When creating a TLSSocket instance based on the existing connecting
socket, `_connecting` property is copied after the initialization of
`net.Socket`. However, since `net.Socket` constructor will call
`.read(0)` if the `readable` is true - error may happen at this code
chunk in net.js:
Socket.prototype._read = function(n) {
debug('_read');
if (this._connecting || !this._handle) {
debug('_read wait for connection');
this.once('connect', this._read.bind(this, n));
...
Leading to a test failures on windows:
- test/simple/test-tls-connect-given-socket.js
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Without this check it is possible to have the _events object shared
amongst instances.
Fixes #7157
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Oversight to not pass blksize to fs.Stats on initialization.
Also added a test to make sure the object property has been set. Since
now on Windows both blksize and blocks will simply be set to undefined.
Fix issue where a signed integer is returned.
Example:
var b = new Buffer(4);
b.writeUInt32BE(0xffffffff);
b.readUInt32BE(0) == -1
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
When our estimates for a storage size are higher than the actual length
of decoded data, the destination buffer should be truncated. Otherwise
`Buffer::Length` will give misleading information to C++ layer.
fix #7365
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Introduce new signature for both `dgram.createSocket` method and
`dgram.Socket` constructor:
dgram.createSocket(options, [listener])
Options should contain `type` property and may contain `reuseAddr`
property. When `reuseAddr` is `true` - SO_REUSEADDR will be issued on
socket on bind.
fix #7415
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Socket may become not `readable`, but http should not rely on this
property and should not think that it means that no data will ever
arrive from it. In fact, it may arrive in a next tick and, since
`this.push(null)` was already called, it will result in a error like
this:
Error: stream.push() after EOF
at readableAddChunk (_stream_readable.js:143:15)
at IncomingMessage.Readable.push (_stream_readable.js:123:10)
at HTTPParser.parserOnBody (_http_common.js:132:22)
at Socket.socketOnData (_http_client.js:277:20)
at Socket.EventEmitter.emit (events.js:101:17)
at Socket.Readable.read (_stream_readable.js:367:10)
at Socket.socketCloseListener (_http_client.js:196:10)
at Socket.EventEmitter.emit (events.js:123:20)
at TCP.close (net.js:479:12)
fix #6784
This prevents segfaults when a native method is reassigned to a
different object (which corrupts args.This()). When unwrapping,
clients should use args.Holder() instead of args.This().
Closes #6690.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Increase the performance and simplify the logic of Buffer#write{U}Int*
and Buffer#read{U}Int* methods by placing the byte manipulation code
directly inline.
Also improve the speed of buffer-write benchmarks by creating a new
call directly to each method by using Function() instead of calling by
buff[fn].
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
The two biggest changes are that v8::Script::New() has been removed and
that a v8::Script object now has to be explicitly bound to a context if
you want to run it from another context.
We can accommodate both changes without breaking the vm module's public
API or even the internal JS API.
The test/simple/test-smalloc.js has an implicit assumption
of the byte order of the data stored for Double and Uint32
values. On a big endian platform this test fails without
these patches.
Use os.endianness() to detect the endian of the platform
and use it to gate the static value used for comparison.
Improve on commit b55c9d6 by not requiring that switches are comma
separated. This commit makes `./configure --v8-options="--foo --bar"`
work and takes special care to properly escape quotes in the options
string.
By building the fs.Stats object in JS, which is returned by all fs stat
functions, calls to v8::Object::Set() are removed. This also includes
creating all associated Date objects in JS, rather than using
v8::Date::New(). Both these changes have significant performance gains.
Note that the returned value from fs.stat changes slightly for non-POSIX
systems. Whereas before the stats object would be missing blocks and
blksize keys, it now has these keys with undefined as the value.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix #7249
Include the "expected protocol" in the Error message
string, which evaluates to "http:" for the `http`
core module, and "https:" for the `https` module.
Closes #7355.
These are an old and deprecated properties that was used by previous
stream implementation, and are still in use in some user-land modules.
Prior to this commit, they were read from the underlying socket, which
may be non-readable/non-writable while connecting or while staying
uninitialized.
Force set them to `true`, just to make sure that there will be no
inconsistency.
fix #7152
Previously the build artifacts did not include a signed timestamp, so
when the certificate expired the validation of the artifact would fail.
Now we sign against a timestamp server such that the artifact will
always be valid regardless of the disposition of the certificate.
Closes #7360 and #7059.
Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.
The entropy pool starts out empty and needs to fill up before the PRNG
can be used securely.
OpenSSL normally fills the pool automatically but not when someone
starts generating random numbers before the pool is full: in that case
OpenSSL keeps lowering the entropy estimate to thwart attackers trying
to guess the initial state of the PRNG.
When that happens, we wait until enough entropy is available, something
that normally should never take longer than a few milliseconds.
Fixes #7338.
The default entropy source is /dev/urandom on UNIX platforms, which is
okay but we can do better by seeding it from OpenSSL's entropy pool.
On Windows we can certainly do better; on that platform, V8 seeds the
random number generator using only the current system time.
Fixes #6250.
NB: This is a back-port of commit 7ac2391 from the master branch that
for some reason never got back-ported to the v0.10 branch.
The default on UNIX platforms in v0.10 is different and arguably worse
than it is with master: if no entropy source is provided, V8 3.14 calls
srandom() with a xor of the PID and the current time in microseconds.
That means that on systems with a coarse system clock, the initial
state of the PRNG may be easily guessable.
The situation on Windows is even more dire because there the PRNG is
seeded with only the current time... in milliseconds.
* Documentation upgrades
* Fix glob bug which prevents proper README publishing
* node-gyp upgrade to 0.13
* Documentation updates
* Add --save-exact to save an exact dep (instead of a range)
* alias 't' to 'test'
The `Agent#request()` function was removed in
f3189ace6b, so don't
use it in the documentation example. The function
wasn't documented in the first place.
Default to the `defaultAgent.protocol` when comparing the
user-specified `options.protocol` string. This is so that
`http.Agent` instances do not need to specify their own
`protocol` field, since we have the relevant information
already from the `defaultAgent`.
Note that the test case could be separately cherry-picked
to the `v0.10` branch, since it already passes correctly.
Fixes #7349.
Fixes the regression described in: http://git.io/2ds-WQ
Turn off -Werror when building V8, it hits -Werror=unused-local-typedefs
with g++ 4.8. The warning itself is harmless so don't abort the build.
This was originally implemented in commit d2ab314e back in 2011 but the
build process has gone through a few iterations since then, that change
no longer works.
