daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,494 Commits
54 Branches
866 Tags
2 GiB
Commit Graph

185 Commits (6327d67be3a939b1ce6ac8541504b1f6fc338fd9)

Author SHA1 Message Date
Fedor Indutny 92e7433ff9 tls: fix 'hostless' tls connection verification 
And fix last failing tests
 2012-07-20 21:48:59 +04:00
Fedor Indutny 50122fed8a tls: fix 'hostless' tls connection verification 
And fix last failing tests
 2012-07-20 21:43:12 +04:00
Fedor Indutny 93d496a4ec tls: revert accidental API change 
socket.authorizationError should always be string. Also make sni test
pass.
 2012-07-20 21:13:54 +04:00
Fedor Indutny 5950db197c tls: revert accidental API change 
socket.authorizationError should always be string. Also make sni test
pass.
 2012-07-20 21:10:23 +04:00
Fedor Indutny 4aa09d1e0e tls: localhost is valid against identity-check 2012-07-20 20:51:38 +04:00
Fedor Indutny 0cf235410d tls: localhost is valid against identity-check 2012-07-20 20:47:05 +04:00
Fedor Indutny eb2ca10462 tls: veryify server's identity 2012-07-20 01:49:31 +04:00
Fedor Indutny 8ba189b8d3 tls: veryify server's identity 2012-07-20 00:53:36 +04:00
isaacs 3ad07ed0b8 lint 2012-07-11 17:46:28 -07:00
isaacs 424cd5a020 Merge remote-tracking branch 'ry/v0.8' into v0.8-merge 
Conflicts:
	src/node_version.h
 2012-07-11 17:38:11 -07:00
Jonas Westerlund 4cfdc57712 Inline timeout function, avoiding declaration in conditional 
Moving it out would require an anonymous function, or bind(), anyway.
Luckily It's a tiny function. Fixes crash in strict mode.
 2012-07-06 19:28:35 -07:00
Fedor Indutny f210530f46 tls: use slab allocator 2012-07-05 16:06:33 -04:00
Ben Noordhuis ff552ddbaa tls: fix off-by-one error in renegotiation check 
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
 2012-06-18 04:31:40 +02:00
Andreas Madsen 1e0ce5d1bd domain: the EventEmitter constructor is now always called in nodecore 2012-06-15 09:49:05 -07:00
isaacs 9611354f08 lint 2012-05-15 13:03:43 -07:00
isaacs 5164ae3838 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
 2012-05-15 11:37:34 -07:00
ssuda fb7348ae06 crypto: add PKCS12/PFX support 
Fixes #2845.
 2012-05-14 17:12:59 +02:00
fukayatsu 0f95a93a2c tls: remove duplicate line 2012-04-16 21:38:26 +02:00
Yosef Dinerstein d7c96cf289 tls: reduce memory overhead, reuse buffer 
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
 2012-03-29 17:17:15 +02:00
Shigeki Ohtsu e1199fa335 tls: fix CryptoStream.setKeepAlive() 2012-03-23 00:20:46 +01:00
ssuda 9b672bcaa2 tls: parsing multiple values of a key in ssl certificate 
Fixes #2864.
 2012-03-10 23:43:16 +09:00
Dmitry Nizovtsev 1e9bcf26ce net, http, https: add localAddress option 
Binds to a local address before making the outgoing connection.
 2012-03-06 13:35:49 +01:00
isaacs 959a19e118 lint 2012-03-03 23:48:57 -08:00
Jimb Esser 78db18739a tls: proxy set(Timeout|NoDelay|KeepAlive) methods 
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
  HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
  HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
  HTTPS requests.
 2012-03-03 00:28:43 +01:00
Blake Miner 7343f8e776 tls: add `honorCipherOrder` option to tls.createServer() 
Documented how to mitigate BEAST attacks.
 2012-02-29 02:16:08 +01:00
Maciej Małecki da908364a8 tls http https: don't pollute user's `options` object 2012-02-20 21:58:00 +01:00
isaacs 0cdf85e28d Lint all the JavaScripts. 2012-02-18 15:34:57 -08:00
isaacs 31721da4b1 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	AUTHORS
	ChangeLog
	Makefile
	doc/about/index.html
	doc/api/tls.markdown
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	lib/http.js
	lib/tls.js
	src/node_version.h
	src/platform_win32.cc
	test/simple/test-tls-connect-given-socket.js
 2012-02-18 09:46:58 -08:00
Ben Noordhuis 3415427dbf tls: mitigate session renegotiation attacks 
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
 2012-02-16 18:15:21 +01:00
koichik b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
Ben Noordhuis e806ad39d0 net, tls, http: remove socket.ondrain 
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
 2012-01-24 15:57:50 +01:00
Fedor Indutny 667aae596c Merge branch 'v0.6' 
Conflicts:
	ChangeLog
	doc/template.html
	lib/cluster.js
	lib/http.js
	lib/tls.js
	src/node.h
	src/node_version.h
	test/simple/test-cluster-kill-workers.js
 2012-01-24 00:30:28 +06:00
koichik 534df2f8d2 tls: fix double 'error' events on HTTPS Requests 
Fixes #2549.
 2012-01-17 17:09:27 +01:00
koichik c1a63a9e90 tls: Allow establishing secure connection on the existing socket 
This is necessary to use SSL over HTTP tunnels.

Refs #2259, #2474.
Fixes #2489.
 2012-01-09 02:31:46 +01:00
Maciej Małecki 4b4d059791 tls: make `tls.connect` accept port and host in `options` 
Previous API used form:

    tls.connect(443, "google.com", options, ...)

now it's replaced with:

    tls.connect({port: 443, host: "google.com", ...}, ...)

It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.

Fixes #1983.
 2012-01-08 11:12:56 +01:00
koichik b962ff35dd tls: fix test-https-client-reject fails 
Fixes #2417.
 2011-12-27 17:33:23 +09:00
Ryan Dahl f7f8af8420 Merge remote branch 'origin/v0.6' 
Conflicts:
	Makefile
	lib/_debugger.js
 2011-12-21 12:17:23 -08:00
koichik 07c27e040e tls: Fix node swallows openssl error on request 
Fixes #2308.
Fixes #2246.
 2011-12-21 19:48:15 +01:00
Ben Noordhuis 7a7f1062bf tls: remove duplicate assignment 2011-12-21 15:01:07 +01:00
koichik f8c335d0ca tls: enable rejectUnauthorized option to client 
Fiexes #2247.
 2011-12-07 22:47:06 +09:00
koichik 5451ba3aa8 tls: fix https with fs.openReadStream hangs 
Fixes #2185.
Fixes #2198.
 2011-11-27 16:31:45 +09:00
Ben Noordhuis 5e3b0095de tls: make cipher list configurable 
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.

Fixes #2066.
 2011-11-17 00:01:41 +01:00
koichik f53d092a2a tls, https: add passphrase option 
Fixes #1925.
 2011-10-31 17:36:43 +09:00
koichik cbcaeedba9 tls: add address(), remoteAddress/remotePort 
Fixes #758.
Fixes #1055.
 2011-10-27 00:28:16 +09:00
koichik 0e8a55d2a2 tls: does not emit 'end' from EncryptedStream 
de09168 and 4cdf9d4 breaks `test/pummel/test-https-large-response.js`.
It is never finished.

Fixes #1936.
 2011-10-27 00:18:29 +09:00
Ryan Dahl 493d3b9f7c Merge remote branch 'origin/v0.4' 
Conflicts:
	ChangeLog
	Makefile
	deps/libev/wscript
	doc/index.html
	doc/template.html
	lib/net.js
	src/node_version.h
	src/platform_cygwin.cc
	test/pummel/test-net-write-callbacks.js
	test/simple/test-buffer.js
 2011-10-21 18:02:30 -07:00
Ryan Dahl de09168e5a Emit 'end' from crypto streams on close 
Fixes test/simple/test-tls-peer-certificate.js on Windows

Patch from bnoordhuis.

See also 75a0cf970f
 2011-10-21 13:16:41 -07:00
koichik 68cc173c6d tls: The TLS API is inconsistent with the TCP API 
Add 'secureConnect' event to tls.CleartextStream.

Fixes #1467.
 2011-10-15 19:27:21 +09:00
koichik 19a855382c tls: requestCert unusable with Firefox and Chrome 
Fixes #1516.
 2011-10-15 00:54:46 +09:00
koichik 4cdf9d4158 tls: Improve TLS flow control 
Fixes #1775.
 2011-09-30 15:44:45 +09:00
Ben Noordhuis 243c218c7a tls: remove superfluous setOptions() call 2011-09-19 16:28:22 +02:00
Sean Cunningham eb99083d0b tls: add client-side session resumption support 2011-09-07 20:01:14 +02:00
koichik 6f60683802 tls: x509 certificate subject parsing fail 
Fixes #1568.
 2011-08-31 03:47:23 +09:00
Fedor Indutny 942f8b5afb Add NPN and SNI documentation. 
Fixes #1420.
Fixes #1426.
 2011-08-10 09:44:35 -07:00
Fedor Indutny 9010f5fbab Add support for TLS SNI 
Fixes #1411
 2011-07-29 16:57:28 -07:00
Robert Mustacchi de0b8d601c jslint cleanup: path.js, readline.js, repl.js, tls.js, tty_win32.js, url.js 2011-07-29 11:58:02 -07:00
Ryan Dahl 041c983290 Merge branch 'v0.4' 
Conflicts:
	deps/libev/wscript
	doc/api/modules.markdown
 2011-07-14 15:52:08 -07:00
Stefan Rusu 901ebed8ff Fixes #1304. The Connection instance may be destroyed by abort() when process.nextTick is executed. 2011-07-15 00:32:46 +09:00
Ryan Dahl 59274e8a33 Merge branch 'v0.4' 
Conflicts:
	lib/crypto.js
	lib/tls.js
 2011-05-20 10:29:16 -07:00
Ryan Dahl 9c7f89bf56 CryptoStream.prototype.readyState shoudn't reference fd 
Fixes #1069
 2011-05-20 10:20:22 -07:00
Fedor Indutny 21724ecaec Share SSL context between server connections 
Fixes #1073.
 2011-05-19 14:45:42 -07:00
Ryan Dahl 85bc8d02fa Merge branch 'v0.4' 
Conflicts:
	src/node_crypto.cc
 2011-05-16 19:29:02 -07:00
Felix Geisendörfer 1fde5f51b4 Make https 'timeout' events bubble up 
Also adds a test case for it.
 2011-05-14 13:38:04 -07:00
isaacs 205b9beb6b Merge branch 'v0.4' 
Conflicts:
	lib/tls.js
	lib/url.js
	src/node_version.h
	test/simple/test-buffer.js
	test/simple/test-url.js
 2011-05-07 20:38:32 -07:00
Ryan Dahl 55bff5bab9 TLS: simplify logic 2011-05-06 17:06:36 -07:00
Ryan Dahl 75a0cf970f cleartextstream.destroy() should destroy socket. 
This fixes a critical bug see in MJR's production. Very difficult to build a
test case. Sometimes HTTPS server gets sockets that are hanging in a
half-duplex state.
 2011-05-02 15:03:50 -07:00
Fedor Indutny c9b40da368 OpenSSL NPN in node.js 
closes #926.
 2011-04-19 11:32:26 -07:00
Ryan Dahl 9e6498d5fa Merge branch 'v0.4' 
Conflicts:
	src/node_version.h
 2011-04-18 18:58:16 -07:00
Ryan Dahl bb621f7c2e CryptoStream.write returns false when queue > 128kb 
Previously the return value of write was dependent on if it was paused or
not which was causing a strange error demoed in the previous commit.

Fixes #892
 2011-04-13 20:32:46 -07:00
Ryan Dahl 050bbf0bc4 TLS use RC4-SHA by default 2011-04-13 18:43:08 -07:00
Theo Schlossnagle d6f5b8a2a6 allow setting of ciphers in credentials 
fixes #873
 2011-04-13 18:35:39 -07:00
Theo Schlossnagle 2a88dd3bc1 TLS: Add secureOptions flag 
Also, secureOptions flag was added (and passed through) and allows
the context to have all supported SSL_OP_* set via createCredentials.
All SSL_OP_ flags (outside of ALL) have been added to constants.
 2011-04-13 18:25:33 -07:00
Theo Schlossnagle d0e84b0088 Pass secureProtocol through on tls.Server creation 
The secureProtocol option to building the SSL context was not being properly
passed through in the credentials in the tls code. This is fixed.
 2011-04-13 17:49:50 -07:00
Ryan Dahl c0b461d9a1 Increase TLS pool size for perf increase 2011-03-28 17:37:14 -07:00
Ryan Dahl 7e28630f5e Fix GH-820. CryptoStream.end shouldn't throw if not writable 
This matches the behavior of net.Socket
 2011-03-21 14:36:49 -07:00
Ryan Dahl 55048cdf79 Update copyright headers 2011-03-14 17:37:05 -07:00
Theo Schlossnagle e3925b741c TLS: Finer locks on _cycle. 
Data being sent out of order.
 2011-03-14 12:05:25 -07:00
Ryan Dahl 62f06fb885 CryptoStream.prototype.destroySoon shouldn't die if not writable 2011-03-09 10:53:06 -08:00
Ryan Dahl a2f498a5ef Revert "Add extra debug print statement to tls.js" 
This reverts commit 340291c085.

sometimes circular. would break node_g tests.
 2011-02-24 15:59:40 -08:00
Ryan Dahl 340291c085 Add extra debug print statement to tls.js 2011-02-23 16:38:30 -08:00
Ryan Dahl ab144f4843 Add TODO item 2011-02-23 04:43:13 -08:00
Ryan Dahl c2a62951f6 TLS sockets should not be writable after 'end' 
Closes GH-694.
 2011-02-19 18:25:15 -08:00
Ryan Dahl 19b4c27ebf TLS: Make _cycle reentrant. 2011-02-16 18:10:53 -08:00
Ryan Dahl c365f56061 https was missing 'end' event sometimes 
Closes GH-671.
 2011-02-15 17:13:53 -08:00
Theo Schlossnagle 01a864a29d TLS: CRL support 
Needs more tests.
 2011-02-10 00:49:15 -08:00
Ryan Dahl dafd6d9137 TLS: Don't give up if you can't write 0 bytes 2011-02-09 13:27:23 -08:00
Ryan Dahl a48a075535 better debug messages in net and tls 2011-02-09 10:23:26 -08:00
Ryan Dahl 9de5043b50 tls: only emit data after 'secure' event 2011-02-08 17:29:33 -08:00
Ryan Dahl 448e0f4394 tls fixes 2011-02-07 21:11:43 -08:00
Ryan Dahl f6e5b8986f Clean up 2011-02-03 12:28:20 -08:00
Ryan Dahl 97f7c06451 TLS: fix throttling 
Re-enable test-https-large-response.js

Closes GH-614.
 2011-02-03 12:20:19 -08:00
Ryan Dahl 3e58696c07 TLS: Simplify error handling 2011-02-02 15:39:03 -08:00
Ryan Dahl 41b4ec7952 TLS: flush buffer before destroy 
Also disable test-https-large-response.js. Covered by
test/simple/test-tls-throttle.js
 2011-02-02 15:34:21 -08:00
Ryan Dahl e6f14d6df5 (suck, blow) -> (pull, push) 2011-02-02 14:51:53 -08:00
Ryan Dahl 2ff593ad23 TLS: better error reporting at binding layer 
Closes GH-612.
 2011-02-01 14:14:50 -08:00
Ryan Dahl 3e5b568504 TLS: Add _pendingBytes() 2011-01-31 17:29:11 -08:00
Ryan Dahl 45b30a879b tls: superficial clean up 2011-01-31 16:37:29 -08:00
Ryan Dahl df5d5d6342 Fix option parsing in tls.connect() 2011-01-27 19:25:08 -08:00
Ryan Dahl bfb6a67d60 Another fix for process.assert 2011-01-27 16:59:28 -08:00
Ryan Dahl 9e976abad9 lint 2011-01-24 10:55:30 -08:00