Commit Graph

136 Commits (b7f6e6b42f1a87d230c9e290725fbfb1bae85791)

Author SHA1 Message Date
Manav Rathi d20576165a tls: expose SSL_CTX_set_timeout via tls.createServer
Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.

This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.
2013-03-26 01:37:49 +01:00
isaacs 32ac8c0b69 test: Pass cli flags in pummel/test-regress-GH-892 2013-03-06 11:44:29 -08:00
Ben Noordhuis c11612026f net: omit superfluous 'connect' event
Don't emit a 'connect' event on sockets that are handed off to
net.Server 'connection' event listeners.

1. It's superfluous because the connection has already been established
   at that point.

2. The implementation is arguably wrong because the event is emitted on
   the same tick of the event loop while the rule of thumb is to always
   emit it on the next one.

This has been tried before in commit f0a440d but was reverted again in
ede1acc because the change was incomplete (at least one test hadn't
been updated).

Fixes #1047 (again).
2013-03-01 02:09:36 +01:00
Ben Noordhuis 14a4245051 net: don't suppress ECONNRESET
Let ECONNRESET network errors bubble up so clients can detect them.

Commit c4454d2e suppressed and turned them into regular end-of-stream
events to fix the then-failing simple/test-regress-GH-1531 test. See
also issue #1571 for (scant) details.

It turns out that special handling is no longer necessary. Remove the
special casing and let the error bubble up naturally.

pummel/test-https-ci-reneg-attack and pummel/test-tls-ci-reneg-attack
are updated because they expected an EPIPE error code that is now an
ECONNRESET. Suppression of the ECONNRESET prevented the test from
detecting that the connection has been severed whereupon the next
write would fail with an EPIPE.

Fixes #1776.
2013-02-11 12:31:21 -08:00
Ben Noordhuis acd0df4ad9 test: fix pummel test out-of-memory errors
Fix the following OOM error in pummel/test-net-connect-memleak
and pummel/test-tls-connect-memleak:

  FATAL ERROR: CALL_AND_RETRY_0 Allocation failed - process out of
  memory

Commit v8/v8@91afd39 increases the size of the deoptimization table
to the extent that a 64M float array pushes it over the brink. Switch
to SMIs so it stays below the limit.

pummel/test-net-connect-memleak is still failing albeit with a different
error this time. Needs further investigation.

  === release test-net-connect-memleak ===
  Path: pummel/test-net-connect-memleak
  -64 kB reclaimed
  assert.js:102
    throw new assert.AssertionError({
          ^
  AssertionError: false == true
      at done [as _onTimeout] (/home/bnoordhuis/src/nodejs/master/
  test/pummel/test-net-connect-memleak.js:48:3)
      at Timer.listOnTimeout [as ontimeout] (timers.js:110:15)
      at process._makeCallback (node.js:306:20)
2013-01-27 22:01:14 +01:00
isaacs f63af64eb8 test-pummel: Add call validation in net-write-callbacks 2012-12-19 10:55:23 -08:00
isaacs f3f4e290e0 test: 2 resume() calls needed to flush streams 2012-12-19 10:55:23 -08:00
isaacs 77ed12fe7a Merge remote-tracking branch 'ry/v0.8' into master
Conflicts:
	AUTHORS
	ChangeLog
	deps/uv/test/test-spawn.c
	deps/uv/uv.gyp
	src/cares_wrap.cc
	src/node.cc
	src/node_version.h
	test/simple/test-buffer.js
	tools/gyp/pylib/gyp/common.py
	tools/install.py
2012-12-13 16:57:58 -08:00
Ben Noordhuis 121ed91331 tls: fix tls.connect() resource leak
The 'secureConnect' event listener was attached with .on(), which blocked it
from getting garbage collected. Use .once() instead.

Fixes #4308.
2012-11-26 01:51:05 +01:00
Ben Noordhuis 4cb17cb219 net: fix net.connect() resource leak
The 'connect' event listener was attached with .on(), which blocked it from
getting garbage collected. Use .once() instead.

Fixes #4308.
2012-11-24 15:27:14 +01:00
Ben Noordhuis 8ac017eba7 test: fix pummel/test-crypto-dh, pummel/test-dh-regr
Forgotten in the switch to buffers as the default output in 3570f20.

Fixes #4188.
2012-10-24 15:37:34 +02:00
Bryan Cantrill cc1b09d6b7 test: add tests for postmortem and DTrace support 2012-09-21 01:51:57 +02:00
Ben Noordhuis 3806cf0d64 test: set rejectUnauthorized in tls/https tests
Update the tls and https tests to explicitly set rejectUnauthorized instead of
relying on the NODE_TLS_REJECT_UNAUTHORIZED environment variable getting set.
2012-09-15 00:19:30 +02:00
Ben Noordhuis 35607f3a2d tls, https: validate server certificate by default
This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.
2012-09-15 00:19:06 +02:00
Ben Noordhuis 972cdf82f1 Merge remote-tracking branch 'origin/v0.8'
Conflicts:
	deps/uv/include/uv.h
	src/node_crypto.cc
2012-09-04 15:02:20 +02:00
isaacs dec16aa5c2 Test client renegotiation attacks on HTTPS
This test should output roughly the same results as the tls ci-reneg attack
pummel test.  However, it does not.
2012-08-29 12:26:28 -07:00
Ben Noordhuis 28d30346f4 test: use common.PORT in pummel/test-net-timeout2 2012-08-17 14:03:26 +02:00
Ben Noordhuis bcb5bdebe7 test: raise pummel/test-net-throttle write req size
pummel/test-net-throttle assumes that a couple of big write requests result in
some of them getting queued because the kernel's send buffer fills up.

Said assumption breaks on systems with large send buffers. Raise the size of
the write request to ameliorate the issue.

This is a back-port of commit 6770555 from the master branch.
2012-08-14 23:11:28 +02:00
Ben Noordhuis 6b588007df test: fix pummel/test-net-connect-econnrefused
The test relied on a peculiarity of process.nextTick() that was changed in
commit 4e5fe2d. Before that commit, each nextTick callback corresponded with
the event loop moving forward one tick. That's no longer the case.
2012-08-09 01:02:48 +02:00
Ben Noordhuis 6770555551 test: raise pummel/test-net-throttle write req size
pummel/test-net-throttle assumes that a couple of big write requests result in
some of them getting queued because the kernel's send buffer fills up.

Said assumption breaks on systems with large send buffers. Raise the size of
the write request to ameliorate the issue.
2012-08-09 00:06:01 +02:00
Ben Noordhuis 63c2391984 test: make test-fs-watch-file write to tmp dir
Write temp files to test/tmp, not test/fixtures.
2012-07-09 15:48:43 +02:00
Ben Noordhuis 5b5362aa8d fs: make unwatchFile() remove a specific listener
Before this commit, `fs.unwatchFile(path)` removed *all* listeners for `path`.

The function is overloaded now: `fs.unwatchFile(path)` still removes all
listeners, but `fs.unwatchFile(path, cb)` lets you remove a specific listener.

Fixes #3660.
2012-07-09 15:48:43 +02:00
Ben Noordhuis f0ce98441f fs: make fs.watchFile() work on windows 2012-06-21 03:05:18 +02:00
Ben Noordhuis d98a8578d6 test: add another fs.watchFile() test 2012-06-21 02:50:13 +02:00
Ben Noordhuis ff552ddbaa tls: fix off-by-one error in renegotiation check
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
2012-06-18 04:31:40 +02:00
Fedor Indutny ae5b0e1fc1 crypto: add padding to diffie-hellman key
DH_size returns number of bytes in a prime number, DH_compute_key returns number
of bytes in a remainder of exponent, which may have less bytes than a prime
number. Therefore add 0-padding to the allocated buffer.

Fixes #3372
2012-06-18 00:59:31 +04:00
Bert Belder 74c8041fb6 test-child-process-spawn-loop: make it pass on Windows.
It wasn't waiting for the child process' stderr to close, so not an
assertion was made *before* all the data that the child process sent
was received by node.
2012-06-13 22:12:30 +02:00
Bert Belder b53b8b8ae7 test-exec: make it work on Windows 2012-06-12 23:30:54 +02:00
Bert Belder cbeeea62cf Revert "uv: upgrade to b7e150ee"
Upgrade wasn't done correctly.
This reverts commit b615077bab.
2012-06-12 19:52:38 +02:00
Bert Belder b615077bab uv: upgrade to b7e150ee 2012-06-12 17:06:54 +02:00
Bert Belder 517cea3636 test-net-connect-econnrefused: don't take forever to complete 2012-06-12 02:22:30 +02:00
Ben Noordhuis b337577cf1 test: update pummel/test-exec
ChildProcess.prototype._internal is called ChildProcess.prototype._handle now.
2012-05-31 01:46:56 +02:00
Ben Noordhuis 88d7a10128 test: verify that connect reqs are cleaned up 2012-05-15 21:00:27 +02:00
isaacs 1930772693 Move test-fs-largefile into pummel
It's too slow.
2012-05-05 15:05:14 -07:00
Ben Noordhuis 11770bf5e2 test: move pummel/test-tls-fragmentation to benchmark/
Said test takes over 90 seconds on my Core 2 Duo which is too long, even for
the pummel tests.
2012-03-29 17:25:37 +02:00
Yosef Dinerstein d7c96cf289 tls: reduce memory overhead, reuse buffer
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
2012-03-29 17:17:15 +02:00
Ben Noordhuis daa6b95b08 test: move simple/test-crypto-dh to pummel/
The test is too slow / CPU intensive for the main test harness.
2012-03-29 17:12:26 +02:00
Ben Noordhuis 8c02f9b7c8 buffer: throw from constructor if length > kMaxLength
Throw, don't abort. `new Buffer(0x3fffffff + 1)` used to bring down the process
with the following error message:

  FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData() length
  exceeds max acceptable value

Fixes #2280.
2012-03-09 23:57:03 +01:00
Nathan Rajlich 07c886f944 process: add `process.hrtime()`
This commit adds a high-resolution timer function.
2012-03-06 20:43:55 +01:00
Igor Zinkovsky 61be6844aa disable fs.watchFile tests on windows 2012-03-03 14:35:21 -08:00
Ben Noordhuis 7f4aba91d3 test: include common.js in all tests 2012-02-20 13:29:11 +01:00
isaacs 0cdf85e28d Lint all the JavaScripts. 2012-02-18 15:34:57 -08:00
Ben Noordhuis 3415427dbf tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
2012-02-16 18:15:21 +01:00
Ben Noordhuis 81d18398a8 test: add --debug-brk regression test 2012-02-07 23:42:38 +01:00
Andreas Madsen 4865063924 Tests: fix jslint issues 2012-01-17 19:45:09 +01:00
Ben Noordhuis fd29448be0 test: add missing copyright headers 2011-12-06 22:02:26 +01:00
Bert Belder b480cfaf34 Make the pummel test runner not crash on windows when a directory is locked 2011-11-25 10:27:30 +01:00
Ryan Dahl 4a8088a603 Socket.write should reset timeout timer.
Fixes #2002.
2011-11-03 12:37:04 -07:00
Ryan Dahl 850609ea2d Remove separation of libuv tests 2011-11-02 16:38:59 -07:00
Igor Zinkovsky cc92234068 fix pummel/test-net-throttle on windows 2011-11-01 16:44:08 -07:00