mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Code Issues Releases Activity
6,856 Commits 52 Branches 857 Tags 1.8 GiB
7142b260c6
Commit Graph

132 Commits

Author SHA1 Message Date
isaacs
ee200942dd lint 2012-08-22 11:03:14 -07:00
Ben Noordhuis
badbd1af27 tls: update default cipher list 
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA
to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
in order to mitigate BEAST attacks.

The documentation suggested AES256-SHA but unfortunately that's a CBC cipher
and therefore susceptible to attacks.

Fixes #3900.
 2012-08-21 22:27:13 +02:00
Ben Noordhuis
6b18e88b68 tls: handle multiple CN fields when verifying cert 
Fixes #3861.
 2012-08-12 21:48:26 +02:00
Fedor Indutny
42c6952edb tls: pass linting 2012-07-20 22:07:39 +04:00
Fedor Indutny
50122fed8a tls: fix 'hostless' tls connection verification 
And fix last failing tests
 2012-07-20 21:43:12 +04:00
Fedor Indutny
5950db197c tls: revert accidental API change 
socket.authorizationError should always be string. Also make sni test
pass.
 2012-07-20 21:10:23 +04:00
Fedor Indutny
4aa09d1e0e tls: localhost is valid against identity-check 2012-07-20 20:51:38 +04:00
Fedor Indutny
eb2ca10462 tls: veryify server's identity 2012-07-20 01:49:31 +04:00
Jonas Westerlund
4cfdc57712 Inline timeout function, avoiding declaration in conditional 
Moving it out would require an anonymous function, or bind(), anyway.
Luckily It's a tiny function. Fixes crash in strict mode.
 2012-07-06 19:28:35 -07:00
Ben Noordhuis
ff552ddbaa tls: fix off-by-one error in renegotiation check 
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
 2012-06-18 04:31:40 +02:00
Andreas Madsen
1e0ce5d1bd domain: the EventEmitter constructor is now always called in nodecore 2012-06-15 09:49:05 -07:00
isaacs
9611354f08 lint 2012-05-15 13:03:43 -07:00
isaacs
5164ae3838 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
 2012-05-15 11:37:34 -07:00
ssuda
fb7348ae06 crypto: add PKCS12/PFX support 
Fixes #2845.
 2012-05-14 17:12:59 +02:00
fukayatsu
0f95a93a2c tls: remove duplicate line 2012-04-16 21:38:26 +02:00
Yosef Dinerstein
d7c96cf289 tls: reduce memory overhead, reuse buffer 
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
 2012-03-29 17:17:15 +02:00
Shigeki Ohtsu
e1199fa335 tls: fix CryptoStream.setKeepAlive() 2012-03-23 00:20:46 +01:00
ssuda
9b672bcaa2 tls: parsing multiple values of a key in ssl certificate 
Fixes #2864.
 2012-03-10 23:43:16 +09:00
Dmitry Nizovtsev
1e9bcf26ce net, http, https: add localAddress option 
Binds to a local address before making the outgoing connection.
 2012-03-06 13:35:49 +01:00
isaacs
959a19e118 lint 2012-03-03 23:48:57 -08:00
Jimb Esser
78db18739a tls: proxy set(Timeout|NoDelay|KeepAlive) methods 
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
  HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
  HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
  HTTPS requests.
 2012-03-03 00:28:43 +01:00
Blake Miner
7343f8e776 tls: add honorCipherOrder option to tls.createServer() 
Documented how to mitigate BEAST attacks.
 2012-02-29 02:16:08 +01:00
Maciej Małecki
da908364a8 tls http https: don't pollute user's options object 2012-02-20 21:58:00 +01:00
isaacs
0cdf85e28d Lint all the JavaScripts. 2012-02-18 15:34:57 -08:00
isaacs
31721da4b1 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	AUTHORS
	ChangeLog
	Makefile
	doc/about/index.html
	doc/api/tls.markdown
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	lib/http.js
	lib/tls.js
	src/node_version.h
	src/platform_win32.cc
	test/simple/test-tls-connect-given-socket.js
 2012-02-18 09:46:58 -08:00
Ben Noordhuis
3415427dbf tls: mitigate session renegotiation attacks 
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
 2012-02-16 18:15:21 +01:00
koichik
b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
Ben Noordhuis
e806ad39d0 net, tls, http: remove socket.ondrain 
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
 2012-01-24 15:57:50 +01:00
Fedor Indutny
667aae596c Merge branch 'v0.6' 
Conflicts:
	ChangeLog
	doc/template.html
	lib/cluster.js
	lib/http.js
	lib/tls.js
	src/node.h
	src/node_version.h
	test/simple/test-cluster-kill-workers.js
 2012-01-24 00:30:28 +06:00
koichik
534df2f8d2 tls: fix double 'error' events on HTTPS Requests 
Fixes #2549.
 2012-01-17 17:09:27 +01:00
koichik
c1a63a9e90 tls: Allow establishing secure connection on the existing socket 
This is necessary to use SSL over HTTP tunnels.

Refs #2259, #2474.
Fixes #2489.
 2012-01-09 02:31:46 +01:00
Maciej Małecki
4b4d059791 tls: make tls.connect accept port and host in options 
Previous API used form:

    tls.connect(443, "google.com", options, ...)

now it's replaced with:

    tls.connect({port: 443, host: "google.com", ...}, ...)

It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.

Fixes #1983.
 2012-01-08 11:12:56 +01:00
koichik
b962ff35dd tls: fix test-https-client-reject fails 
Fixes #2417.
 2011-12-27 17:33:23 +09:00
Ryan Dahl
f7f8af8420 Merge remote branch 'origin/v0.6' 
Conflicts:
	Makefile
	lib/_debugger.js
 2011-12-21 12:17:23 -08:00
koichik
07c27e040e tls: Fix node swallows openssl error on request 
Fixes #2308.
Fixes #2246.
 2011-12-21 19:48:15 +01:00
Ben Noordhuis
7a7f1062bf tls: remove duplicate assignment 2011-12-21 15:01:07 +01:00
koichik
f8c335d0ca tls: enable rejectUnauthorized option to client 
Fiexes #2247.
 2011-12-07 22:47:06 +09:00
koichik
5451ba3aa8 tls: fix https with fs.openReadStream hangs 
Fixes #2185.
Fixes #2198.
 2011-11-27 16:31:45 +09:00
Ben Noordhuis
5e3b0095de tls: make cipher list configurable 
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.

Fixes #2066.
 2011-11-17 00:01:41 +01:00
koichik
f53d092a2a tls, https: add passphrase option 
Fixes #1925.
 2011-10-31 17:36:43 +09:00
koichik
cbcaeedba9 tls: add address(), remoteAddress/remotePort 
Fixes #758.
Fixes #1055.
 2011-10-27 00:28:16 +09:00
koichik
0e8a55d2a2 tls: does not emit 'end' from EncryptedStream 
de09168 and 4cdf9d4 breaks `test/pummel/test-https-large-response.js`.
It is never finished.

Fixes #1936.
 2011-10-27 00:18:29 +09:00
Ryan Dahl
493d3b9f7c Merge remote branch 'origin/v0.4' 
Conflicts:
	ChangeLog
	Makefile
	deps/libev/wscript
	doc/index.html
	doc/template.html
	lib/net.js
	src/node_version.h
	src/platform_cygwin.cc
	test/pummel/test-net-write-callbacks.js
	test/simple/test-buffer.js
 2011-10-21 18:02:30 -07:00
Ryan Dahl
de09168e5a Emit 'end' from crypto streams on close 
Fixes test/simple/test-tls-peer-certificate.js on Windows

Patch from bnoordhuis.

See also 75a0cf970f
 2011-10-21 13:16:41 -07:00
koichik
68cc173c6d tls: The TLS API is inconsistent with the TCP API 
Add 'secureConnect' event to tls.CleartextStream.

Fixes #1467.
 2011-10-15 19:27:21 +09:00
koichik
19a855382c tls: requestCert unusable with Firefox and Chrome 
Fixes #1516.
 2011-10-15 00:54:46 +09:00
koichik
4cdf9d4158 tls: Improve TLS flow control 
Fixes #1775.
 2011-09-30 15:44:45 +09:00
Ben Noordhuis
243c218c7a tls: remove superfluous setOptions() call 2011-09-19 16:28:22 +02:00
Sean Cunningham
eb99083d0b tls: add client-side session resumption support 2011-09-07 20:01:14 +02:00
koichik
6f60683802 tls: x509 certificate subject parsing fail 
Fixes #1568.
 2011-08-31 03:47:23 +09:00