0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-29 15:06:33 +01:00
Commit Graph

145 Commits

Author SHA1 Message Date
Michaël Zasso
edc83a9203
2019-08-20, Version 12.9.0 (Current)
Notable changes:

* crypto:
  * Added an oaepHash option to asymmetric encryption which allows
    users to specify a hash function when using OAEP padding.
    https://github.com/nodejs/node/pull/28335
* deps:
  * Updated V8 to 7.6.303.29. https://github.com/nodejs/node/pull/28955
    * Improves the performance of various APIs such as `JSON.parse` and
      methods called on frozen arrays.
    * Adds the Promise.allSettled method.
    * Improves support of `BigInt` in `Intl` methods.
    * For more information: https://v8.dev/blog/v8-release-76
  * Updated libuv to 1.31.0. https://github.com/nodejs/node/pull/29070
    * `UV_FS_O_FILEMAP` has been added for faster access to memory
      mapped files on Windows.
    * `uv_fs_mkdir()` now returns `UV_EINVAL` for invalid filenames on
      Windows. It previously returned `UV_ENOENT`.
    * The `uv_fs_statfs()` API has been added.
    * The `uv_os_environ()` and `uv_os_free_environ()` APIs have been
      added.
* fs:
  * Added `fs.writev`, `fs.writevSync` and `filehandle.writev` (promise
    version) methods. They allow to write an array of `ArrayBufferView`s
    to a file descriptor. https://github.com/nodejs/node/pull/25925
    https://github.com/nodejs/node/pull/29186
* http:
  * Added three properties to `OutgoingMessage.prototype`:
    `writableObjectMode`, `writableLength` and `writableHighWaterMark`
    https://github.com/nodejs/node/pull/29018
* stream:
  * Added an new property `readableEnded` to readable streams. Its value
    is set to `true` when the `'end'` event is emitted.
    https://github.com/nodejs/node/pull/28814
  * Added an new property `writableEnded` to writable streams. Its value
    is set to `true` after `writable.end()` has been called.
    https://github.com/nodejs/node/pull/28934

PR-URL: https://github.com/nodejs/node/pull/29210
2019-08-20 21:37:07 +02:00
Luigi Pinca
c3b8e50143 tls: allow client-side sockets to be half-opened
Make `tls.connect()` support an `allowHalfOpen` option which specifies
whether or not to allow the connection to be half-opened when the
`socket` option is not specified.

PR-URL: https://github.com/nodejs/node/pull/27836
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
2019-08-17 06:46:31 +02:00
cjihrig
29676f4867
doc: make tls links more readable
This commit replaces two long URLs in the TLS documentation
with linked text.

PR-URL: https://github.com/nodejs/node/pull/28580
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-07-08 13:42:23 -04:00
cjihrig
e04ee9b37a
doc: format Unix consistently
Update the API docs to always spell as Unix.

PR-URL: https://github.com/nodejs/node/pull/28576
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
2019-07-08 13:34:05 -04:00
Rich Trott
ca851a47bf doc: remove "note that" from tls.md
Refs: https://github.com/nodejs/remark-preset-lint-node/pull/16

PR-URL: https://github.com/nodejs/node/pull/28329
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-06-23 07:07:33 -07:00
Rich Trott
8017e7c17f doc: remove "strongly recommended" hedging from tls.md
PR-URL: https://github.com/nodejs/node/pull/28029
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-06-05 23:11:28 +08:00
Michaël Zasso
cb68c04ce1
2019-06-04, Version 12.4.0 (Current)
Notable changes:

* doc:
  * The JSON variant of the API documentation is no longer experimental
    (Rich Trott) https://github.com/nodejs/node/pull/27842.
* esm:
  * JSON module support is always enabled under
    `--experimental-modules`. The `--experimental-json-modules` flag
    has been removed (Myles Borins)
    https://github.com/nodejs/node/pull/27752.
* http,http2:
  * A new flag has been added for overriding the default HTTP server
    socket timeout (which is two minutes). Pass
    `--http-server-default-timeout=milliseconds`
    or `--http-server-default-timeout=0` to respectively change or
    disable the timeout. Starting with Node.js 13.0.0, the timeout will
    be disabled by default
    (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/27704.
* inspector:
  * Added an experimental `--heap-prof` flag to start the V8 heap
    profiler on startup and write the heap profile to disk before exit
    (Joyee Cheung) https://github.com/nodejs/node/pull/27596.
* stream:
  * The `readable.unshift()` method now correctly converts strings to
    buffers. Additionally, a new optional argument is accepted to
    specify the string's encoding, such as `'utf8'` or `'ascii'`
    (Marcos Casagrande) https://github.com/nodejs/node/pull/27194.
* v8:
  * The object returned by `v8.getHeapStatistics()` has two new
    properties: `number_of_native_contexts` and
    `number_of_detached_contexts` (Yuriy Vasiyarov)
    https://github.com/nodejs/node/pull/27933.

PR-URL: https://github.com/nodejs/node/pull/28040
2019-06-04 16:01:53 +02:00
Luigi Pinca
ff8539e9e7 tls: support the hints option
Make `tls.connect()` support the `hints` option for feature parity with
`net.connect()`.

PR-URL: https://github.com/nodejs/node/pull/27816
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-05-25 08:50:02 +02:00
Ruben Bridgewater
9fec70a703
2019-05-21, Version 12.3.0 (Current)
Notable changes:

* esm:
  * Added the `--experimental-wasm-modules` flag to support
    WebAssembly modules (Myles Borins & Guy Bedford)
    https://github.com/nodejs/node/pull/27659
* process:
  * Log errors using `util.inspect` in case of fatal exceptions
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/27243
* repl:
  * Add `process.on('uncaughtException')` support (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/27151
* stream:
  * Implemented `Readable.from` async iterator utility (Guy Bedford)
    https://github.com/nodejs/node/pull/27660
* tls:
  * Expose built-in root certificates (Ben Noordhuis)
    https://github.com/nodejs/node/pull/26415
  * Support `net.Server` options (Luigi Pinca)
    https://github.com/nodejs/node/pull/27665
  * Expose `keylog` event on TLSSocket (Alba Mendez)
    https://github.com/nodejs/node/pull/27654
* worker:
  * Added the ability to unshift messages from the `MessagePort`
    (Anna Henningsen) https://github.com/nodejs/node/pull/27294

PR-URL: https://github.com/nodejs/node/pull/27799
2019-05-21 21:23:52 +02:00
Dan Beglin
0ca9297c39 doc: corrected tlsSocket.getPeerCertificate response type
Within tls.md, the documentation for the response of
tlsSocket.getPeerCertificate() included subjectaltname
documented as an array of values. However these values are
actually returned as a single string of concatenated values.
The documentation has been updated to reflect this.

PR-URL: https://github.com/nodejs/node/pull/27757
Fixes: https://github.com/nodejs/node/issues/27721
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-05-21 05:28:24 +02:00
Ben Noordhuis
f1a3968a01 tls: expose built-in root certificates
Fixes: https://github.com/nodejs/node/issues/25824
PR-URL: https://github.com/nodejs/node/pull/26415
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2019-05-20 11:09:02 +02:00
Luigi Pinca
5112b3d9a6 tls: support net.Server options
Pass `tls.Server` constructor options to the parent constructor.

PR-URL: https://github.com/nodejs/node/pull/27665
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-05-18 19:46:55 -07:00
Alba Mendez
53bef423f3 tls: expose keylog event on TLSSocket
Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event
that is emitted on clients and servers. This enables easy debugging
of TLS connections with i.e. Wireshark, which is a long-requested
feature.

PR-URL: https://github.com/nodejs/node/pull/27654
Refs: https://github.com/nodejs/node/issues/2363
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-05-15 05:32:33 +02:00
Michaël Zasso
e006a8545e
2019-05-07, Version 12.2.0 (Current)
Notable changes:

* deps:
  * Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP
    parser refuse any request URL that contained the "|" (vertical bar)
    character. https://github.com/nodejs/node/pull/27595
* tls:
  * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace`
    option to `tls.createServer()`. When enabled, TSL packet trace
    information is written to `stderr`. This can be used to debug TLS
    connection problems. https://github.com/nodejs/node/pull/27497
    https://github.com/nodejs/node/pull/27376
* cli:
  * Added a `--trace-tls` command-line flag that enables tracing of TLS
    connections without the need to modify existing application code.
    https://github.com/nodejs/node/pull/27497
  * Added a `--cpu-prof-interval` command-line flag. It can be used to
    specify the sampling interval for the CPU profiles generated by
    `--cpu-prof`. https://github.com/nodejs/node/pull/27535
* module:
  * Added the `createRequire()` method. It allows to create a require
    function from a file URL object, a file URL string or an absolute
    path string. The existing `createRequireFromPath()` method is now
    deprecated https://github.com/nodejs/node/pull/27405.
  * Throw on `require('./path.mjs')`. This is technically a breaking
    change that should have landed with Node.js 12.0.0. It is necessary
    to have this to keep the possibility for a future minor version to
    load ES Modules with the require function.
    https://github.com/nodejs/node/pull/27417
* repl:
  * The REPL now supports multi-line statements using `BigInt` literals
    as well as public and private class fields and methods.
    https://github.com/nodejs/node/pull/27400
  * The REPL now supports tab autocompletion of file paths with `fs`
    methods. https://github.com/nodejs/node/pull/26648
* meta:
  * Added Christian Clauss (https://github.com/cclauss) to
    collaborators. https://github.com/nodejs/node/pull/27554

PR-URL: https://github.com/nodejs/node/pull/27578
2019-05-07 20:38:46 +02:00
cjihrig
c6a2fdf3aa
tls: support enableTrace in TLSSocket()
This commit adds the enableTrace option to the TLSSocket
constructor. It also plumbs the option through other relevant
APIs.

PR-URL: https://github.com/nodejs/node/pull/27497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-05-02 12:37:49 -04:00
Sam Roberts
adedbb12e5 tls: allow enabling the TLS debug trace
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- https://github.com/nodejs/node/issues/25383
- https://github.com/nodejs/node/issues/17936
- https://github.com/postmanlabs/postman-app-support/issues/5918#issuecomment-465311423

PR-URL: https://github.com/nodejs/node/pull/27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
2019-04-29 10:57:55 -07:00
Beth Griggs
d896f03578
2019-04-23, Version 12.0.0 (Current)
Notable changes:

* assert:
    * validate required arguments (Ruben Bridgewater)
      [#26641](https://github.com/nodejs/node/pull/26641)
    * adjust loose assertions (Ruben Bridgewater)
      [#25008](https://github.com/nodejs/node/pull/25008)
* async_hooks:
    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
      [#26530](https://github.com/nodejs/node/pull/26530)
    * remove promise object from resource (Andreas Madsen)
      [#23443](https://github.com/nodejs/node/pull/23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
      [#24874](https://github.com/nodejs/node/pull/24874)
* buffer:
    * use stricter range checks (Ruben Bridgewater)
      [#27045](https://github.com/nodejs/node/pull/27045)
    * harden `SlowBuffer` creation (ZYSzys)
      [#26272](https://github.com/nodejs/node/pull/26272)
    * harden validation of buffer allocation size (ZYSzys)
      [#26162](https://github.com/nodejs/node/pull/26162)
    * do proper error propagation in addon methods (Anna Henningsen)
      [#23939](https://github.com/nodejs/node/pull/23939)
* child_process:
    * remove `options.customFds` (cjihrig)
      [#25279](https://github.com/nodejs/node/pull/25279)
    * harden fork arguments validation (ZYSzys)
      [#27039](https://github.com/nodejs/node/pull/27039)
    * use non-infinite `maxBuffer` defaults (kohta ito)
      [#23027](https://github.com/nodejs/node/pull/23027)
* console:
    * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* crypto:
    * remove legacy native handles (Tobias Nießen)
      [#27011](https://github.com/nodejs/node/pull/27011)
    * decode missing passphrase errors (Tobias Nießen)
      [#25208](https://github.com/nodejs/node/pull/25208)
    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
      (Tobias Nießen)
      [#26249](https://github.com/nodejs/node/pull/26249)
    * remove deprecated `crypto._toBuf()` (Tobias Nießen)
      [#25338](https://github.com/nodejs/node/pull/25338)
    * set `DEFAULT\_ENCODING` property to non-enumerable
      (Antoine du Hamel)
      [#23222](https://github.com/nodejs/node/pull/23222)
* deps:
    * update V8 to 7.4.288.13
    (Michaël Zasso, cjihrig, Refael Ackermann)
    (Anna Henningsen, Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * bump minimum icu version to 63 (Ujjwal Sharma)
      [#25852](https://github.com/nodejs/node/pull/25852)
    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
      [#26327](https://github.com/nodejs/node/pull/26327)
* errors:
    * update error name (Ruben Bridgewater)
      [#26738](https://github.com/nodejs/node/pull/26738)
* fs:
    * use proper .destroy() implementation for SyncWriteStream
      (Matteo Collina)
      [#26690](https://github.com/nodejs/node/pull/26690)
    * improve mode validation (Ruben Bridgewater)
      [#26575](https://github.com/nodejs/node/pull/26575)
    * harden validation of start option in `createWriteStream()`
      (ZYSzys)
      [#25579](https://github.com/nodejs/node/pull/25579)
    * make writeFile consistent with readFile wrt fd
      (Sakthipriyan Vairamani (thefourtheye))
      [#23709](https://github.com/nodejs/node/pull/23709)
* http:
    * validate timeout in `ClientRequest()` (cjihrig)
      [#26214](https://github.com/nodejs/node/pull/26214)
    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
      [#25605](https://github.com/nodejs/node/pull/25605)
    * switch default parser to llhttp (Anna Henningsen)
      [#24870](https://github.com/nodejs/node/pull/24870)
    * Runtime-deprecate `outgoingMessage._headers` and
      `outgoingMessage._headerNames` (Morgan Roderick)
      [#24167](https://github.com/nodejs/node/pull/24167)
* lib:
    * remove `Atomics.wake()` (Gus Caplan)
      [#27033](https://github.com/nodejs/node/pull/27033)
    * move DTRACE\_\* probes out of global scope (James M Snell)
      [#26541](https://github.com/nodejs/node/pull/26541)
    * deprecate `_stream_wrap` (Sam Roberts)
      [#26245](https://github.com/nodejs/node/pull/26245)
    * use ES6 class inheritance style (Ruben Bridgewater)
      [#24755](https://github.com/nodejs/node/pull/24755)
* module:
    * remove unintended access to deps/ (Anna Henningsen)
      [#25138](https://github.com/nodejs/node/pull/25138)
    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](https://github.com/nodejs/node/pull/25690)
    * remove dead code (Ruben Bridgewater)
      [#26983](https://github.com/nodejs/node/pull/26983)
    * make `require('.')` never resolve outside the current directory
      (Ruben Bridgewater)
      [#26973](https://github.com/nodejs/node/pull/26973)
    * throw an error for invalid package.json main entries
      (Ruben Bridgewater)
      [#26823](https://github.com/nodejs/node/pull/26823)
    * don't search in `require.resolve.paths` (cjihrig)
      [#23683](https://github.com/nodejs/node/pull/23683)
* net:
    * remove `Server.listenFD()` (cjihrig)
      [#27127](https://github.com/nodejs/node/pull/27127)
    * do not add `.host` and `.port` properties to DNS error
      (Ruben Bridgewater)
      [#26751](https://github.com/nodejs/node/pull/26751)
    * emit "write after end" errors in the next tick (Ouyang Yadong)
      [#24457](https://github.com/nodejs/node/pull/24457)
    * deprecate `_setSimultaneousAccepts()` undocumented function
      (James M Snell)
      [#23760](https://github.com/nodejs/node/pull/23760)
* os:
    * implement `os.type()` using `uv_os_uname()` (cjihrig)
      [#25659](https://github.com/nodejs/node/pull/25659)
    * remove `os.getNetworkInterfaces()` (cjihrig)
      [#25280](https://github.com/nodejs/node/pull/25280)
* process:
    * make global.process, global.Buffer getters (Guy Bedford)
      [#26882](https://github.com/nodejs/node/pull/26882)
    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * exit on --debug and --debug-brk after option parsing
      (Joyee Cheung)
      [#25828](https://github.com/nodejs/node/pull/25828)
    * improve `--redirect-warnings` handling (Ruben Bridgewater)
      [#24965](https://github.com/nodejs/node/pull/24965)
* readline:
    * support TERM=dumb (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
* repl:
    * add welcome message (gengjiawen)
      [#25947](https://github.com/nodejs/node/pull/25947)
    * fix terminal default setting (Ruben Bridgewater)
      [#26518](https://github.com/nodejs/node/pull/26518)
    * check colors with `.getColorDepth()` (Vladislav Kaminsky)
      [#26261](https://github.com/nodejs/node/pull/26261)
    * deprecate REPLServer.rli (Ruben Bridgewater)
      [#26260](https://github.com/nodejs/node/pull/26260)
* src:
    * remove unused `INT_MAX` constant (Sam Roberts)
      [#27078](https://github.com/nodejs/node/pull/27078)
    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * remove `AddPromiseHook()` (Anna Henningsen)
      [#26574](https://github.com/nodejs/node/pull/26574)
    * clean up `MultiIsolatePlatform` interface (Anna Henningsen)
      [#26384](https://github.com/nodejs/node/pull/26384)
    * properly configure default heap limits (Ali Ijaz Sheikh)
      [#25576](https://github.com/nodejs/node/pull/25576)
    * remove `icuDataDir` from node config (GauthamBanasandra)
      [#24780](https://github.com/nodejs/node/pull/24780)
* tls:
    * support TLSv1.3 (Sam Roberts)
      [#26209](https://github.com/nodejs/node/pull/26209)
    * return correct version from `getCipher()` (Sam Roberts)
      [#26625](https://github.com/nodejs/node/pull/26625)
    * check arg types of renegotiate() (Sam Roberts)
      [#25876](https://github.com/nodejs/node/pull/25876)
    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
      [#24729](https://github.com/nodejs/node/pull/24729)
    * emit a warning when servername is an IP address (Rodger Combs)
      [#23329](https://github.com/nodejs/node/pull/23329)
    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
      [#23814](https://github.com/nodejs/node/pull/23814)
    * remove unused arg to createSecureContext() (Sam Roberts)
      [#24241](https://github.com/nodejs/node/pull/24241)
    * deprecate `Server.prototype.setOptions()` (cjihrig)
      [#23820](https://github.com/nodejs/node/pull/23820)
    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
      [#23354](https://github.com/nodejs/node/pull/23354)
* util:
    * remove `util.print()`, `util.puts()`, `util.debug()`
      and `util.error()` (cjihrig)
      [#25377](https://github.com/nodejs/node/pull/25377)
    * change inspect compact and breakLength default
      (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * improve inspect edge cases (Ruben Bridgewater)
      [#27109](https://github.com/nodejs/node/pull/27109)
    * only the first line of the error message (Simon Zünd)
      [#26685](https://github.com/nodejs/node/pull/26685)
    * don't set the prototype of callbackified functions
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * rename callbackified function (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * increase function length when using `callbackify()`
      (Ruben Bridgewater)
      [#26893](https://github.com/nodejs/node/pull/26893)
    * prevent tampering with internals in `inspect()`
      (Ruben Bridgewater)
      [#26577](https://github.com/nodejs/node/pull/26577)
    * prevent Proxy traps being triggered by `.inspect()`
      (Ruben Bridgewater)
      [#26241](https://github.com/nodejs/node/pull/26241)
    * prevent leaking internal properties (Ruben Bridgewater)
      [#24971](https://github.com/nodejs/node/pull/24971)
    * protect against monkeypatched Object prototype for inspect()
      (Rich Trott)
      [#25953](https://github.com/nodejs/node/pull/25953)
    * treat format arguments equally (Roman Reiss)
      [#23162](https://github.com/nodejs/node/pull/23162)
* win, fs:
    * detect if symlink target is a directory (Bartosz Sosnowski)
      [#23724](https://github.com/nodejs/node/pull/23724)
* zlib:
    * throw TypeError if callback is missing (Anna Henningsen)
      [#24929](https://github.com/nodejs/node/pull/24929)
    * make “bare” constants un-enumerable (Anna Henningsen)
      [#24824](https://github.com/nodejs/node/pull/24824)

PR-URL: https://github.com/nodejs/node/pull/26930
2019-04-23 16:46:54 +01:00
Steven R. Loomis
36e5fd2915 doc: correct typo: cert.issuerCertificate
- docs incorrectly mention issuerCert, should be issuerCertificate

Fix for Commit:
https://github.com/nodejs/node/commit/a856406c2dc#diff-f6e3a86962eaf0897ab59e88b418e64fR678

Fix for PR: https://github.com/nodejs/node/pull/24358
2019-03-28 14:20:08 -07:00
Sam Roberts
f11f180878 doc: remove reference to "credentials object"
The reference is confusing because the object is actually of class
SecureContext. There is no object with class "credentials".

See: https://github.com/nodejs/node/issues/20432#issuecomment-441819285

PR-URL: https://github.com/nodejs/node/pull/26908
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2019-03-28 14:06:59 -07:00
Sam Roberts
8c69e06972 tls: return an OpenSSL error from renegotiate
A generic error lacks any of the context or detail of the underlying
OpenSSL error, so throw from C++, and report the OpenSSL error to the
callback.

PR-URL: https://github.com/nodejs/node/pull/26868
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2019-03-28 14:03:25 -07:00
Sam Roberts
d989e20717 doc: describe tls.DEFAULT_MIN_VERSION/_MAX_VERSION
PR-URL: https://github.com/nodejs/node/pull/26821
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-03-25 13:38:32 -07:00
Sam Roberts
42dbaed460 tls: support TLSv1.3
This introduces TLS1.3 support and makes it the default max protocol,
but also supports CLI/NODE_OPTIONS switches to disable it if necessary.

TLS1.3 is a major update to the TLS protocol, with many security
enhancements. It should be preferred over TLS1.2 whenever possible.

TLS1.3 is different enough that even though the OpenSSL APIs are
technically API/ABI compatible, that when TLS1.3 is negotiated, the
timing of protocol records and of callbacks broke assumptions hard-coded
into the 'tls' module.

This change introduces no API incompatibilities when TLS1.2 is
negotiated. It is the intention that it be backported to current and LTS
release lines with the default maximum TLS protocol reset to 'TLSv1.2'.
This will allow users of those lines to explicitly enable TLS1.3 if they
want.

API incompatibilities between TLS1.2 and TLS1.3 are:

- Renegotiation is not supported by TLS1.3 protocol, attempts to call
`.renegotiate()` will always fail.

- Compiling against a system OpenSSL lower than 1.1.1 is no longer
supported (OpenSSL-1.1.0 used to be supported with configure flags).

- Variations of `conn.write('data'); conn.destroy()` have undefined
behaviour according to the streams API. They may or may not send the
'data', and may or may not cause a ERR_STREAM_DESTROYED error to be
emitted. This has always been true, but conditions under which the write
suceeds is slightly but observably different when TLS1.3 is negotiated
vs when TLS1.2 or below is negotiated.

- If TLS1.3 is negotiated, and a server calls `conn.end()` in its
'secureConnection' listener without any data being written, the client
will not receive session tickets (no 'session' events will be emitted,
and `conn.getSession()` will never return a resumable session).

- The return value of `conn.getSession()` API may not return a resumable
session if called right after the handshake. The effect will be that
clients using the legacy `getSession()` API will resume sessions if
TLS1.2 is negotiated, but will do full handshakes if TLS1.3 is
negotiated.  See https://github.com/nodejs/node/pull/25831 for more
information.

PR-URL: https://github.com/nodejs/node/pull/26209
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
2019-03-20 07:48:25 -07:00
Sam Roberts
0f745bf9bd tls: return correct version from getCipher()
OpenSSL 1.0.0 returned incorrect version information. OpenSSL 1.1.0
fixed this, but returning the correct information broke our tests, so
was considered semver-major. Because of this, the version was hard-coded
to the OpenSSL 1.0.0 (incorrect) string in 5fe81c8aff.

This is ancient history, start returning the correct cipher version.

PR-URL: https://github.com/nodejs/node/pull/26625
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2019-03-18 07:34:16 +01:00
Michaël Zasso
82ee0ff1b8
2018-02-14, Version 11.10.0 (Current)
Notable changes:

deps:
  * Updated libuv to 1.26.0.
  * Updated npm to 6.7.0.
http, http2:
  * `response.writeHead` now returns the response object.
perf_hooks:
  * Implemented a histogram based API.
process:
  * Exposed `process.features.inspector`.
repl:
  * Added `repl.setupHistory` for programmatic repl.
tls:
  * Introduced client "session" event.

PR-URL: https://github.com/nodejs/node/pull/26098
2019-02-14 23:55:48 +01:00
Sam Roberts
0f8e8f7c6b tls: introduce client 'session' event
OpenSSL has supported async notification of sessions and tickets since
1.1.0 using SSL_CTX_sess_set_new_cb(), for all versions of TLS. Using
the async API is optional for TLS1.2 and below, but for TLS1.3 it will
be mandatory. Future-proof applications should start to use async
notification immediately. In the future, for TLS1.3, applications that
don't use the async API will silently, but gracefully, fail to resume
sessions and instead do a full handshake.

See: https://wiki.openssl.org/index.php/TLS1.3#Sessions

PR-URL: https://github.com/nodejs/node/pull/25831
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
2019-02-01 19:06:58 -08:00
Rich Trott
5cb196441a doc: remove outdated s_client information in tls.md
There is a description of how to use s_client for testing of
renegotiation limits in the `tls` module documentation. The information
is somewhat out of scope, but it also may be somewhat problematic due to
changes/peculiarities (bugs?) in recent s_client. Remove the text.

Refs: https://github.com/nodejs/node/pull/25381#issuecomment-457067137

PR-URL: https://github.com/nodejs/node/pull/25678
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-01-25 22:36:17 -08:00
Richard Lau
bbb2134e7b doc: fix metadata for v11.8.0 doc changes
Refs: 641de82404

PR-URL: https://github.com/nodejs/node/pull/25709
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2019-01-25 19:09:26 -08:00
Myles Borins
641de82404
2019-01-24, Version 11.8.0 (Current)
Notable Changes:

* events:
  * For unhandled `error` events with an argument that is not an
    `Error` object, the resulting exeption will have more information
    about the argument.
    https://github.com/nodejs/node/pull/25621
* child_process:
  * When the `maxBuffer` option is passed, `stdout` and `stderr` will
    be truncated rather than unavailable in case of an error.
    https://github.com/nodejs/node/pull/24951
* policy:
  * Experimental support for module integrity checks through a manifest
    file is implemented now.
    https://github.com/nodejs/node/pull/23834
* n-api:
  * The `napi_threadsafe_function` feature is now stable.
    https://github.com/nodejs/node/pull/25556
* report:
  * An experimental diagnostic API for capturing process state is
    available as `process.report` and through command line flags.
    https://github.com/nodejs/node/pull/22712
* tls:
  * `tls.connect()` takes a `timeout` option analogous to the
    `net.connect()` one.
    https://github.com/nodejs/node/pull/25517
* worker:
  * `process.umask()` is available as a read-only function inside Worker
    threads now.
    https://github.com/nodejs/node/pull/25526
  * An `execArgv` option that supports a subset of Node.js command line
    options is supported now.
    https://github.com/nodejs/node/pull/25467

PR-URL: https://github.com/nodejs/node/pull/25687
2019-01-24 20:51:40 -05:00
Luigi Pinca
aaa7547e77 tls: make tls.connect() accept a timeout option
If specified, and only when a socket is created internally, the option
will make `socket.setTimeout()` to be called on the created socket with
the given timeout.

This is consistent with the `timeout` option of `net.connect()` and
prevents the `timeout` option of the `https.Agent` from being ignored
when a socket is created.

PR-URL: https://github.com/nodejs/node/pull/25517
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-01-20 14:56:35 +01:00
Sam Roberts
870186d69a doc: add metadata about ecdh curve options
- DEFAULT_ECDH_CURVE default changed to 'auto' for 10.0.0
- ecdhCurve parameter allowed multiple values and 'auto' from 9.0.0

PR-URL: https://github.com/nodejs/node/pull/25502
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-01-17 12:41:26 +01:00
Sam Roberts
66f45e7e5b doc: add TLSSocket.isSessionReused() docs
The API has existed forever and is used in our unit tests. It is
supported for TLS1.3 as well as 1.2 and useful for troubleshooting, so
it should be documented.

PR-URL: https://github.com/nodejs/node/pull/25423
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2019-01-14 15:34:53 -08:00
Sam Roberts
eaa1544d97 doc: describe TLS session resumption
PR-URL: https://github.com/nodejs/node/pull/25174
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2018-12-27 14:31:54 -08:00
Sam Roberts
b03ba38a57 doc: link and expand --tls-cipher-list docs
Link to the cli docs for --tls-cipher-list, and link to and mention that
NODE_OPTIONS can also be used.

PR-URL: https://github.com/nodejs/node/pull/25174
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2018-12-27 14:31:48 -08:00
Beth Griggs
74a1dfb56e
2018-12-18, Version 11.5.0 (Current)
Notable changes:

* **tls**:
  * support "BEGIN TRUSTED CERTIFICATE" for ca: (Sam Roberts)
    [#24733](https://github.com/nodejs/node/pull/24733)
* **util**:
  * add inspection getter option (Ruben Bridgewater)
    [#24852](https://github.com/nodejs/node/pull/24852)

PR-URL: https://github.com/nodejs/node/pull/25102
2018-12-18 18:36:17 +00:00
cjihrig
928f776385 doc: add missing pr-url
PR-URL: https://github.com/nodejs/node/pull/25091
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2018-12-17 11:29:35 -08:00
Sam Roberts
2e4a163012 tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.

Fixes: https://github.com/nodejs/node/issues/24761

PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2018-12-11 15:28:58 -08:00
Sam Roberts
e5878eaf5e test: test TLS client authentication
TLS client authentication should be tested, including failure scenarios.

PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2018-12-11 15:28:54 -08:00
Ruben Bridgewater
bcef949c93
2018-12-07, Version 11.4.0 (Current)
Notable Changes:

* console,util:
  * `console` functions now handle symbols as defined in the spec.
    https://github.com/nodejs/node/pull/23708
  * The inspection `depth` default is now back at 2.
    https://github.com/nodejs/node/pull/24326
* dgram,net:
  * Added ipv6Only option for `net` and `dgram`.
    https://github.com/nodejs/node/pull/23798
* http:
  * Chosing between the http parser is now possible per runtime flag.
    https://github.com/nodejs/node/pull/24739
* readline:
  * The `readline` module now supports async iterators.
    https://github.com/nodejs/node/pull/23916
* repl:
  * The multiline history feature is removed.
    https://github.com/nodejs/node/pull/24804
* tls:
  * Added min/max protocol version options.
    https://github.com/nodejs/node/pull/24405
  * The X.509 public key info now includes the RSA bit size and the
    elliptic curve. https://github.com/nodejs/node/pull/24358
* url:
  * `pathToFileURL()` now supports LF, CR and TAB.
    https://github.com/nodejs/node/pull/23720
* Windows:
  * Tools are not installed using Boxstarter anymore.
    https://github.com/nodejs/node/pull/24677
  * The install-tools scripts or now included in the dist.
    https://github.com/nodejs/node/pull/24233
* Added new collaborator:
  * [antsmartian](https://github.com/antsmartian) - Anto Aravinth.
    https://github.com/nodejs/node/pull/24655

PR-URL: https://github.com/nodejs/node/pull/24854
2018-12-07 18:50:20 +01:00
Sam Roberts
5202b70fec doc: fix REPLACEME for tls min/max protocol option
Fill in correct pr-url: value in the YAML changelog that was missing
from f512f5ea. The stanza was also sorted in the wrong order, most
recent is supposed to be in the beginning of the changes, not the end.

PR-URL: https://github.com/nodejs/node/pull/24759
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2018-12-03 09:34:45 -08:00
Yusuke Kawasaki
83a7247f12 doc: remove duplicate whitespaces in doc/api
PR-URL: https://github.com/nodejs/node/pull/24628
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2018-11-24 11:30:04 +02:00
Sam Roberts
f512f5ea13 tls: add min/max protocol version options
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.

PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
2018-11-22 09:14:58 -08:00
Sam Roberts
67c092127e doc: minor cleanup of tls.getProtocol()
Improve markup and return value description.

PR-URL: https://github.com/nodejs/node/pull/24533
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2018-11-20 14:42:47 -08:00
Sam Roberts
0512d68e42 tls: include RSA bit size in X.509 public key info
For symmetricality with the EC public key info, and because its useful.

PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2018-11-20 13:21:08 -08:00
Sam Roberts
fe303b9b2d tls: include elliptic curve X.509 public key info
X.509 certs are provided to the user in a parsed object form by a number
of TLS APIs. Include public key info for elliptic curves as well, not
just RSA.
- pubkey: the public key
- bits: the strength of the curve
- asn1Curve: the ASN.1 OID for the curve
- nistCurve: the NIST nickname for the curve, if it has one

PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2018-11-20 13:21:08 -08:00
Sam Roberts
a856406c2d doc: describe certificate object properties
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2018-11-20 13:15:50 -08:00
Sam Roberts
43273262e5 doc: describe secureProtocol and CLI interaction
Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0
and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0
enables TLSv1.0 and TLSv1.1.

PR-URL: https://github.com/nodejs/node/pull/24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
2018-11-19 11:21:13 -08:00
Ruben Bridgewater
406d9caab5
2018-11-15, Version 11.2.0 (Current)
Notable changes:

* deps:
  * A new experimental HTTP parser (`llhttp`) is now supported.
    https://github.com/nodejs/node/pull/24059
* timers:
  * Fixed an issue that could cause setTimeout to stop working as
    expected. https://github.com/nodejs/node/pull/24322
* Windows
  * A crashing process will now show the names of stack frames if the
    node.pdb file is available.
    https://github.com/nodejs/node/pull/23822
  * Continued effort to improve the installer's new stage that installs
    native build tools.
    https://github.com/nodejs/node/pull/23987,
    https://github.com/nodejs/node/pull/24348
  * child_process:
    * On Windows the `windowsHide` option default was restored to
      `false`. This means `detached` child processes and GUI apps will
      once again start in a new window.
      https://github.com/nodejs/node/pull/24034
* Added new collaborators:
  * [oyyd](https://github.com/oyyd) - Ouyang Yadong.
    https://github.com/nodejs/node/pull/24300
  * [psmarshall](https://github.com/psmarshall) - Peter Marshall.
    https://github.com/nodejs/node/pull/24170
  * [shisama](https://github.com/shisama) - Masashi Hirano.
    https://github.com/nodejs/node/pull/24136

PR-URL: https://github.com/nodejs/node/pull/24350
2018-11-15 22:16:09 +01:00
Sam Roberts
db35fee1e1 tls: get the local certificate after tls handshake
Add an API to get the local certificate chosen during TLS handshake from
the SSL context.

Fix: https://github.com/nodejs/node/issues/24095

PR-URL: https://github.com/nodejs/node/pull/24261
Fixes: https://github.com/nodejs/node/issues/24095
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
2018-11-13 20:42:57 -08:00
Sam Roberts
7cd08eb100 doc: use real protocol names in ALPN example
PR-URL: https://github.com/nodejs/node/pull/24232
Reviewed-By: James M Snell <jasnell@gmail.com>
2018-11-13 12:46:08 -08:00
Ben Noordhuis
60eca6a5d4
tls: disable TLS v1.0 and v1.1 by default
Refs: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

PR-URL: https://github.com/nodejs/node/pull/23814
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2018-11-13 16:05:51 +01:00