Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
error. We should figure out how to geenrate platform specific implementation
of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.
This patch is taken from Chromium.
ASN1_STRING_to_UTF8() passes an ASN1_STRING to ASN1_STRING_set() but
forgot to initialize the `length` field.
Fixes the following valgrind error:
$ valgrind -q --track-origins=yes --num-callers=19 \
out/Debug/node test/simple/test-tls-client-abort.js
==2690== Conditional jump or move depends on uninitialised value(s)
==2690== at 0x784B69: ASN1_STRING_set (asn1_lib.c:382)
==2690== by 0x809564: ASN1_mbstring_ncopy (a_mbstr.c:204)
==2690== by 0x8090F0: ASN1_mbstring_copy (a_mbstr.c:86)
==2690== by 0x782F1F: ASN1_STRING_to_UTF8 (a_strex.c:570)
==2690== by 0x78F090: asn1_string_canon (x_name.c:409)
==2690== by 0x78EF17: x509_name_canon (x_name.c:354)
==2690== by 0x78EA7D: x509_name_ex_d2i (x_name.c:210)
==2690== by 0x788058: ASN1_item_ex_d2i (tasn_dec.c:239)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x787C93: ASN1_item_d2i (tasn_dec.c:136)
==2690== by 0x78F5E4: d2i_X509 (x_x509.c:141)
==2690== by 0x7C9B91: PEM_ASN1_read_bio (pem_oth.c:81)
==2690== by 0x7CA506: PEM_read_bio_X509 (pem_x509.c:67)
==2690== by 0x703C9A: node::crypto::SecureContext::AddRootCerts(v8::Arguments const&) (node_crypto.cc:497)
==2690== Uninitialised value was created by a stack allocation
==2690== at 0x782E89: ASN1_STRING_to_UTF8 (a_strex.c:560)
There are many symbolic links under /etc/ssl/certs created by using hash of
the pem certificates in order for OpenSSL to find those certificate.
Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
However the new openssl changed the hash algorithm, Unless you compile/install
the latest openssl library and re-create all related symbolic links, the new
openssl can not find some certificates because the links of those certificates
were created by using old hash algorithm, which causes some tests failed.
This patch gives a way to find a certificate according to its hash by using both
new algorithm and old algorithm.
crbug.com/111045 is used to track this issue.
This patch is taken from the Chromium project.
Enables SSL3+ clients to send application data immediately following the
Finished message even when negotiating full-handshakes. With this patch,
clients can negotiate SSL connections in 1-RTT even when performing
full-handshakes.
This patch is taken from the Android Open Source Project.
SSL records may be as large as 16K, but are typically < 2K. In
addition, a historic bug in Windows allowed records to be as large
32K. OpenSSL statically allocates read and write buffers (34K and
18K respectively) used for processing records.
With this patch, OpenSSL statically allocates 4K + 4K buffers, with
the option of dynamically growing buffers to 34K + 4K, which is a
saving of 44K per connection for the typical case.
This patch is taken from the Android Open Source Project.
Removed NO_CAST, NO_MD2 and NO_STORE because otherwise there were build errors.
Added NO_CAMELLIA, NO_MDC2, and NO_CMS because otherwise there were linker errors.
ASN1_STRING_to_UTF8() passes an ASN1_STRING to ASN1_STRING_set() but forgot to
initialize the `length` field.
Fixes the following valgrind error:
$ valgrind -q --track-origins=yes --num-callers=19 \
out/Debug/node test/simple/test-tls-client-abort.js
==2690== Conditional jump or move depends on uninitialised value(s)
==2690== at 0x784B69: ASN1_STRING_set (asn1_lib.c:382)
==2690== by 0x809564: ASN1_mbstring_ncopy (a_mbstr.c:204)
==2690== by 0x8090F0: ASN1_mbstring_copy (a_mbstr.c:86)
==2690== by 0x782F1F: ASN1_STRING_to_UTF8 (a_strex.c:570)
==2690== by 0x78F090: asn1_string_canon (x_name.c:409)
==2690== by 0x78EF17: x509_name_canon (x_name.c:354)
==2690== by 0x78EA7D: x509_name_ex_d2i (x_name.c:210)
==2690== by 0x788058: ASN1_item_ex_d2i (tasn_dec.c:239)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x787C93: ASN1_item_d2i (tasn_dec.c:136)
==2690== by 0x78F5E4: d2i_X509 (x_x509.c:141)
==2690== by 0x7C9B91: PEM_ASN1_read_bio (pem_oth.c:81)
==2690== by 0x7CA506: PEM_read_bio_X509 (pem_x509.c:67)
==2690== by 0x703C9A: node::crypto::SecureContext::AddRootCerts(v8::Arguments const&) (node_crypto.cc:497)
==2690== Uninitialised value was created by a stack allocation
==2690== at 0x782E89: ASN1_STRING_to_UTF8 (a_strex.c:560)
* valgrind complained too much about memory leaks from the V8 heap to be
useful, run it with --leak-check=no. Not ideal, needs to be revisited,
preferably with a suppression file.
* tools/run-valgrind.py didn't deal with tests that logged to stderr, rewrite
the heuristic and make valgrind write to a socket instead of stderr.
Fixes#3869.
Compile at -O2 and disable optimizations that trigger gcc bugs.
Some people still reported mksnapshot crashes after commit b40f813 ("build: fix
spurious mksnapshot crashes for good" - so much for that).
Average performance of the -O2 binary is on par with the -O3 binary. Variance
on the http_simple bytes/8 benchmark appears to be slightly greater but small
enough that the possibly of it being noise cannot be excluded.
The new binary very slightly but consistently outperforms the -O3 binary (by
about 0.5%) on the mostly CPU-bound bytes/102400 benchmark. That could be an
artifact of the system I benchmarked it on, a Core 2 Duo with a puny 32 kB of
L1 instruction cache. The smaller binary seems to play nicer with the cache.
Support for parallel use of the cache folder
Retry on registry timeouts or network failures
Reduce 'engines' failures to a warning
Use new zsh completion if aviailable
The v8 team apparently decided that all build products should go
into ./build/«type», and updated their common.gypi file to do so.
Unfortunately v8's common.gypi is only used for some targets. All
the other targets would still look in the old place to find their
their dependencies, which effectively broke the build.
In the long run it would be good for node to send all build
output to ./build too, on all platforms.
The old error handling code checked if the return value of Socket::Send() != 0,
which is wrong because Socket::Send() can write less bytes than requested or
return -1 on error.
The v8 team apparently decided that all build products should go
into ./build/«type», and updated their common.gypi file to do so.
Unfortunately v8's common.gypi is only used for some targets. All
the other targets would still look in the old place to find their
their dependencies, which effectively broke the build.
In the long run it would be good for node to send all build
output to ./build too, on all platforms.
Conflicts:
deps/v8/build/common.gypi
The old error handling code checked if the return value of Socket::Send() != 0,
which is wrong because Socket::Send() can write less bytes than requested or
return -1 on error.
The v8 team apparently decided that all build products should go
into ./build/«type», and updated their common.gypi file to do so.
Unfortunately v8's common.gypi is only used for some targets. All
the other targets would still look in the old place to find their
their dependencies, which effectively broke the build.
In the long run it would be good for node to send all build
output to ./build too, on all platforms.
The old error handling code checked if the return value of Socket::Send() != 0,
which is wrong because Socket::Send() can write less bytes than requested or
return -1 on error.
Bert Belder
Ben Noordhuis
isaacs
Fedor Indutny
Nathan Rajlich
verwaest@chromium.org
jkummerow@chromium.org
erik.corry@gmail.com
danno@chromium.org
mstarzinger@chromium.org
yangguo@chromium.org