0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

253 Commits

Author SHA1 Message Date
James M Snell
4d00cd4ce7 tls: move convertNPNProtocols to End-of-Life
This was deprecated in 10.0.0 because NPN support was removed.
It does not make sense to keep this around longer than 10.x

PR-URL: https://github.com/nodejs/node/pull/20736
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
2018-05-17 09:53:44 -07:00
Hackzzila
564048dc29
http,https,tls: switch to WHATWG URL parser
This switches the url parser from `url.parse()` to the WHATWG URL
parser while keeping `url.parse()` as fallback.

Also add tests for invalid url deprecations and correct hostname
checks.

PR-URL: https://github.com/nodejs/node/pull/20270
Fixes: https://github.com/nodejs/node/issues/19468
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2018-04-29 17:03:16 +02:00
Daniel Bevenius
bbdb4af0bd lib: remove duplicate require calls in tls.js
This commit removes the duplicate require calls of the _tls_common and
_tls_wrap modules. The motivation for this being that even though the
modules are cached the additional calls are unnecessary.

PR-URL: https://github.com/nodejs/node/pull/20099
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2018-04-19 07:18:14 +02:00
Daniel Bevenius
72d15866ac lib: use object destructuring tls.js
This commit updates canonicalizeIP and Buffer to use object
destructuring which is done for other functions in lib/tls.js

PR-URL: https://github.com/nodejs/node/pull/20070
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2018-04-19 05:33:16 +02:00
Ben Noordhuis
9204a0db6e tls: runtime-deprecate tls.convertNPNProtocols()
Fixes: https://github.com/nodejs/node/issues/14602
PR-URL: https://github.com/nodejs/node/pull/19403
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2018-03-27 16:22:37 +02:00
Michaël Zasso
1e8d110e64 lib: port errors to new system
This is a first batch of updates that touches non-underscored modules in
lib.

PR-URL: https://github.com/nodejs/node/pull/19034
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
2018-03-05 19:51:30 +01:00
Anna Henningsen
9301b8a9c6
tls: make deprecated tls.createSecurePair() use public API
Make the deprecated `tls.createSecurePair()` method use other public
APIs only (`TLSSocket` in particular).

Since `tls.createSecurePair()` has been runtime-deprecated only
since Node 8, it probably isn’t quite time to remove it yet,
but this patch removes almost all of the code complexity that
is retained by it.

The API, as it is documented, is retained. However, it is very likely
that some users have come to rely on parts of undocumented API
of the `SecurePair` class, especially since some of the existing
tests checked for those. Therefore, this should definitely be
considered a breaking change.

PR-URL: https://github.com/nodejs/node/pull/17882
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
2018-01-14 14:49:41 +01:00
Hannes Magnusson
df63e53458
doc: document tls.checkServerIdentity
The funciton was added in eb2ca10462

PR-URL: https://github.com/nodejs/node/pull/17203
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2017-12-01 20:44:52 +01:00
Hativ
af78840b19
tls: set ecdhCurve default to 'auto'
For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.

See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)

PR-URL: https://github.com/nodejs/node/pull/16853
Refs: https://github.com/nodejs/node/issues/16196
Refs: https://github.com/nodejs/node/issues/1495
Refs: https://github.com/nodejs/node/pull/15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2017-11-29 00:43:05 +01:00
Mattias Holmlund
b6df87e1d4
http, tls: better support for IPv6 addresses
- Properly handle IPv6 in Host header when setting servername.
- When comparing IP addresses against addresses in the subjectAltName
  field of a certificate, format the address correctly before
  doing the string comparison.

PR-URL: https://github.com/nodejs/node/pull/14772
Fixes: https://github.com/nodejs/node/issues/14736
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2017-11-02 21:05:20 -04:00
Timothy Gu
7907534a8d
lib: faster type checks for some types
PR-URL: https://github.com/nodejs/node/pull/15663
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benedikt Meurer <benedikt.meurer@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2017-10-01 23:58:59 -03:00
James M Snell
193926ecab
tls,doc: fix unallocated deprecation code
Deprecation was landed using `DEP00XX` instead of a properly
allocated deprecation code.

PR-URL: https://github.com/nodejs/node/pull/15534
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2017-09-24 11:28:17 -03:00
XadillaX
468110b327
tls: deprecate parseCertString & move to internal
`tls.parseCertString()` exposed by accident. Now move this function to
`internal/tls` and mark the original one as deprecated.

PR-URL: https://github.com/nodejs/node/pull/14249
Refs: https://github.com/nodejs/node/issues/14193
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
2017-09-13 16:54:35 -03:00
Ben Noordhuis
0f7c06eb2d
tls: fix object prototype type confusion
Use `Object.create(null)` for dictionary objects so that keys from
certificate strings or the authorityInfoAccess field cannot conflict
with Object.prototype properties.

PR-URL: https://github.com/nodejs/node/pull/14447
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2017-08-30 15:41:23 -03:00
Michael Dawson
3ccfeb483d tls: migrate tls.js to use internal/errors.js
Migrate tls.js to use internal/errors.js as per
https://github.com/nodejs/node/issues/11273

PR-URL: https://github.com/nodejs/node/pull/13994
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2017-07-18 14:03:23 -04:00
Rich Trott
0d22858d67 lib: remove excess indentation
In anticipation of stricter linting for indentation, remove instances of
extra indentation that will be flagged by the new rules.

PR-URL: https://github.com/nodejs/node/pull/14090
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2017-07-07 13:18:19 -07:00
Rich Trott
095c0de94d benchmark,lib,test: use braces for multiline block
For if/else and loops where the bodies span more than one line, use
curly braces.

PR-URL: https://github.com/nodejs/node/pull/13828
Ref: https://github.com/nodejs/node/pull/13623#discussion_r123048602
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2017-06-23 14:43:20 -07:00
Ruben Bridgewater
c474f88987
lib: fix typos
PR-URL: https://github.com/nodejs/node/pull/13741
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
2017-06-19 18:18:56 +02:00
Anna Henningsen
c3efe72669
tls: support Uint8Arrays for protocol list buffers
PR-URL: https://github.com/nodejs/node/pull/11984
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2017-03-27 02:08:49 +02:00
James M Snell
98e54b0bd4 meta: restore original copyright header
A prior io.js era commit inappropriately removed the
original copyright statements from the source. This
restores those in any files still remaining from that
edit.

Ref: https://github.com/nodejs/TSC/issues/174
Ref: https://github.com/nodejs/node/pull/10599
PR-URL: https://github.com/nodejs/node/pull/10155

Note: This PR was required, reviewed-by and approved
by the Node.js Foundation Legal Committee and the TSC.
There is no `Approved-By:` meta data.
2017-03-10 11:23:48 -08:00
James M Snell
a2ae08999b tls: runtime deprecation for tls.createSecurePair()
Upgrade the deprecation for _tls_legacy (`tls.createSecurePair()`)
to a runtime deprecation.

PR-URL: https://github.com/nodejs/node/pull/11349
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
2017-03-06 14:23:20 -08:00
Jackson Tian
69674f4d3e lib: remove unnecessary parameter for assertCrypto()
The `exports` parameter is unnecessary.

PR-URL: https://github.com/nodejs/node/pull/10834
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <sam@strongloop.com>
2017-01-18 11:13:18 +08:00
Rich Trott
56950674d6 crypto,tls: fix mutability of return values
If you alter the array returned by `tls.getCiphers()`,
`crypto.getCiphers()`, `crypto.getHashes()`, or `crypto.getCurves()`, it
will alter subsequent return values from those functions.

```js
'use strict';

const crypto = require('crypto');

var hashes = crypto.getHashes();

hashes.splice(0, hashes.length);

hashes.push('some-arbitrary-value');

console.log(crypto.getHashes()); // "['some-arbitrary-value']"
```

This is surprising. Change functions to return copy of array instead.

PR-URL: https://github.com/nodejs/node/pull/10795
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
2017-01-16 20:32:23 -08:00
Myles Borins
2e568d95bd lib: remove let from for loops
This is a known de-opt. It may not be 100% necessary in all cases but it
seems like a decent enough idea to avoid it.

PR-URL: https://github.com/nodejs/node/pull/8873
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2016-10-04 12:17:32 -04:00
Ben Noordhuis
c34e58e684 lib: make tls.checkServerIdentity() more strict
PR-URL: https://github.com/nodejs/node-private/pull/75
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-09-28 11:19:18 +10:00
Mike Ralphson
30701a72c0 tls: add 'new' keyword for Array constructor call
PR-URL: https://github.com/nodejs/node/pull/8514
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-09-18 14:25:57 +02:00
Sakthipriyan Vairamani
60dcd7323f tls: copy the Buffer object before using
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols`
buffer object as it is, and if it is modified outside of core, it
might have an impact. This patch makes a copy of the buffer object,
before using it.

PR-URL: https://github.com/nodejs/node/pull/8055
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
2016-08-17 18:40:52 -07:00
James M Snell
f3d5efa3ee tls: avoid calling Buffer.byteLength multiple times
There's no reason to be calling Buffer.byteLength() twice.
Small perf improvement

Run 1:
tls/convertprotocols.js n=1     v6.2.1 = 11852,  new = 12204 ......  -2.89%
tls/convertprotocols.js n=50000 v6.2.1 = 515660, new = 570610 .....  -9.63%

Run 2:
tls/convertprotocols.js n=1     v6.2.1 = 11729,  new = 12045 ......  -2.62%
tls/convertprotocols.js n=50000 v6.2.1 = 512080, new = 637730 ..... -19.70%

PR-URL: https://github.com/nodejs/node/pull/7236
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
2016-06-21 10:53:25 -07:00
James M Snell
6be73feaeb crypto,tls: perf improvements for crypto and tls getCiphers
Improve performance of crypto.getCiphers, getHashes, getCurves
and tls.getCiphers by consolidating filterDuplicates logic, adding
caching of output, and streamlining filterDuplicates implementation.

Benchmarks:

crypto.getCiphers n=1    v6.2.1 = 2559.3, new = 15890 ...... -83.89%
crypto.getCiphers n=5000 v6.2.1 = 3516.3, new = 24203000 ... -99.99%

tls.getCiphers    n=1    v6.2.1 = 3405.3, new = 14877 ...... -77.11%
tls.getCiphers    n=5000 v6.2.1 = 6074.4, new = 24202000 ... -99.97%

PR-URL: https://github.com/nodejs/node/pull/7225
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
2016-06-21 10:03:08 -07:00
James M Snell
dcccbfdc79 src: refactor require('constants')
The require('constants') module is currently undocumented and mashes
together unrelated constants. This refactors the require('constants')
in favor of distinct os.constants, fs.constants, and crypto.constants
that are specific to the modules for which they are relevant. The
next step is to document those within the specific modules.

PR-URL: https://github.com/nodejs/node/pull/6534
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com>
2016-05-17 11:05:18 -07:00
Rich Trott
a56da51a38 benchmark,test,lib: remove extra spaces
In preparation for stricter linting, remove extra spaces.

PR-URL: https://github.com/nodejs/node/pull/6645
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Roman Reiss <me@silverwind.io>
2016-05-11 23:18:16 -07:00
James M Snell
f429fe1b88 crypto: fail early when loading crypto without openssl
Fail early in require('crypto'), require('tls'),
require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

PR-URL: https://github.com/nodejs/node/pull/5611
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2016-03-23 10:34:40 -07:00
Jackson Tian
91466b855f lib: refactor code with startsWith/endsWith
reduce using RegExp for string test. This pull reuqest replaces
various usages of regular expressions in favor of the ES2015
startsWith and endsWith methods.

PR-URL: https://github.com/nodejs/node/pull/5753
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
2016-03-23 15:58:52 +02:00
James M Snell
85ab4a5f12 buffer: add .from(), .alloc() and .allocUnsafe()
Several changes:

* Soft-Deprecate Buffer() constructors
* Add `Buffer.from()`, `Buffer.alloc()`, and `Buffer.allocUnsafe()`
* Add `--zero-fill-buffers` command line option
* Add byteOffset and length to `new Buffer(arrayBuffer)` constructor
* buffer.fill('') previously had no effect, now zero-fills
* Update the docs

PR-URL: https://github.com/nodejs/node/pull/4682
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
2016-03-16 08:34:02 -07:00
Michaël Zasso
0ec093cd41 lib,test: remove extra semicolons
PR-URL: https://github.com/nodejs/node/pull/2205
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
2016-01-16 19:54:25 +01:00
Michaël Zasso
7ce0e04f44 lib: fix style issues after eslint update
With an indentation style of two spaces, it is not possible to indent
multiline variable declarations by four spaces. Instead, the var keyword
is used on every new line.
Use const instead of var where applicable for changed lines.

PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>
2016-01-13 23:16:05 +01:00
Myles Borins
6b0c906e6b tls: remove util and calls to util.format
Currently util.format is being used for string templating in tls.
By replacing all of the instances of util.format with backtick
string we can remove the need to require util in tls all together.

PR-URL: https://github.com/nodejs/node/pull/3456
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-10-28 16:57:55 -07:00
Shigeki Ohtsu
802a2e79e1 tls, crypto: add ALPN Support
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: https://github.com/nodejs/node/pull/2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-10-27 01:31:47 +09:00
James M Snell
5ba868f024 tls: add --tls-cipher-list command line switch
This adds a new `--tls-cipher-list` command line switch
that can be used to override the built-in default cipher
list. The intent of this is to make it possible to enforce
an alternative default cipher list at the process level.
Overriding the default cipher list is still permitted at
the application level by changing the value of
`require('tls').DEFAULT_CIPHERS`.

As part of the change, the built in default list is moved
out of tls.js and into node_constants.h and node_constants.cc.
Two new constants are added to require('constants'):

  * defaultCipherList (the active default cipher list)
  * defaultCoreCipherList (the built-in default cipher list)

A test case and doc changes are included.

A new NODE_DEFINE_STRING_CONSTANT macro is also created in
node_internals.h

When node_constants is initialized, it will pick up either
the passed in command line switch or fallback to the default
built-in suite.

Within joyent/node, this change had originaly been wrapped
up with a number of other related commits involving the
removal of the RC4 cipher. This breaks out this isolated
change.

/cc @mhdawson, @misterdjules, @trevnorris, @indutny, @rvagg

Reviewed By: Ben Noordhuis <ben@strongloop.com>
PR-URL: https://github.com/nodejs/node/pull/2412
2015-08-23 08:52:01 -07:00
Mike Atkins
f1810ed1b8 tls: handle empty cert in checkServerIndentity
This resolves joyent/node#9272. `tlsSocket.getPeerCertificate` will
return an empty object when the peer does not provide a certificate,
but, prior to this, when the certificate is empty, `checkServerIdentity`
would throw because the `subject` wasn't present on the cert.
`checkServerIdentity` must return an error, not throw one, so this
returns an error when the cert is empty instead of throwing
a `TypeError`.

PR-URL: https://github.com/nodejs/node/pull/2343
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2015-08-21 11:24:51 +09:00
Roman Reiss
b5b8ff117c lib: don't use global Buffer
Port of https://github.com/joyent/node/pull/8603

The race condition present in the original PR didn't occur, so no
workaround was needed.

PR-URL: https://github.com/nodejs/io.js/pull/1794
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
2015-06-11 20:24:44 +02:00
Mike MacCana
5755fc099f tls: update default ciphers to use gcm and aes128
AES-GCM or CHACHA20_POLY1305 ciphers must be used in current version of
Chrome to avoid an 'obsolete cryptography' warning.

Prefer 128 bit AES over 192 and 256 bit AES considering attacks that
specifically affect the larger key sizes but do not affect AES 128.

PR-URL: https://github.com/iojs/io.js/pull/1660
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Roman Reiss <me@silverwind.io>
2015-05-11 13:37:48 +02:00
Brendan Ashworth
1219e7466c lib: reduce process.binding() calls
This commit better handles calls to process.binding() in lib/ by
no longer lazy loading the bindings (the load times themselves are
rather miniscule compared to the load time of V8) and never reloading
the bindings (which is 172 times slower than referencing a variable with
the same value).

PR-URL: https://github.com/iojs/io.js/pull/1367
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-09 10:51:19 -07:00
Roman Reiss
77f35861d0 tls: more secure defaults
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.

Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
2015-02-16 12:33:12 +01:00
cjihrig
6ac8bdc0ab lib: reduce util.is*() usage
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).

Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-31 23:47:29 -05:00
cjihrig
804e7aa9ab lib: use const to define constants
This commit replaces a number of var statements throughout
the lib code with const statements.

PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-21 16:21:31 -05:00
isaacs
3e1b1dd4a9 Remove excessive copyright/license boilerplate
The copyright and license notice is already in the LICENSE file.  There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
2015-01-12 15:30:28 -08:00
Ben Noordhuis
fcbbc7a050 Merge remote-tracking branch 'joyent/v0.12' into v0.12
Conflicts:
	Makefile
	deps/v8/src/base/platform/platform.h

PR-URL: https://github.com/node-forward/node/pull/65
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2014-11-22 17:55:59 +01:00
Ben Noordhuis
21130c7d6f lib: turn on strict mode
Turn on strict mode for the files in the lib/ directory.  It helps
catch bugs and can have a positive effect on performance.

PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-11-22 17:23:30 +01:00
Jackson Tian
d8a3c4ab2a tls: remove tls.createSecurePair code deprecation
In https://github.com/joyent/node/pulls/8695, the deprecation was
removed from doc.  This removes the deprecation from the code.

PR-URL: https://github.com/joyent/node/pull/8700
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>
2014-11-09 21:39:24 -08:00