In closed environments, self-signed or privately signed certificates are
commonly used, and rejected by Node.js since their root CAs are not
well-known. Allow extending the set of well-known compiled-in CAs via
environment, so they can be set as a matter of policy.
PR-URL: https://github.com/nodejs/node/pull/9139
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
src: Add does_zap_garbage, malloced_memory and
peak_malloced_memory to v8 HeapStatistics
Following https://github.com/nodejs/code-and-learn/issues/56 I
have exposed does_zap_garbage to HeapStatistics.
The other fields, malloced_memory and peak_malloced_memory don't
seem to be in the current version of v8 in master.
PR-URL: https://github.com/nodejs/node/pull/8610
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
1aa595e5bd introduced a `throw` for accessing `Symbol` properties of
`process.env`. However, this breaks `util.inspect(process)` and
things like `Object.prototype.toString.call(process.env)`, so this
patch changes the behaviour for the getter to just always return
`undefined`.
Ref: https://github.com/nodejs/node/pull/9446
Fixes: https://github.com/nodejs/node/issues/9641
PR-URL: https://github.com/nodejs/node/pull/9631
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix leaking the BIO in the error path. Introduced in commit 34febfbf4
("crypto: fix handling of root_cert_store").
PR-URL: https://github.com/nodejs/node/pull/9604
Refs: https://github.com/nodejs/node/pull/9409
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This makes sure that we dump a backtrace and use raise(SIGABRT) on
Windows.
PR-URL: https://github.com/nodejs/node/pull/9613
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
(Patch by David Benjamin.)
Rather than reach into the SSL_SESSION, use the intended API,
SSL_get_servername. This will also help the transition to OpenSSL 1.1.0.
Also don't fill in the tlsTicket field here. This is never read by
oncertcb and was always false anyway; that field is maintained by
clients and tracks whether the server issued a ticket or a session ID.
(Note this is distinct from the copy passed to onclienthello which is
used and is not a no-op.)
PR-URL: https://github.com/nodejs/node/pull/9347
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
SecureContext::AddRootCerts only parses the root certificates once and
keeps the result in root_cert_store, a global X509_STORE. This change
addresses the following issues:
1. SecureContext::AddCACert would add certificates to whatever
X509_STORE was being used, even if that happened to be root_cert_store.
Thus adding a CA certificate to a SecureContext would also cause it to
be included in unrelated SecureContexts.
2. AddCRL would crash if neither AddRootCerts nor AddCACert had been
called first.
3. Calling AddCACert without calling AddRootCerts first, and with an
input that didn't contain any certificates, would leak an X509_STORE.
4. AddCRL would add the CRL to whatever X509_STORE was being used. Thus,
like AddCACert, unrelated SecureContext objects could be affected.
The following, non-obvious behaviour remains: calling AddRootCerts
doesn't /add/ them, rather it sets the CA certs to be the root set and
overrides any previous CA certificates.
Points 1–3 are probably unimportant because the SecureContext is
typically configured by `createSecureContext` in `lib/_tls_common.js`.
This function either calls AddCACert or AddRootCerts and only calls
AddCRL after setting up CA certificates. Point four could still apply in
the unlikely case that someone configures a CRL without explicitly
configuring the CAs.
PR-URL: https://github.com/nodejs/node/pull/9409
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Setting reference count at the time of setting cert_store instead of
trying to manage it by modifying internal states in destructor.
PR-URL: https://github.com/nodejs/node/pull/9409
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
There are multiple reports of Windows7 not being able to resolve
localhost on some setups (web search also confirms that). This change
will advertise "127.0.0.1" as inspector host name.
Fixes: https://github.com/nodejs/node/issues/9382
Fixes: https://github.com/nodejs/node/issues/9188
PR-URL: https://github.com/nodejs/node/pull/9451
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit causes process.env to throw when a symbol is used as
either a key or a value.
Fixes: https://github.com/nodejs/node/issues/9429
PR-URL: https://github.com/nodejs/node/pull/9446
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
* toLocaleUpperCase() and toLocaleLowerCase() do not function properly
without this flag.
* basic test case. The test case would fail if `--no_icu_case_mapping`
was set.
Fixes: https://github.com/nodejs/node/issues/9445
PR-URL: https://github.com/nodejs/node/pull/9454
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The changes introdcued here replace the deprecated
v8 method SetNamedPropertyHandler() to SetHandler()
in node.cc.
Prior to refactoring, the method defined callbacks
when accessing object properties defined by Strings
and not Symbols.
test/parallel/test-v8-interceptStrings-not-Symbols.js
demonstrates that this behaviour remained unchanged
after refactoring.
PR-URL: https://github.com/nodejs/node/pull/9062
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
* Adds process.versions.cldr, .tz, and .unicode
* Changes how process.versions.icu is loaded
* Lazy loads the process.versions.* values for these
* add an exception to util.js
to cause 'node -p process.versions' to still work
* update process.version docs
Fixes: https://github.com/nodejs/node/issues/9237
This implementation switches to V8 inspector from the V8 repository. The
new inspector integration is now using final APIs and exposes a stable
wire protocol, removing the need for pointing the users to specific
devtools version.
PR-URL: https://github.com/nodejs/node/pull/9028
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/9243
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Add buffer.transcode(source, from, to) method. Primarily uses ICU
to transcode a buffer's content from one of Node.js' supported
encodings to another.
Originally part of a proposal to add a new unicode module. Decided
to refactor the approach towrds individual PRs without a new module.
Refs: https://github.com/nodejs/node/pull/8075
PR-URL: https://github.com/nodejs/node/pull/9038
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Rather than the pseudo-wcwidth impl used currently, use the ICU
character properties database to calculate string width and
determine if a character is full width or not. This allows the
algorithm to correctly identify emoji's as full width, ensures
the algorithm will continue to fucntion properly as new unicode
codepoints are added, and it's faster.
This was originally part of a proposal to add a new unicode module,
but has been split out.
Refs: https://github.com/nodejs/node/pull/8075
PR-URL: https://github.com/nodejs/node/pull/9040
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
It's only used once at startup in a single place so create the string
in place instead of caching it for the lifetime of the isolate.
PR-URL: https://github.com/nodejs/node/pull/9213
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Check that invoking a callback on a receiver from a different context
works.
It ran afoul of an `env->context() == isolate->GetCurrentContext()`
assertion so retrieve the environment from the callback context and
the context to enter from the environment's context() method.
We could also have retrieved the environment from the receiver's context
and that would have made little practical difference. It just seemed
more correct to get it from the callback context because that is the
actual execution context.
PR-URL: https://github.com/nodejs/node/pull/9221
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Use zero-copy external string resources for storing the built-in JS
source code. Saves a few hundred kilobyte of memory and consistently
speeds up `benchmark/misc/startup.js` by 2.5%.
Everything old is new again! Commit 74954ce ("Add string class that
uses ExternalAsciiStringResource.") from 2011 did the same thing but
I removed that in 2013 in commit 34b0a36 ("src: don't use NewExternal()
with unaligned strings") because of a limitation in the V8 API.
V8 no longer requires that strings are aligned if they are one-byte
strings so it should be safe to re-enable external strings again.
PR-URL: https://github.com/nodejs/node/pull/5458
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Fix a nullptr dereference when an invalid path is requested.
Regression introduced in commit 69fc85d ("inspector: generate UUID for
debug targets"), caught by Coverity.
PR-URL: https://github.com/nodejs/node/pull/9184
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Eugene Ostroukhov <eostroukhov@google.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reorder the initialization logic so that program-wide, per-isolate and
per-environment initialization is more cleanly separated.
PR-URL: https://github.com/nodejs/node/pull/9224
Reviewed-By: James M Snell <jasnell@gmail.com>
NodeInstanceData is not used meaningfully and makes the initialization
logic harder to follow. Let's remove it and delete 100 lines of code
in one fell swoop.
PR-URL: https://github.com/nodejs/node/pull/9224
Reviewed-By: James M Snell <jasnell@gmail.com>
Don't bother shrinking the read buffer on the final read because we
dispose it immediately afterwards. Avoids some unnecessary memory
allocation and copying.
PR-URL: https://github.com/nodejs/node/pull/9132
Reviewed-By: James M Snell <jasnell@gmail.com>
Stop reading from disk when we read fewer bytes than requested because
the next read will be the zero-sized EOF.
PR-URL: https://github.com/nodejs/node/pull/9132
Reviewed-By: James M Snell <jasnell@gmail.com>
Add a way through environment variables to set the --preserve-symlinks
flag. Any non-null value of NODE_PRESERVE_SYMLINKS will enable symlinks.
PR-URL: https://github.com/nodejs/node/pull/8749
Fixes: https://github.com/nodejs/node/issues/8509
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
By convention, inspector protocol targets do not advertise connection
URLs when the frontend is already connected as multiple inspector
protocol connections are not supported.
PR-URL: https://github.com/nodejs/node/pull/8919
Reviewed-By: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Using the black magic of Symbol.toPrimitive the numeric value of
start/end can be changed when Uint32Value() is called once
Buffer::Fill() is entered. Allowing the CHECK() to be bypassed.
The bug report was only for "start", but the same can be done with
"end". Perform checks for both in node::Buffer::Fill() to make sure the
issue can't be triggered, even if process.binding is used directly.
Include tests for each case. Along with a check to make sure the last
time the value is accessed returns -1. This should be enough to make
sure Buffer::Fill() is receiving the correct value. Along with two tests
against process.binding directly.
Fixes: https://github.com/nodejs/node/issues/9149
PR-URL: https://github.com/nodejs/node/pull/9174
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Franziska Hinkelmann <ranziska.hinkelmann@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
* Add documentation for `--openssl-conf=file`.
* Fix openssl.cnf loading and OpenSSL init ordering
* Fix FIPS tests so `OPENSSL_CONF` is not longer usable but
`--openssl-conf` is
PR-URL: https://github.com/nodejs/node-private/pull/82
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Do not load `openssl.cnf` file automatically, load the one provided by
`--openssl-config` at node startup.
PR-URL: https://github.com/nodejs/node-private/pull/78
Reviewed-By: Rod Vagg <rod@vagg.org>
This define is not available in zlib prior to version 1.2.5.2. See
https://github.com/nodejs/node/issues/9110 for details. Workaround the
build breakage reported by casting away const in src/inspector_agent.cc
instead.
PR-URL: https://github.com/nodejs/node/pull/9122
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.
Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.
PR-URL: https://github.com/nodejs/node/pull/9032
Refs: https://github.com/nodejs/node/pull/6376
Refs: https://github.com/nodejs/node/issues/9024
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Small refactoring to make contextify more readable.
Remove auto and inline FromJust(). Simplify
if statement.
PR-URL: https://github.com/nodejs/node/pull/8909
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
SSL_get_SSL_CTX returns the SSL_CTX for an SSL. Previously the code
accessed |ssl->ctx| directly, but that's no longer possible with OpenSSL
1.1.0.
SSL_get_SSL_CTX exists all the way back to (at least) OpenSSL 0.9.8 and
so this change should be fully compatible.
PR-URL: https://github.com/nodejs/node/pull/8995
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix compile bug when building with the --without-intl option
(introduced by 4b312387ea)
PR-URL: https://github.com/nodejs/node/pull/9041
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Implements WHATWG URL support. Example:
```
var u = new url.URL('http://example.org');
```
Currently passing all WHATWG url parsing tests and all but two of the
setter tests. The two setter tests are intentionally skipped for now
but will be revisited.
PR-URL: https://github.com/nodejs/node/pull/7448
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
rval never existed, it was added as that in 077f9d7293
Fixes: https://github.com/nodejs/node/issues/9001
PR-URL: https://github.com/nodejs/node/pull/9023
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
This commit attempts to fix one of the items in
https://github.com/nodejs/node/issues/4641, which was to remove a
TODO the UDPWrap::OnSend function and share the code in that method with
StreamWrap::AfterWrite.
While looking into this addaleax pointed out that the implementations
for these two functions have diverged since the original comment
was added:
$ git log --pretty=short -u -L 357,357:src/udp_wrap.cc
$ git show cbd4033619cc45abdf878285c412bac9c3f36e4e:src/udp_wrap.cc |
grep -1 -A26 'UDPWrap::OnSend'
git show cbd4033619cc45abdf878285c412bac9c3f36e4e:src/stream_wrap.cc |
grep -A27 'void StreamWrap::AfterWrite'
Removing the TODO comment seems appropriate in this case.
PR-URL: https://github.com/nodejs/node/pull/9000
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/8989
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Brian White <mscdex@mscdex.net>
Removes use of builtins that are unavailable for older clang. Per
benchmarks, only uses builtins on Windows, where speedup is
significant.
Also adds test for unaligned ucs2 buffer write. Between #3410
and #7645, bytes were swapped twice on bigendian platforms if buffer
was not two-byte aligned. See comment in #7645.
PR-URL: https://github.com/nodejs/node/pull/7645
Fixes: https://github.com/nodejs/node/issues/7618
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sam Roberts
Gareth Ellis
Josh Gavant
Anna Henningsen
Ben Noordhuis
solebox
Evan Lucas
Fedor Indutny
Adam Langley
Adam Majer
Eugene Ostroukhov
cjihrig
Steven R. Loomis
AnnaMag
James M Snell
Brian White
Marc Udoff
Trevor Norris
Rod Vagg
Bradley T. Hughes
Franziska Hinkelmann
Miguel Angel Asencio Hurtado
Daniel Bevenius
Juan Andres Andrango
Zach Bjornson