daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,366 Commits
53 Branches
862 Tags
1.9 GiB
Commit Graph

9 Commits (6bf85bc81e7e61b4126c50d05555d5928343423b)

Author SHA1 Message Date
Johan Bergström 671fbd5a9d test: refactor all tests that depends on crypto 
we had a few ways versions of looking for support before executing a test. this
commit unifies them as well as add the check for all tests that previously
lacked them. found by running `./configure --without-ssl && make test`. also,
produce tap skip output if the test is skipped.

PR-URL: https://github.com/iojs/io.js/pull/1049
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
 2015-03-05 10:31:41 +09:00
isaacs 3e1b1dd4a9 Remove excessive copyright/license boilerplate 
The copyright and license notice is already in the LICENSE file.  There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
 2015-01-12 15:30:28 -08:00
Timothy J Fontaine de56ffa58b test: pummel/*ci-reneg* handle EPIPE 
When calling out to the openssl client handle the child closing and
returning EPIPE on writes
 2014-02-24 18:38:41 -08:00
Fedor Indutny 442d2d0cde test: ignore tests when built without OpenSSL CLI 
fix #6880
 2014-01-20 20:55:54 +04:00
Fedor Indutny 6f3d60388e gyp: build openssl-cli tool and use it in tests 
fix #6663
 2013-12-11 21:21:10 +04:00
Ben Noordhuis 14a4245051 net: don't suppress ECONNRESET 
Let ECONNRESET network errors bubble up so clients can detect them.

Commit c4454d2e suppressed and turned them into regular end-of-stream
events to fix the then-failing simple/test-regress-GH-1531 test. See
also issue #1571 for (scant) details.

It turns out that special handling is no longer necessary. Remove the
special casing and let the error bubble up naturally.

pummel/test-https-ci-reneg-attack and pummel/test-tls-ci-reneg-attack
are updated because they expected an EPIPE error code that is now an
ECONNRESET. Suppression of the ECONNRESET prevented the test from
detecting that the connection has been severed whereupon the next
write would fail with an EPIPE.

Fixes #1776.
 2013-02-11 12:31:21 -08:00
Ben Noordhuis ff552ddbaa tls: fix off-by-one error in renegotiation check 
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
 2012-06-18 04:31:40 +02:00
isaacs 0cdf85e28d Lint all the JavaScripts. 2012-02-18 15:34:57 -08:00
Ben Noordhuis 3415427dbf tls: mitigate session renegotiation attacks 
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
 2012-02-16 18:15:21 +01:00