0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

215 Commits

Author SHA1 Message Date
James M Snell
5ba868f024 tls: add --tls-cipher-list command line switch
This adds a new `--tls-cipher-list` command line switch
that can be used to override the built-in default cipher
list. The intent of this is to make it possible to enforce
an alternative default cipher list at the process level.
Overriding the default cipher list is still permitted at
the application level by changing the value of
`require('tls').DEFAULT_CIPHERS`.

As part of the change, the built in default list is moved
out of tls.js and into node_constants.h and node_constants.cc.
Two new constants are added to require('constants'):

  * defaultCipherList (the active default cipher list)
  * defaultCoreCipherList (the built-in default cipher list)

A test case and doc changes are included.

A new NODE_DEFINE_STRING_CONSTANT macro is also created in
node_internals.h

When node_constants is initialized, it will pick up either
the passed in command line switch or fallback to the default
built-in suite.

Within joyent/node, this change had originaly been wrapped
up with a number of other related commits involving the
removal of the RC4 cipher. This breaks out this isolated
change.

/cc @mhdawson, @misterdjules, @trevnorris, @indutny, @rvagg

Reviewed By: Ben Noordhuis <ben@strongloop.com>
PR-URL: https://github.com/nodejs/node/pull/2412
2015-08-23 08:52:01 -07:00
Mike Atkins
f1810ed1b8 tls: handle empty cert in checkServerIndentity
This resolves joyent/node#9272. `tlsSocket.getPeerCertificate` will
return an empty object when the peer does not provide a certificate,
but, prior to this, when the certificate is empty, `checkServerIdentity`
would throw because the `subject` wasn't present on the cert.
`checkServerIdentity` must return an error, not throw one, so this
returns an error when the cert is empty instead of throwing
a `TypeError`.

PR-URL: https://github.com/nodejs/node/pull/2343
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2015-08-21 11:24:51 +09:00
Roman Reiss
b5b8ff117c lib: don't use global Buffer
Port of https://github.com/joyent/node/pull/8603

The race condition present in the original PR didn't occur, so no
workaround was needed.

PR-URL: https://github.com/nodejs/io.js/pull/1794
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
2015-06-11 20:24:44 +02:00
Mike MacCana
5755fc099f tls: update default ciphers to use gcm and aes128
AES-GCM or CHACHA20_POLY1305 ciphers must be used in current version of
Chrome to avoid an 'obsolete cryptography' warning.

Prefer 128 bit AES over 192 and 256 bit AES considering attacks that
specifically affect the larger key sizes but do not affect AES 128.

PR-URL: https://github.com/iojs/io.js/pull/1660
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Roman Reiss <me@silverwind.io>
2015-05-11 13:37:48 +02:00
Brendan Ashworth
1219e7466c lib: reduce process.binding() calls
This commit better handles calls to process.binding() in lib/ by
no longer lazy loading the bindings (the load times themselves are
rather miniscule compared to the load time of V8) and never reloading
the bindings (which is 172 times slower than referencing a variable with
the same value).

PR-URL: https://github.com/iojs/io.js/pull/1367
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-09 10:51:19 -07:00
Roman Reiss
77f35861d0 tls: more secure defaults
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.

Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
2015-02-16 12:33:12 +01:00
cjihrig
6ac8bdc0ab lib: reduce util.is*() usage
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).

Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-31 23:47:29 -05:00
cjihrig
804e7aa9ab lib: use const to define constants
This commit replaces a number of var statements throughout
the lib code with const statements.

PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-21 16:21:31 -05:00
isaacs
3e1b1dd4a9 Remove excessive copyright/license boilerplate
The copyright and license notice is already in the LICENSE file.  There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
2015-01-12 15:30:28 -08:00
Ben Noordhuis
fcbbc7a050 Merge remote-tracking branch 'joyent/v0.12' into v0.12
Conflicts:
	Makefile
	deps/v8/src/base/platform/platform.h

PR-URL: https://github.com/node-forward/node/pull/65
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2014-11-22 17:55:59 +01:00
Ben Noordhuis
21130c7d6f lib: turn on strict mode
Turn on strict mode for the files in the lib/ directory.  It helps
catch bugs and can have a positive effect on performance.

PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-11-22 17:23:30 +01:00
Jackson Tian
d8a3c4ab2a tls: remove tls.createSecurePair code deprecation
In https://github.com/joyent/node/pulls/8695, the deprecation was
removed from doc.  This removes the deprecation from the code.

PR-URL: https://github.com/joyent/node/pull/8700
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>
2014-11-09 21:39:24 -08:00
Shigeki Ohtsu
f6877f37b2 tls: add DHE-RSA-AES128-SHA256 to the def ciphers
`!EDH` is also removed from the list in the discussion of #8272

Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-08-29 00:36:51 +04:00
Trevor Norris
803c3f0aa0 lint: fix indentation 2014-07-02 21:02:36 -07:00
Fedor Indutny
e345253562 tls: better error reporting at cert validation
fix #7417

Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-07-03 00:41:39 +04:00
Yazhong Liu
fcbffa71d0 tls: using %StringSplit to split cert.subjectaltname
Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-06-24 09:55:26 +04:00
Fedor Indutny
5d2aef17ee
crypto: move createCredentials to tls
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.

fix #7249
2014-03-29 12:01:43 +04:00
Erik Dubbelboer
bb909ad642 tls: add ECDH ciphers support
Switch test fixtures to 1024 bit keys.
2013-10-30 08:34:47 +01:00
isaacs
22c68fdc1d src: Replace macros with util functions 2013-08-01 15:08:01 -07:00
Ben Noordhuis
0330bdf519 lib: macro-ify type checks
Increases the grep factor. Makes it easier to harmonize type checks
across the code base.
2013-07-24 21:49:35 +02:00
Fedor Indutny
07fbb43d78 tls: export TLSSocket 2013-07-03 16:15:31 +04:00
Fedor Indutny
af80e7bc6e tls: introduce TLSSocket based on tls_wrap binding
Split `tls.js` into `_tls_legacy.js`, containing legacy
`createSecurePair` API, and `_tls_wrap.js` containing new code based on
`tls_wrap` binding.

Remove tests that are no longer useful/valid.
2013-06-16 09:30:15 +02:00
isaacs
2900f0778a Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	ChangeLog
	src/node_version.h
2013-05-31 11:52:57 -07:00
Fedor Indutny
9ee86b718c tls: proper .destroySoon
1. Emit `sslOutEnd` only when `_internallyPendingBytes() === 0`.
2. Read before checking `._halfRead`, otherwise we'll see only previous
   value, and will invoke `._write` callback improperly.
3. Wait for both `end` and `finish` events in `.destroySoon`.
4. Unpipe encrypted stream from socket to prevent write after destroy.
2013-05-30 13:50:13 +04:00
Ben Noordhuis
28659aba37 Merge remote-tracking branch 'origin/v0.10'
Conflicts:
	deps/uv/ChangeLog
	deps/uv/src/unix/stream.c
	deps/uv/src/version.c
	lib/tls.js
2013-05-29 23:12:11 +02:00
Fedor Indutny
4f14221f03 tls: invoke write cb only after opposite read end
Stream's `._write()` callback should be invoked only after it's opposite
stream has finished processing incoming data, otherwise `finish` event
fires too early and connection might be closed while there's some data
to send to the client.

see #5544
2013-05-28 22:27:07 +04:00
Fedor Indutny
fa170dd2b2 tls: ignore .shutdown() syscall error
Quote from SSL_shutdown man page:

  The output of SSL_get_error(3) may be misleading,
  as an erroneous SSL_ERROR_SYSCALL may be flagged even though
  no error occurred.

Also, handle all other errors to prevent assertion in `ClearError()`.
2013-05-28 20:14:44 +04:00
isaacs
ba048e72b0 Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	AUTHORS
	ChangeLog
	configure
	deps/uv/ChangeLog
	deps/uv/src/unix/darwin.c
	deps/uv/src/unix/stream.c
	deps/uv/src/version.c
	deps/v8/src/isolate.cc
	deps/v8/src/version.cc
	lib/http.js
	src/node_version.h
2013-05-27 14:46:52 -07:00
Fedor Indutny
f7ff8b4454 tls: retry writing after hello parse error
When writing bad data to EncryptedStream it'll first get to the
ClientHello parser, and, only after it will refuse it, to the OpenSSL.
But ClientHello parser has limited buffer and therefore write could
return `bytes_written` < `incoming_bytes`, which is not the case when
working with OpenSSL.

After such errors ClientHello parser disables itself and will
pass-through all data to the OpenSSL. So just trying to write data one
more time will throw the rest into OpenSSL and let it handle it.
2013-05-24 15:03:48 -07:00
Timothy J Fontaine
f8193ab3c4 timers: use uv_now instead of Date.now
This saves a few calls to gettimeofday which can be expensive, and
potentially subject to clock drift. Instead use the loop time which
uses hrtime internally.

fixes #5497
2013-05-22 20:13:14 -07:00
isaacs
896b2aa707 util: Add debuglog, deprecate console lookalikes 2013-05-21 16:39:50 -07:00
Ben Noordhuis
d820b64412 tls: add localAddress and localPort properties
Add localAddress and localPort properties to tls.CleartextStream.
Like remoteAddress and localPort, delegate to the backing net.Socket
object.

Refs #5502.
2013-05-20 15:18:50 +02:00
Fedor Indutny
259839fe75 Merge branch 'v0.10'
Conflicts:
	ChangeLog
	deps/uv/src/version.c
	src/node.h
	src/node_crypto.cc
	src/node_crypto_bio.cc
	src/node_crypto_bio.h
	src/node_object_wrap.h
	src/node_version.h
2013-04-12 11:30:11 -04:00
Tobias Müllerleile
4108c31293 tls: Re-enable check of CN-ID in cert verification
RFC 6125 explicitly states that a client "MUST NOT seek a match
for a reference identifier of CN-ID if the presented identifiers
include a DNS-ID, SRV-ID, URI-ID, or any application-specific
identifier types supported by the client", but it MAY do so if
none of the mentioned identifier types (but others) are present.
2013-04-07 22:09:57 +04:00
isaacs
2c9a38d059 Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	AUTHORS
	ChangeLog
	deps/v8/src/json-parser.h
	lib/crypto.js
	src/node_version.h
2013-04-05 09:02:48 -07:00
isaacs
164d5b3465 tls: Destroy socket when encrypted side closes
The v0.8 Stream.pipe() method automatically destroyed the destination
stream whenever the src stream closed.  However, this caused a lot of
problems, and was removed by popular demand.  (Many userland modules
still have a no-op destroy() method just because of this.) It was also
very hazardous because this would be done even if { end: false } was
passed in the pipe options.

In v0.10, we decided that the 'close' event and destroy() method are
application-specific, and pipe() doesn't automatically call destroy().
However, TLS actually depended (silently) on this behavior.  So, in this
case, we should just go ahead and destroy the thing when close happens.

Closes #5145
2013-04-01 10:53:49 -07:00
isaacs
97c70a6628 Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	src/node.cc
	src/node_version.h
2013-03-28 13:11:04 -07:00
Fedor Indutny
4580be0882 tls: handle SSL_ERROR_ZERO_RETURN
see #5004
2013-03-28 21:59:19 +04:00
Fedor Indutny
ae86fa84fe tls: handle errors before calling C++ methods
Calling `this.pair.encrypted._internallyPendingBytes()` before
handling/resetting error will result in assertion failure:

../src/node_crypto.cc:962: void node::crypto::Connection::ClearError():
Assertion `handle_->Get(String::New("error"))->BooleanValue() == false'
failed.

see #5058
2013-03-27 16:26:24 +04:00
Manav Rathi
d20576165a tls: expose SSL_CTX_set_timeout via tls.createServer
Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.

This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.
2013-03-26 01:37:49 +01:00
Ben Noordhuis
cfd0dca9ae crypto: make getCiphers() return non-SSL ciphers
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.

Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.

Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
2013-03-25 18:42:07 +01:00
isaacs
008ab12b7f tls: Prevent hang in readStart
This is not a great fix, and it's a bug that's very tricky to reproduce.

Occasionally, while downloading a file, especially on Linux for some
reason, the pause/resume timing will be just right such that the
CryptoStream is in a 'reading' state, but actually has no data, so it
ought to pull more in.  Because there's no reads happening, it just sits
there, and the process will exit

This is, fundamentally, a factor of how the HTTP implementation sits
atop CryptoStreams and TCP Socket objects, which is utterly horrible,
and needs to be rewritten.  However, in the meantime, npm downloads are
prematurely exiting, causing hard-to-debug "cb() never called!" errors.
2013-03-20 16:14:39 -07:00
Fedor Indutny
34e22b8ee7 tls: always reset this.ssl.error after handling
Otherwise assertion may happen:

    src/node_crypto.cc:962: void node::crypto::Connection::ClearError():
    Assertion `handle_->Get(String::New("error"))->BooleanValue() == false'
    failed.

See #5058
2013-03-20 17:58:01 +04:00
Fedor Indutny
b5ddc0cf96 tls: write pending data of opposite side
Fix stucked CryptoStream behaviour, happening when one of the sides
locks-up in queued state.

fix #5023
2013-03-17 20:19:09 +04:00
isaacs
426b4c6258 stream: _write takes an encoding argument
This vastly reduces the overhead of decodeStrings:false streams,
such as net and http.
2013-03-05 14:27:15 -08:00
isaacs
049903e333 stream: Split Writable logic into small functions
1. Get rid of unnecessary 'finishing' flag
2. Dont check both ending and ended. Extraneous.

Also: Remove extraneous 'finishing' flag, and don't check both 'ending'
and 'ended', since checking just 'ending' is sufficient.
2013-03-05 14:26:34 -08:00
isaacs
88644eaa2d stream: There is no _read cb, there is only push
This makes it so that `stream.push(chunk)` is the only way to signal the
end of reading, removing the confusing disparity between the
callback-style _read method, and the fact that most real-world streams
do not have a 1:1 corollation between the "please give me data" event,
and the actual arrival of a chunk of data.

It is still possible, of course, to implement a `CallbackReadable` on
top of this.  Simply provide a method like this as the callback:

    function readCallback(er, chunk) {
      if (er)
        stream.emit('error', er);
      else
        stream.push(chunk);
    }

However, *only* fs streams actually would behave in this way, so it
makes not a lot of sense to make TCP, TLS, HTTP, and all the rest have
to bend into this uncomfortable paradigm.
2013-02-28 17:38:17 -08:00
Fedor Indutny
ebc95f0716 tls: _handle.readStart/readStop for CryptoStream
lib/http.js is using stream._handle.readStart/readStop to control
data-flow coming out from underlying stream. If this methods are not
present - data might be buffered regardless of whether it'll be read.

see #4657
2013-02-21 23:29:18 +04:00
isaacs
60238cce12 tls: Write pending data on socket drain
Fixes #4800
2013-02-19 11:41:39 -08:00
isaacs
02374d0c17 tls: Cycle data when underlying socket drains 2013-02-11 16:43:10 -08:00