0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

253 Commits

Author SHA1 Message Date
Shigeki Ohtsu
f6877f37b2 tls: add DHE-RSA-AES128-SHA256 to the def ciphers
`!EDH` is also removed from the list in the discussion of #8272

Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-08-29 00:36:51 +04:00
Trevor Norris
803c3f0aa0 lint: fix indentation 2014-07-02 21:02:36 -07:00
Fedor Indutny
e345253562 tls: better error reporting at cert validation
fix #7417

Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-07-03 00:41:39 +04:00
Yazhong Liu
fcbffa71d0 tls: using %StringSplit to split cert.subjectaltname
Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-06-24 09:55:26 +04:00
Fedor Indutny
5d2aef17ee
crypto: move createCredentials to tls
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.

fix #7249
2014-03-29 12:01:43 +04:00
Erik Dubbelboer
bb909ad642 tls: add ECDH ciphers support
Switch test fixtures to 1024 bit keys.
2013-10-30 08:34:47 +01:00
isaacs
22c68fdc1d src: Replace macros with util functions 2013-08-01 15:08:01 -07:00
Ben Noordhuis
0330bdf519 lib: macro-ify type checks
Increases the grep factor. Makes it easier to harmonize type checks
across the code base.
2013-07-24 21:49:35 +02:00
Fedor Indutny
07fbb43d78 tls: export TLSSocket 2013-07-03 16:15:31 +04:00
Fedor Indutny
af80e7bc6e tls: introduce TLSSocket based on tls_wrap binding
Split `tls.js` into `_tls_legacy.js`, containing legacy
`createSecurePair` API, and `_tls_wrap.js` containing new code based on
`tls_wrap` binding.

Remove tests that are no longer useful/valid.
2013-06-16 09:30:15 +02:00
isaacs
2900f0778a Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	ChangeLog
	src/node_version.h
2013-05-31 11:52:57 -07:00
Fedor Indutny
9ee86b718c tls: proper .destroySoon
1. Emit `sslOutEnd` only when `_internallyPendingBytes() === 0`.
2. Read before checking `._halfRead`, otherwise we'll see only previous
   value, and will invoke `._write` callback improperly.
3. Wait for both `end` and `finish` events in `.destroySoon`.
4. Unpipe encrypted stream from socket to prevent write after destroy.
2013-05-30 13:50:13 +04:00
Ben Noordhuis
28659aba37 Merge remote-tracking branch 'origin/v0.10'
Conflicts:
	deps/uv/ChangeLog
	deps/uv/src/unix/stream.c
	deps/uv/src/version.c
	lib/tls.js
2013-05-29 23:12:11 +02:00
Fedor Indutny
4f14221f03 tls: invoke write cb only after opposite read end
Stream's `._write()` callback should be invoked only after it's opposite
stream has finished processing incoming data, otherwise `finish` event
fires too early and connection might be closed while there's some data
to send to the client.

see #5544
2013-05-28 22:27:07 +04:00
Fedor Indutny
fa170dd2b2 tls: ignore .shutdown() syscall error
Quote from SSL_shutdown man page:

  The output of SSL_get_error(3) may be misleading,
  as an erroneous SSL_ERROR_SYSCALL may be flagged even though
  no error occurred.

Also, handle all other errors to prevent assertion in `ClearError()`.
2013-05-28 20:14:44 +04:00
isaacs
ba048e72b0 Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	AUTHORS
	ChangeLog
	configure
	deps/uv/ChangeLog
	deps/uv/src/unix/darwin.c
	deps/uv/src/unix/stream.c
	deps/uv/src/version.c
	deps/v8/src/isolate.cc
	deps/v8/src/version.cc
	lib/http.js
	src/node_version.h
2013-05-27 14:46:52 -07:00
Fedor Indutny
f7ff8b4454 tls: retry writing after hello parse error
When writing bad data to EncryptedStream it'll first get to the
ClientHello parser, and, only after it will refuse it, to the OpenSSL.
But ClientHello parser has limited buffer and therefore write could
return `bytes_written` < `incoming_bytes`, which is not the case when
working with OpenSSL.

After such errors ClientHello parser disables itself and will
pass-through all data to the OpenSSL. So just trying to write data one
more time will throw the rest into OpenSSL and let it handle it.
2013-05-24 15:03:48 -07:00
Timothy J Fontaine
f8193ab3c4 timers: use uv_now instead of Date.now
This saves a few calls to gettimeofday which can be expensive, and
potentially subject to clock drift. Instead use the loop time which
uses hrtime internally.

fixes #5497
2013-05-22 20:13:14 -07:00
isaacs
896b2aa707 util: Add debuglog, deprecate console lookalikes 2013-05-21 16:39:50 -07:00
Ben Noordhuis
d820b64412 tls: add localAddress and localPort properties
Add localAddress and localPort properties to tls.CleartextStream.
Like remoteAddress and localPort, delegate to the backing net.Socket
object.

Refs #5502.
2013-05-20 15:18:50 +02:00
Fedor Indutny
259839fe75 Merge branch 'v0.10'
Conflicts:
	ChangeLog
	deps/uv/src/version.c
	src/node.h
	src/node_crypto.cc
	src/node_crypto_bio.cc
	src/node_crypto_bio.h
	src/node_object_wrap.h
	src/node_version.h
2013-04-12 11:30:11 -04:00
Tobias Müllerleile
4108c31293 tls: Re-enable check of CN-ID in cert verification
RFC 6125 explicitly states that a client "MUST NOT seek a match
for a reference identifier of CN-ID if the presented identifiers
include a DNS-ID, SRV-ID, URI-ID, or any application-specific
identifier types supported by the client", but it MAY do so if
none of the mentioned identifier types (but others) are present.
2013-04-07 22:09:57 +04:00
isaacs
2c9a38d059 Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	AUTHORS
	ChangeLog
	deps/v8/src/json-parser.h
	lib/crypto.js
	src/node_version.h
2013-04-05 09:02:48 -07:00
isaacs
164d5b3465 tls: Destroy socket when encrypted side closes
The v0.8 Stream.pipe() method automatically destroyed the destination
stream whenever the src stream closed.  However, this caused a lot of
problems, and was removed by popular demand.  (Many userland modules
still have a no-op destroy() method just because of this.) It was also
very hazardous because this would be done even if { end: false } was
passed in the pipe options.

In v0.10, we decided that the 'close' event and destroy() method are
application-specific, and pipe() doesn't automatically call destroy().
However, TLS actually depended (silently) on this behavior.  So, in this
case, we should just go ahead and destroy the thing when close happens.

Closes #5145
2013-04-01 10:53:49 -07:00
isaacs
97c70a6628 Merge remote-tracking branch 'ry/v0.10'
Conflicts:
	src/node.cc
	src/node_version.h
2013-03-28 13:11:04 -07:00
Fedor Indutny
4580be0882 tls: handle SSL_ERROR_ZERO_RETURN
see #5004
2013-03-28 21:59:19 +04:00
Fedor Indutny
ae86fa84fe tls: handle errors before calling C++ methods
Calling `this.pair.encrypted._internallyPendingBytes()` before
handling/resetting error will result in assertion failure:

../src/node_crypto.cc:962: void node::crypto::Connection::ClearError():
Assertion `handle_->Get(String::New("error"))->BooleanValue() == false'
failed.

see #5058
2013-03-27 16:26:24 +04:00
Manav Rathi
d20576165a tls: expose SSL_CTX_set_timeout via tls.createServer
Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.

This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.
2013-03-26 01:37:49 +01:00
Ben Noordhuis
cfd0dca9ae crypto: make getCiphers() return non-SSL ciphers
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.

Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.

Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
2013-03-25 18:42:07 +01:00
isaacs
008ab12b7f tls: Prevent hang in readStart
This is not a great fix, and it's a bug that's very tricky to reproduce.

Occasionally, while downloading a file, especially on Linux for some
reason, the pause/resume timing will be just right such that the
CryptoStream is in a 'reading' state, but actually has no data, so it
ought to pull more in.  Because there's no reads happening, it just sits
there, and the process will exit

This is, fundamentally, a factor of how the HTTP implementation sits
atop CryptoStreams and TCP Socket objects, which is utterly horrible,
and needs to be rewritten.  However, in the meantime, npm downloads are
prematurely exiting, causing hard-to-debug "cb() never called!" errors.
2013-03-20 16:14:39 -07:00
Fedor Indutny
34e22b8ee7 tls: always reset this.ssl.error after handling
Otherwise assertion may happen:

    src/node_crypto.cc:962: void node::crypto::Connection::ClearError():
    Assertion `handle_->Get(String::New("error"))->BooleanValue() == false'
    failed.

See #5058
2013-03-20 17:58:01 +04:00
Fedor Indutny
b5ddc0cf96 tls: write pending data of opposite side
Fix stucked CryptoStream behaviour, happening when one of the sides
locks-up in queued state.

fix #5023
2013-03-17 20:19:09 +04:00
isaacs
426b4c6258 stream: _write takes an encoding argument
This vastly reduces the overhead of decodeStrings:false streams,
such as net and http.
2013-03-05 14:27:15 -08:00
isaacs
049903e333 stream: Split Writable logic into small functions
1. Get rid of unnecessary 'finishing' flag
2. Dont check both ending and ended. Extraneous.

Also: Remove extraneous 'finishing' flag, and don't check both 'ending'
and 'ended', since checking just 'ending' is sufficient.
2013-03-05 14:26:34 -08:00
isaacs
88644eaa2d stream: There is no _read cb, there is only push
This makes it so that `stream.push(chunk)` is the only way to signal the
end of reading, removing the confusing disparity between the
callback-style _read method, and the fact that most real-world streams
do not have a 1:1 corollation between the "please give me data" event,
and the actual arrival of a chunk of data.

It is still possible, of course, to implement a `CallbackReadable` on
top of this.  Simply provide a method like this as the callback:

    function readCallback(er, chunk) {
      if (er)
        stream.emit('error', er);
      else
        stream.push(chunk);
    }

However, *only* fs streams actually would behave in this way, so it
makes not a lot of sense to make TCP, TLS, HTTP, and all the rest have
to bend into this uncomfortable paradigm.
2013-02-28 17:38:17 -08:00
Fedor Indutny
ebc95f0716 tls: _handle.readStart/readStop for CryptoStream
lib/http.js is using stream._handle.readStart/readStop to control
data-flow coming out from underlying stream. If this methods are not
present - data might be buffered regardless of whether it'll be read.

see #4657
2013-02-21 23:29:18 +04:00
isaacs
60238cce12 tls: Write pending data on socket drain
Fixes #4800
2013-02-19 11:41:39 -08:00
isaacs
02374d0c17 tls: Cycle data when underlying socket drains 2013-02-11 16:43:10 -08:00
Fedor Indutny
d59beb9f68 tls: port CryptoStream to streams2 2013-02-06 23:23:54 +04:00
Andy Burke
595b5974d7 Add bytesWritten to tls.CryptoStream
This adds a proxy for bytesWritten to the tls.CryptoStream.  This
change makes the connection object more similar between HTTP and
HTTPS requests in an effort to avoid confusion.

See issue #4650 for more background information.
2013-01-24 16:48:49 -08:00
Fedor Indutny
82f1d340c1 tls: make slab buffer's size configurable
see #4636
2013-01-24 08:47:07 -08:00
Fedor Indutny
b4b750b6a5 tls: follow RFC6125 more stricly
* Allow wildcards only in left-most part of hostname identifier.
* Do not match CN if altnames are present
2013-01-14 17:18:30 -08:00
Fedor Indutny
4dd70bb12c tls: allow wildcards in common name
see #4592
2013-01-14 21:10:03 +04:00
isaacs
77ed12fe7a Merge remote-tracking branch 'ry/v0.8' into master
Conflicts:
	AUTHORS
	ChangeLog
	deps/uv/test/test-spawn.c
	deps/uv/uv.gyp
	src/cares_wrap.cc
	src/node.cc
	src/node_version.h
	test/simple/test-buffer.js
	tools/gyp/pylib/gyp/common.py
	tools/install.py
2012-12-13 16:57:58 -08:00
Ben Noordhuis
5b65638124 tls, https: add tls handshake timeout
Don't allow connections to stall indefinitely if the SSL/TLS handshake does
not complete.

Adds a new tls.Server and https.Server configuration option, handshakeTimeout.

Fixes #4355.
2012-12-06 17:39:24 +01:00
Ben Noordhuis
121ed91331 tls: fix tls.connect() resource leak
The 'secureConnect' event listener was attached with .on(), which blocked it
from getting garbage collected. Use .once() instead.

Fixes #4308.
2012-11-26 01:51:05 +01:00
Girish Ramakrishnan
2f03eaf76f doc: tls: rejectUnauthorized defaults to true after 35607f3a 2012-11-01 16:16:27 +01:00
Brandon Philips
19b87bbda0 tls: delete useless removeListener call
onclose was never attached to 'end' so this call to remove this listener
is useless.  Delete it.
2012-10-30 16:58:07 +01:00
isaacs
4266f5cf2e tls: Provide buffer to Connection.setSession 2012-10-23 10:48:50 -07:00
isaacs
061f2075cf string_decoder: Add 'end' method, do base64 properly 2012-10-11 16:46:18 -07:00
Ben Noordhuis
0ad005852c https: fix renegotation attack protection
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js
2012-10-09 16:38:00 +02:00
Ben Noordhuis
7394e89ff6 tls: remove dead code
Remove dead code. Forgotten in 76ddf06.
2012-10-09 16:32:51 +02:00
Ben Noordhuis
76ddf06f10 tls: don't use a timer to track renegotiations
It makes tls.createSecurePair(null, true) hang until the timer expires.

Using a timer here is silly. Use a timestamp instead.
2012-10-08 02:23:46 +02:00
isaacs
411d46087f tls: lint
cc @indutny >_<
2012-09-25 11:09:39 -07:00
Fedor Indutny
7651228ab2 tls: use slab allocator 2012-09-25 08:37:08 -07:00
Ben Noordhuis
35607f3a2d tls, https: validate server certificate by default
This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.
2012-09-15 00:19:06 +02:00
Fedor Indutny
8e0c830cd0 tls: async session storage 2012-09-05 02:01:54 +04:00
Ben Noordhuis
972cdf82f1 Merge remote-tracking branch 'origin/v0.8'
Conflicts:
	deps/uv/include/uv.h
	src/node_crypto.cc
2012-09-04 15:02:20 +02:00
Shigeki Ohtsu
f347077e78 tls: support unix domain socket/named pipe in tls.connect 2012-08-31 00:23:36 +02:00
Ben Noordhuis
8bec26122d tls, https: throw exception on missing key/cert
Throw an exception in the tls.Server constructor when the options object
doesn't contain either a PFX or a key/certificate combo.

Said change exposed a bug in simple/test-tls-junk-closes-server. Addressed.

Fixes #3941.
2012-08-29 22:53:07 +02:00
Bert Belder
bf16d9280e Merge branch 'v0.8'
Conflicts:
	ChangeLog
	deps/openssl/openssl.gyp
	src/node_version.h
2012-08-28 02:54:22 +02:00
isaacs
ee200942dd lint 2012-08-22 11:03:14 -07:00
Ben Noordhuis
badbd1af27 tls: update default cipher list
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA
to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
in order to mitigate BEAST attacks.

The documentation suggested AES256-SHA but unfortunately that's a CBC cipher
and therefore susceptible to attacks.

Fixes #3900.
2012-08-21 22:27:13 +02:00
Ben Noordhuis
a177f55b0c Merge remote-tracking branch 'origin/v0.8'
Conflicts:
	ChangeLog
	src/node_version.h
	test/message/stdin_messages.out
	tools/install.py
2012-08-17 13:05:20 +02:00
Ben Noordhuis
c492d43f48 tls: fix segfault in pummel/test-tls-ci-reneg-attack
Commit 4e5fe2d changed the way how process.nextTick() works:

    process.nextTick(function foo() {
      process.nextTick(function bar() {
        // ...
      });
    });

Before said commit, foo() and bar() used to run on separate event loop ticks
but that is no longer the case.

However, that's exactly the behavior that the TLS renegotiation attack guard
relies on. It gets called by OpenSSL and needs to defer the 'error' event to a
later tick because the default action is to destroy the TLS context - the same
context that OpenSSL currently operates on.

When things change underneath your feet, bad things happen and OpenSSL is no
exception. Ergo, use setImmediate() instead of process.nextTick() to ensure
that the 'error' event is actually emitted at a later tick.

Fixes #3840.
2012-08-13 18:10:26 +02:00
Ben Noordhuis
6b18e88b68 tls: handle multiple CN fields when verifying cert
Fixes #3861.
2012-08-12 21:48:26 +02:00
Fedor Indutny
42c6952edb tls: pass linting 2012-07-20 22:07:39 +04:00
Fedor Indutny
85185bbbaa tls: pass linting 2012-07-20 22:07:16 +04:00
Fedor Indutny
92e7433ff9 tls: fix 'hostless' tls connection verification
And fix last failing tests
2012-07-20 21:48:59 +04:00
Fedor Indutny
50122fed8a tls: fix 'hostless' tls connection verification
And fix last failing tests
2012-07-20 21:43:12 +04:00
Fedor Indutny
93d496a4ec tls: revert accidental API change
socket.authorizationError should always be string. Also make sni test
pass.
2012-07-20 21:13:54 +04:00
Fedor Indutny
5950db197c tls: revert accidental API change
socket.authorizationError should always be string. Also make sni test
pass.
2012-07-20 21:10:23 +04:00
Fedor Indutny
4aa09d1e0e tls: localhost is valid against identity-check 2012-07-20 20:51:38 +04:00
Fedor Indutny
0cf235410d tls: localhost is valid against identity-check 2012-07-20 20:47:05 +04:00
Fedor Indutny
eb2ca10462 tls: veryify server's identity 2012-07-20 01:49:31 +04:00
Fedor Indutny
8ba189b8d3 tls: veryify server's identity 2012-07-20 00:53:36 +04:00
isaacs
3ad07ed0b8 lint 2012-07-11 17:46:28 -07:00
isaacs
424cd5a020 Merge remote-tracking branch 'ry/v0.8' into v0.8-merge
Conflicts:
	src/node_version.h
2012-07-11 17:38:11 -07:00
Jonas Westerlund
4cfdc57712 Inline timeout function, avoiding declaration in conditional
Moving it out would require an anonymous function, or bind(), anyway.
Luckily It's a tiny function. Fixes crash in strict mode.
2012-07-06 19:28:35 -07:00
Fedor Indutny
f210530f46 tls: use slab allocator 2012-07-05 16:06:33 -04:00
Ben Noordhuis
ff552ddbaa tls: fix off-by-one error in renegotiation check
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
2012-06-18 04:31:40 +02:00
Andreas Madsen
1e0ce5d1bd domain: the EventEmitter constructor is now always called in nodecore 2012-06-15 09:49:05 -07:00
isaacs
9611354f08 lint 2012-05-15 13:03:43 -07:00
isaacs
5164ae3838 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
2012-05-15 11:37:34 -07:00
ssuda
fb7348ae06 crypto: add PKCS12/PFX support
Fixes #2845.
2012-05-14 17:12:59 +02:00
fukayatsu
0f95a93a2c tls: remove duplicate line 2012-04-16 21:38:26 +02:00
Yosef Dinerstein
d7c96cf289 tls: reduce memory overhead, reuse buffer
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
2012-03-29 17:17:15 +02:00
Shigeki Ohtsu
e1199fa335 tls: fix CryptoStream.setKeepAlive() 2012-03-23 00:20:46 +01:00
ssuda
9b672bcaa2 tls: parsing multiple values of a key in ssl certificate
Fixes #2864.
2012-03-10 23:43:16 +09:00
Dmitry Nizovtsev
1e9bcf26ce net, http, https: add localAddress option
Binds to a local address before making the outgoing connection.
2012-03-06 13:35:49 +01:00
isaacs
959a19e118 lint 2012-03-03 23:48:57 -08:00
Jimb Esser
78db18739a tls: proxy set(Timeout|NoDelay|KeepAlive) methods
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
  HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
  HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
  HTTPS requests.
2012-03-03 00:28:43 +01:00
Blake Miner
7343f8e776 tls: add honorCipherOrder option to tls.createServer()
Documented how to mitigate BEAST attacks.
2012-02-29 02:16:08 +01:00
Maciej Małecki
da908364a8 tls http https: don't pollute user's options object 2012-02-20 21:58:00 +01:00
isaacs
0cdf85e28d Lint all the JavaScripts. 2012-02-18 15:34:57 -08:00
isaacs
31721da4b1 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
Conflicts:
	AUTHORS
	ChangeLog
	Makefile
	doc/about/index.html
	doc/api/tls.markdown
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	lib/http.js
	lib/tls.js
	src/node_version.h
	src/platform_win32.cc
	test/simple/test-tls-connect-given-socket.js
2012-02-18 09:46:58 -08:00
Ben Noordhuis
3415427dbf tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
2012-02-16 18:15:21 +01:00
koichik
b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
Ben Noordhuis
e806ad39d0 net, tls, http: remove socket.ondrain
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
2012-01-24 15:57:50 +01:00
Fedor Indutny
667aae596c Merge branch 'v0.6'
Conflicts:
	ChangeLog
	doc/template.html
	lib/cluster.js
	lib/http.js
	lib/tls.js
	src/node.h
	src/node_version.h
	test/simple/test-cluster-kill-workers.js
2012-01-24 00:30:28 +06:00