

'the negotiated protocol'

@@ -453,6 +454,12 @@ TLSSocket.prototype._init = function(socket, wrap) {
if (process.features.tls_npn && options.NPNProtocols)
ssl.setNPNProtocols(options.NPNProtocols);

if (process.features.tls_alpn && options.ALPNProtocols) {
// keep reference in secureContext not to be GC-ed
ssl._secureContext.alpnBuffer = options.ALPNProtocols;

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

This may be dangerous if options.ALPNProtocols is modified by the user ex post facto?

EDIT: I mean to say, maybe you should make a copy here?

This comment has been minimized.

@shigeki

shigeki Oct 22, 2015
Author Contributor

In the case that options.ALPNProtocols is Array, it is converted to buffer of TLS vector format with tls.convertALPN. I made a fix in case that it's type is Buffer.

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 25, 2015
Member

@indutny I think you suggested this approach? Can you comment on whether this is what you had in mind?

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 25, 2015
Member

Also, why doesn't the code for NPN keep a reference? It's implemented pretty much the same way, isn't it?

This comment has been minimized.

@shigeki

shigeki Oct 26, 2015
Author Contributor

This change comes from the old comment from @indutny that

> +      w->alpn_protos_.Reset(args.GetIsolate(), args[0].As<Object>());
  What do you think about allocating and copying the data instead? I think I'm mostly against using Persistent for this reasons now.

I did not think of the reasons so much. I'm 0 for this change but I think we had better to have consistency between ALPN and NPN implementations.

@bnoordhuis
bnoordhuis reviewed Oct 22, 2015
View changes
src/node_crypto.cc Outdated
HandleScope handle_scope(env->isolate());
Context::Scope context_scope(env->context());

int status = SSL_select_next_proto((unsigned char**) out, outlen,

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

const_cast?

This comment has been minimized.

@shigeki

shigeki Oct 22, 2015
Author Contributor

The openssl api is not const as.

int SSL_select_next_proto(unsigned char **out, unsigned char *outlen .. )

This comment has been minimized.

@bnoordhuis

bnoordhuis Oct 22, 2015
Member

I realize that. My nit is about using a C-style cast instead of a C++ const_cast.

This comment has been minimized.

@shigeki

shigeki Oct 22, 2015
Author Contributor

Oops, I didn't think of it. Sorry, I fixed it in a55984128754ebcdf85b5bc49d317076141e498e and will make squash later.

shigeki pushed a commit that referenced this pull request Oct 26, 2015
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: #2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
shigeki pushed a commit that referenced this pull request Oct 26, 2015
This fix is to be consistent implementation with ALPN. Tow NPN
protocol data in the persistent memebers move to hidden variables in
the wrap object.

PR-URL: #2564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Oct 26, 2015

Landed 802a2e7 and 7eee372 on master. Sorry for confusion.

shigeki pushed a commit that referenced this pull request Oct 26, 2015
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: #2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
shigeki pushed a commit that referenced this pull request Oct 26, 2015
This fix is to be consistent implementation with ALPN. Tow NPN
protocol data in the persistent memebers move to hidden variables in
the wrap object.

PR-URL: #2564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
rvagg added a commit to rvagg/io.js that referenced this pull request Oct 29, 2015
Notable changes:

* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
  these have been deprecated for a long time (Sakthipriyan Vairamani) nodejs#2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
  accuracy added (Michaël Zasso) nodejs#3166.
* fs:
  - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
    descriptor as their first argument (Johannes Wüller) nodejs#3163.
  - (Breaking) In fs.readFile(), if an encoding is specified and the internal
    toString() fails the error is no longer thrown but is passed to the callback
    (Evan Lucas) nodejs#3485.
  - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
    callback) form), if the internal toString() fails the error is no longer
    thrown but is passed to the callback (Evan Lucas) nodejs#3503.
* http:
  - Fixed a bug where pipelined http requests would stall (Fedor Indutny) nodejs#3342.
  - (Breaking) When parsing HTTP, don't add duplicates of the following headers:
    Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
    to the following headers which already block duplicates: Content-Type,
    Content-Length, User-Agent, Referer, Host, Authorization,
    Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
    Max-Forwards (James M Snell) nodejs#3090.
  - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
    function or a TypeError is thrown (James M Snell) nodejs#3090.
  - (Breaking) HTTP methods and header names must now conform to the RFC 2616
    "token" rule, a list of allowed characters that excludes control characters
    and a number of separator characters. Specifically, methods and header names
    must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
    (James M Snell) nodejs#2526.
* node:
  - (Breaking) Deprecated the _linklist module (Rich Trott) nodejs#3078.
  - (Breaking) Removed require.paths and require.registerExtension(), both had
    been previously set to throw Error when accessed
    (Sakthipriyan Vairamani) nodejs#2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
  https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
  major version bump for npm and it has seen a significant amount of change.
  Please see the original npm v3.0.0 release notes for a list of major changes
  (Rebecca Turner) nodejs#3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
  due to the V8 upgrade. Native add-ons will need to be recompiled
  (Rod Vagg) nodejs#3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
  a long-standing known issue where unrefed timers would perviously hold
  beforeExit open (Fedor Indutny) nodejs#3407.
* tls:
  - Added ALPN Support (Shigeki Ohtsu) nodejs#2564.
  - TLS options can now be passed in an object to createSecurePair()
    (Коренберг Марк) nodejs#2441.
  - (Breaking) The default minimum DH key size for tls.connect() is now 1024
    bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
    option can be used to override the default. (Shigeki Ohtsu) nodejs#1831.
* util:
  - (Breaking) util.p() was deprecated for years, and has now been removed
    (Wyatt Preul) nodejs#3432.
  - (Breaking) util.inherits() can now work with ES6 classes. This is considered
    a breaking change because of potential subtle side-effects caused by a
    change from directly reassigning the prototype of the constructor using
    `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
    to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
    (Michaël Zasso) nodejs#3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) nodejs#3351.
  - Implements the spread operator, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
    for further information.
  - Implements new.target, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
    for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
  file) (Yuval Brik) nodejs#2595.

PR-URL: nodejs#3466
rvagg added a commit that referenced this pull request Oct 29, 2015
Notable changes:

* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
  these have been deprecated for a long time (Sakthipriyan Vairamani) #2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
  accuracy added (Michaël Zasso) #3166.
* fs:
  - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
    descriptor as their first argument (Johannes Wüller) #3163.
  - (Breaking) In fs.readFile(), if an encoding is specified and the internal
    toString() fails the error is no longer thrown but is passed to the callback
    (Evan Lucas) #3485.
  - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
    callback) form), if the internal toString() fails the error is no longer
    thrown but is passed to the callback (Evan Lucas) #3503.
* http:
  - Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
  - (Breaking) When parsing HTTP, don't add duplicates of the following headers:
    Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
    to the following headers which already block duplicates: Content-Type,
    Content-Length, User-Agent, Referer, Host, Authorization,
    Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
    Max-Forwards (James M Snell) #3090.
  - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
    function or a TypeError is thrown (James M Snell) #3090.
  - (Breaking) HTTP methods and header names must now conform to the RFC 2616
    "token" rule, a list of allowed characters that excludes control characters
    and a number of separator characters. Specifically, methods and header names
    must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
    (James M Snell) #2526.
* node:
  - (Breaking) Deprecated the _linklist module (Rich Trott) #3078.
  - (Breaking) Removed require.paths and require.registerExtension(), both had
    been previously set to throw Error when accessed
    (Sakthipriyan Vairamani) #2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
  https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
  major version bump for npm and it has seen a significant amount of change.
  Please see the original npm v3.0.0 release notes for a list of major changes
  (Rebecca Turner) #3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
  due to the V8 upgrade. Native add-ons will need to be recompiled
  (Rod Vagg) #3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
  a long-standing known issue where unrefed timers would perviously hold
  beforeExit open (Fedor Indutny) #3407.
* tls:
  - Added ALPN Support (Shigeki Ohtsu) #2564.
  - TLS options can now be passed in an object to createSecurePair()
    (Коренберг Марк) #2441.
  - (Breaking) The default minimum DH key size for tls.connect() is now 1024
    bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
    option can be used to override the default. (Shigeki Ohtsu) #1831.
* util:
  - (Breaking) util.p() was deprecated for years, and has now been removed
    (Wyatt Preul) #3432.
  - (Breaking) util.inherits() can now work with ES6 classes. This is considered
    a breaking change because of potential subtle side-effects caused by a
    change from directly reassigning the prototype of the constructor using
    `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
    to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
    (Michaël Zasso) #3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
  - Implements the spread operator, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
    for further information.
  - Implements new.target, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
    for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
  file) (Yuval Brik) #2595.

PR-URL: #3466
@bnoordhuis bnoordhuis mentioned this pull request Nov 2, 2015
@MylesBorins MylesBorins mentioned this pull request Jan 6, 2017
9 of 9 tasks complete
@MylesBorins
Copy link
Member

@MylesBorins MylesBorins commented Jan 14, 2017

@nodejs/crypto I attempted a backport of this but all the tests blew up. This is touching far too much code for me to comfortable backport. Would someone be able to get a one in next week?

@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Jan 14, 2017

Okay, I can work it next week.

@shigeki
Copy link
Contributor Author

@shigeki shigeki commented Jan 16, 2017

@MylesBorins I've just submitted the PR of #10831 .

MylesBorins added a commit that referenced this pull request Jan 19, 2017
cherry-pick 802a2e7 from v6-staging.

ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: #2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins added a commit that referenced this pull request Jan 19, 2017
cherry-pick 7eee372 from v6-staging.

This fix is to be consistent implementation with ALPN. Tow NPN
protocol data in the persistent memebers move to hidden variables in
the wrap object.

PR-URL: #2564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins added a commit that referenced this pull request Jan 24, 2017
cherry-pick 802a2e7 from v6-staging.

ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: #2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins added a commit that referenced this pull request Jan 24, 2017
cherry-pick 7eee372 from v6-staging.

This fix is to be consistent implementation with ALPN. Tow NPN
protocol data in the persistent memebers move to hidden variables in
the wrap object.

PR-URL: #2564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@MylesBorins MylesBorins mentioned this pull request Jan 24, 2017
MylesBorins added a commit that referenced this pull request Feb 1, 2017
cherry-pick 802a2e7 from v6-staging.

ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: #2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins added a commit that referenced this pull request Feb 1, 2017
cherry-pick 7eee372 from v6-staging.

This fix is to be consistent implementation with ALPN. Tow NPN
protocol data in the persistent memebers move to hidden variables in
the wrap object.

PR-URL: #2564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins added a commit that referenced this pull request Feb 21, 2017
Notable Changes:

* child_process: add shell option to spawn() (cjihrig)
  #4598
* crypto:
  * add ALPN Support (Shigeki Ohtsu)
    #2564
  * allow adding extra certs to well-known CAs (Sam Roberts)
    #9139
* deps:
  * v8: expose statistics about heap spaces (Ben Ripkens)
    #4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
  #5333
* process:
  * add `externalMemory` to `process` (Fedor Indutny)
    #9587
  * add process.cpuUsage() (Patrick Mueller)
    #10796
MylesBorins added a commit that referenced this pull request Feb 22, 2017
Notable Changes:

* child_process: add shell option to spawn() (cjihrig)
  #4598
* crypto:
  * add ALPN Support (Shigeki Ohtsu)
    #2564
  * allow adding extra certs to well-known CAs (Sam Roberts)
    #9139
* deps:
  * v8: expose statistics about heap spaces (Ben Ripkens)
    #4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
  #5333
* process:
  * add `externalMemory` to `process` (Fedor Indutny)
    #9587
  * add process.cpuUsage() (Patrick Mueller)
    #10796

PR-URL: #10973
imyller added a commit to imyller/meta-nodejs that referenced this pull request Mar 2, 2017
    Notable Changes:

    * child_process: add shell option to spawn() (cjihrig)
      nodejs/node#4598
    * crypto:
      * add ALPN Support (Shigeki Ohtsu)
        nodejs/node#2564
      * allow adding extra certs to well-known CAs (Sam Roberts)
        nodejs/node#9139
    * deps:
      * v8: expose statistics about heap spaces (Ben Ripkens)
        nodejs/node#4463
    * fs: add the fs.mkdtemp() function. (Florian MARGAINE)
      nodejs/node#5333
    * process:
      * add `externalMemory` to `process` (Fedor Indutny)
        nodejs/node#9587
      * add process.cpuUsage() (Patrick Mueller)
        nodejs/node#10796

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
imyller added a commit to imyller/meta-nodejs that referenced this pull request Mar 2, 2017
    Notable Changes:

    * child_process: add shell option to spawn() (cjihrig)
      nodejs/node#4598
    * crypto:
      * add ALPN Support (Shigeki Ohtsu)
        nodejs/node#2564
      * allow adding extra certs to well-known CAs (Sam Roberts)
        nodejs/node#9139
    * deps:
      * v8: expose statistics about heap spaces (Ben Ripkens)
        nodejs/node#4463
    * fs: add the fs.mkdtemp() function. (Florian MARGAINE)
      nodejs/node#5333
    * process:
      * add `externalMemory` to `process` (Fedor Indutny)
        nodejs/node#9587
      * add process.cpuUsage() (Patrick Mueller)
        nodejs/node#10796

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants
You can’t perform that action at this time.