Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix#7249
* ::jsstack -v prints function defintion
* ::jsprint works with objects with only numeric properties
* update tests to use builtin mdb_v8
* add more symbols to postmortem script - pending upstream
inclusion
This test is particularly pathological, and requires a ton of time to
run, we need to find a better way to manage it but in general this path
is fairly safe these days.
bufferSize is now a getter that shows all that has not been
acknowledged by the os, as well as in the buffer state. The test is
only looking to verify the js verified state.
Scheduling of next ticks from within the next tick handler will result
in a tight execution loop where a timer cannot break into.
This test was invalid
Removing the depth counter while processing the nextTickQueue made it
possible to run out of memory if in an infinite recursive loop using
nextTick(). There was also an edge case where too many callbacks were
pushed onto the nextTickQueue, while not actually being recursive.
This is being done to prevent possible cryptic FATAL ERROR messages from
popping up, and issues being posted about them.
Apparently, context->Global() won't be destroyed if the context itself
isn't marked as weak and independent.
Also, the weakness flag should be cleared once the weak callback is
executed, otherwise we'll get crashes in Debug builds.
fix#6115 and #6201
Slowness being somewhat subjective but determined by running the
test suite a few times and picking off everything that consistently
clocks in at 2 seconds or more.
Honorable mention for simple/test-tls-server-large-request, it often
runs for 10 (!) seconds or more.
* Run the garbage collector before creating the big array. It doesn't
matter now but if in the future something in node.js core creates
a lot of reclaimable garbage, that will break the test's expectation.
* The first RSS check was being done too late. The garbage collector
might have run before the check, throwing off the 'reclaimed memory'
calculation.
* Due to changes in how V8 represents the big array internally, the
actual memory usage is just below 256 MB on x64. Update the test's
expectation.
Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.
This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.
Don't emit a 'connect' event on sockets that are handed off to
net.Server 'connection' event listeners.
1. It's superfluous because the connection has already been established
at that point.
2. The implementation is arguably wrong because the event is emitted on
the same tick of the event loop while the rule of thumb is to always
emit it on the next one.
This has been tried before in commit f0a440d but was reverted again in
ede1acc because the change was incomplete (at least one test hadn't
been updated).
Fixes#1047 (again).
Let ECONNRESET network errors bubble up so clients can detect them.
Commit c4454d2e suppressed and turned them into regular end-of-stream
events to fix the then-failing simple/test-regress-GH-1531 test. See
also issue #1571 for (scant) details.
It turns out that special handling is no longer necessary. Remove the
special casing and let the error bubble up naturally.
pummel/test-https-ci-reneg-attack and pummel/test-tls-ci-reneg-attack
are updated because they expected an EPIPE error code that is now an
ECONNRESET. Suppression of the ECONNRESET prevented the test from
detecting that the connection has been severed whereupon the next
write would fail with an EPIPE.
Fixes#1776.
Fix the following OOM error in pummel/test-net-connect-memleak
and pummel/test-tls-connect-memleak:
FATAL ERROR: CALL_AND_RETRY_0 Allocation failed - process out of
memory
Commit v8/v8@91afd39 increases the size of the deoptimization table
to the extent that a 64M float array pushes it over the brink. Switch
to SMIs so it stays below the limit.
pummel/test-net-connect-memleak is still failing albeit with a different
error this time. Needs further investigation.
=== release test-net-connect-memleak ===
Path: pummel/test-net-connect-memleak
-64 kB reclaimed
assert.js:102
throw new assert.AssertionError({
^
AssertionError: false == true
at done [as _onTimeout] (/home/bnoordhuis/src/nodejs/master/
test/pummel/test-net-connect-memleak.js:48:3)
at Timer.listOnTimeout [as ontimeout] (timers.js:110:15)
at process._makeCallback (node.js:306:20)
Update the tls and https tests to explicitly set rejectUnauthorized instead of
relying on the NODE_TLS_REJECT_UNAUTHORIZED environment variable getting set.
This commit changes the default value of the rejectUnauthorized option from
false to true.
What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.
There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.
Fixes#3949.
pummel/test-net-throttle assumes that a couple of big write requests result in
some of them getting queued because the kernel's send buffer fills up.
Said assumption breaks on systems with large send buffers. Raise the size of
the write request to ameliorate the issue.
This is a back-port of commit 6770555 from the master branch.
The test relied on a peculiarity of process.nextTick() that was changed in
commit 4e5fe2d. Before that commit, each nextTick callback corresponded with
the event loop moving forward one tick. That's no longer the case.
pummel/test-net-throttle assumes that a couple of big write requests result in
some of them getting queued because the kernel's send buffer fills up.
Said assumption breaks on systems with large send buffers. Raise the size of
the write request to ameliorate the issue.
Before this commit, `fs.unwatchFile(path)` removed *all* listeners for `path`.
The function is overloaded now: `fs.unwatchFile(path)` still removes all
listeners, but `fs.unwatchFile(path, cb)` lets you remove a specific listener.
Fixes#3660.
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.
Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
DH_size returns number of bytes in a prime number, DH_compute_key returns number
of bytes in a remainder of exponent, which may have less bytes than a prime
number. Therefore add 0-padding to the allocated buffer.
Fixes#3372
It wasn't waiting for the child process' stderr to close, so not an
assertion was made *before* all the data that the child process sent
was received by node.