Throw an exception in the tls.Server constructor when the options object
doesn't contain either a PFX or a key/certificate combo.
Said change exposed a bug in simple/test-tls-junk-closes-server. Addressed.
Fixes#3941.
It takes an optional "expected exception" argument that is not used meaningfully
but is nevertheless documented. Undocument it, it confuses casual readers of the
documentation.
Fixes#3935.
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA
to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
in order to mitigate BEAST attacks.
The documentation suggested AES256-SHA but unfortunately that's a CBC cipher
and therefore susceptible to attacks.
Fixes#3900.
Ensure that the delay >= 0 when detaching the timer from the queue. Fixes the
following assertion:
uv_timer_start: Assertion `timeout >= 0' failed.
No test included, it's timing sensitive.
Commit 4e5fe2d changed the way how process.nextTick() works:
process.nextTick(function foo() {
process.nextTick(function bar() {
// ...
});
});
Before said commit, foo() and bar() used to run on separate event loop ticks
but that is no longer the case.
However, that's exactly the behavior that the TLS renegotiation attack guard
relies on. It gets called by OpenSSL and needs to defer the 'error' event to a
later tick because the default action is to destroy the TLS context - the same
context that OpenSSL currently operates on.
When things change underneath your feet, bad things happen and OpenSSL is no
exception. Ergo, use setImmediate() instead of process.nextTick() to ensure
that the 'error' event is actually emitted at a later tick.
Fixes#3840.
Fixes a minor oversight introduced in 168a555, resulting in the following error:
fs.js:467
return fs.ftruncateSync(path, len, callback);
^
ReferenceError: callback is not defined
at Object.fs.truncateSync (fs.js:467:40)
This commit reverts the following commits (in reverse chronological order):
74d076c errnoException must be done immediately
ddb02b9 net: support Server.listen(Pipe)
085a098 cluster: do not use internal server API
d138875 net: lazy listen on handler
Commit d138875 introduced a backwards incompatible change that broke the
simple/test-net-socket-timeout and simple/test-net-lazy-listen tests - it
defers listening on the target port until the `net.Server` instance has at
least one 'connection' event listener.
The other patches had to be reverted in order to revert d138875.
Fixes#3832.
The destroy() method of fs.ReadStream and fs.WriteStream takes a callback.
It's a leftover from the node 0.1 days, undocumented and not part of the
streams API. Remove it.
Previously, a command with a short stdio array would result in the child's
stdout and stderr objects set to null. For example:
var c = child_process.spawn(cmd, args, {stdio: ['pipe']});
// results in c.stdout === null.
The expected behavior is the above line functioning the same as this one:
var c = child_process.spawn(cmd, args, {stdio: ['pipe', null, null]});
// provides correct (non-null) c.stdout; as does the above, after this fix.
This fixes the problem that calling pause() on a socket would not
actually prevent 'data' events from being emitted. It also replaces
the existing test by a more elaborate one.
Ref: #3118
Problem: calling `server.listen()` (no port) on a net.Server triggered the
following libuv assertion:
node: ../deps/uv/src/unix/stream.c:406: uv__write: Assertion `fd_to_send >= 0'
failed.
Cause: uv_tcp_t handles are lazily initialized. Omitting the port made the
handle get initialized even more lazily. Too lazily - it wasn't initialized
when the handle was sent over to the child process.
Solution: implicitly bind to a random port in listen() when the port number
is omitted, it forces the handle to initialize. This is not a change in
behavior, listen() has always been identical to listen(0).
Fixes#3325.
Ben Noordhuis
Bert Belder
isaacs
Nathan Rajlich
Brian White
koichik
Timothy J Fontaine
Felix Böhm
Josh Erickson
Andreas Madsen
Dominic Tarr
Tyler Neylon
Gil Pedersen
Tom Hughes-Croucher
Joe Andaverde