0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-29 23:16:30 +01:00
Commit Graph

123 Commits

Author SHA1 Message Date
Ben Noordhuis
ff552ddbaa tls: fix off-by-one error in renegotiation check
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
2012-06-18 04:31:40 +02:00
Andreas Madsen
1e0ce5d1bd domain: the EventEmitter constructor is now always called in nodecore 2012-06-15 09:49:05 -07:00
isaacs
9611354f08 lint 2012-05-15 13:03:43 -07:00
isaacs
5164ae3838 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
2012-05-15 11:37:34 -07:00
ssuda
fb7348ae06 crypto: add PKCS12/PFX support
Fixes #2845.
2012-05-14 17:12:59 +02:00
fukayatsu
0f95a93a2c tls: remove duplicate line 2012-04-16 21:38:26 +02:00
Yosef Dinerstein
d7c96cf289 tls: reduce memory overhead, reuse buffer
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
2012-03-29 17:17:15 +02:00
Shigeki Ohtsu
e1199fa335 tls: fix CryptoStream.setKeepAlive() 2012-03-23 00:20:46 +01:00
ssuda
9b672bcaa2 tls: parsing multiple values of a key in ssl certificate
Fixes #2864.
2012-03-10 23:43:16 +09:00
Dmitry Nizovtsev
1e9bcf26ce net, http, https: add localAddress option
Binds to a local address before making the outgoing connection.
2012-03-06 13:35:49 +01:00
isaacs
959a19e118 lint 2012-03-03 23:48:57 -08:00
Jimb Esser
78db18739a tls: proxy set(Timeout|NoDelay|KeepAlive) methods
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
  HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
  HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
  HTTPS requests.
2012-03-03 00:28:43 +01:00
Blake Miner
7343f8e776 tls: add honorCipherOrder option to tls.createServer()
Documented how to mitigate BEAST attacks.
2012-02-29 02:16:08 +01:00
Maciej Małecki
da908364a8 tls http https: don't pollute user's options object 2012-02-20 21:58:00 +01:00
isaacs
0cdf85e28d Lint all the JavaScripts. 2012-02-18 15:34:57 -08:00
isaacs
31721da4b1 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
Conflicts:
	AUTHORS
	ChangeLog
	Makefile
	doc/about/index.html
	doc/api/tls.markdown
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	lib/http.js
	lib/tls.js
	src/node_version.h
	src/platform_win32.cc
	test/simple/test-tls-connect-given-socket.js
2012-02-18 09:46:58 -08:00
Ben Noordhuis
3415427dbf tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
2012-02-16 18:15:21 +01:00
koichik
b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
Ben Noordhuis
e806ad39d0 net, tls, http: remove socket.ondrain
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
2012-01-24 15:57:50 +01:00
Fedor Indutny
667aae596c Merge branch 'v0.6'
Conflicts:
	ChangeLog
	doc/template.html
	lib/cluster.js
	lib/http.js
	lib/tls.js
	src/node.h
	src/node_version.h
	test/simple/test-cluster-kill-workers.js
2012-01-24 00:30:28 +06:00
koichik
534df2f8d2 tls: fix double 'error' events on HTTPS Requests
Fixes #2549.
2012-01-17 17:09:27 +01:00
koichik
c1a63a9e90 tls: Allow establishing secure connection on the existing socket
This is necessary to use SSL over HTTP tunnels.

Refs #2259, #2474.
Fixes #2489.
2012-01-09 02:31:46 +01:00
Maciej Małecki
4b4d059791 tls: make tls.connect accept port and host in options
Previous API used form:

    tls.connect(443, "google.com", options, ...)

now it's replaced with:

    tls.connect({port: 443, host: "google.com", ...}, ...)

It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.

Fixes #1983.
2012-01-08 11:12:56 +01:00
koichik
b962ff35dd tls: fix test-https-client-reject fails
Fixes #2417.
2011-12-27 17:33:23 +09:00
Ryan Dahl
f7f8af8420 Merge remote branch 'origin/v0.6'
Conflicts:
	Makefile
	lib/_debugger.js
2011-12-21 12:17:23 -08:00
koichik
07c27e040e tls: Fix node swallows openssl error on request
Fixes #2308.
Fixes #2246.
2011-12-21 19:48:15 +01:00
Ben Noordhuis
7a7f1062bf tls: remove duplicate assignment 2011-12-21 15:01:07 +01:00
koichik
f8c335d0ca tls: enable rejectUnauthorized option to client
Fiexes #2247.
2011-12-07 22:47:06 +09:00
koichik
5451ba3aa8 tls: fix https with fs.openReadStream hangs
Fixes #2185.
Fixes #2198.
2011-11-27 16:31:45 +09:00
Ben Noordhuis
5e3b0095de tls: make cipher list configurable
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.

Fixes #2066.
2011-11-17 00:01:41 +01:00
koichik
f53d092a2a tls, https: add passphrase option
Fixes #1925.
2011-10-31 17:36:43 +09:00
koichik
cbcaeedba9 tls: add address(), remoteAddress/remotePort
Fixes #758.
Fixes #1055.
2011-10-27 00:28:16 +09:00
koichik
0e8a55d2a2 tls: does not emit 'end' from EncryptedStream
de09168 and 4cdf9d4 breaks `test/pummel/test-https-large-response.js`.
It is never finished.

Fixes #1936.
2011-10-27 00:18:29 +09:00
Ryan Dahl
493d3b9f7c Merge remote branch 'origin/v0.4'
Conflicts:
	ChangeLog
	Makefile
	deps/libev/wscript
	doc/index.html
	doc/template.html
	lib/net.js
	src/node_version.h
	src/platform_cygwin.cc
	test/pummel/test-net-write-callbacks.js
	test/simple/test-buffer.js
2011-10-21 18:02:30 -07:00
Ryan Dahl
de09168e5a Emit 'end' from crypto streams on close
Fixes test/simple/test-tls-peer-certificate.js on Windows

Patch from bnoordhuis.

See also 75a0cf970f
2011-10-21 13:16:41 -07:00
koichik
68cc173c6d tls: The TLS API is inconsistent with the TCP API
Add 'secureConnect' event to tls.CleartextStream.

Fixes #1467.
2011-10-15 19:27:21 +09:00
koichik
19a855382c tls: requestCert unusable with Firefox and Chrome
Fixes #1516.
2011-10-15 00:54:46 +09:00
koichik
4cdf9d4158 tls: Improve TLS flow control
Fixes #1775.
2011-09-30 15:44:45 +09:00
Ben Noordhuis
243c218c7a tls: remove superfluous setOptions() call 2011-09-19 16:28:22 +02:00
Sean Cunningham
eb99083d0b tls: add client-side session resumption support 2011-09-07 20:01:14 +02:00
koichik
6f60683802 tls: x509 certificate subject parsing fail
Fixes #1568.
2011-08-31 03:47:23 +09:00
Fedor Indutny
942f8b5afb Add NPN and SNI documentation.
Fixes #1420.
Fixes #1426.
2011-08-10 09:44:35 -07:00
Fedor Indutny
9010f5fbab Add support for TLS SNI
Fixes #1411
2011-07-29 16:57:28 -07:00
Robert Mustacchi
de0b8d601c jslint cleanup: path.js, readline.js, repl.js, tls.js, tty_win32.js, url.js 2011-07-29 11:58:02 -07:00
Ryan Dahl
041c983290 Merge branch 'v0.4'
Conflicts:
	deps/libev/wscript
	doc/api/modules.markdown
2011-07-14 15:52:08 -07:00
Stefan Rusu
901ebed8ff Fixes #1304. The Connection instance may be destroyed by abort() when process.nextTick is executed. 2011-07-15 00:32:46 +09:00
Ryan Dahl
59274e8a33 Merge branch 'v0.4'
Conflicts:
	lib/crypto.js
	lib/tls.js
2011-05-20 10:29:16 -07:00
Ryan Dahl
9c7f89bf56 CryptoStream.prototype.readyState shoudn't reference fd
Fixes #1069
2011-05-20 10:20:22 -07:00
Fedor Indutny
21724ecaec Share SSL context between server connections
Fixes #1073.
2011-05-19 14:45:42 -07:00
Ryan Dahl
85bc8d02fa Merge branch 'v0.4'
Conflicts:
	src/node_crypto.cc
2011-05-16 19:29:02 -07:00