This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.
Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
The test blindly assumes that the default cipher suite supports RC4
ciphers. This corrects the case where RC4 might not be available in the
default ciphers by setting the client to use the same suite as the
server.
PR-URL: https://github.com/iojs/io.js/pull/853
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit validates the properties of ENOENT error objects
returned by spawn() and spawnSync().
PR-URL: https://github.com/iojs/io.js/pull/838
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
'.' and '..' are directory specs and resolving urls with or
without the hostname with '.' and '..' should add a trailing
slash to the end of the url.
Fixes: https://github.com/joyent/node/issues/8992
PR-URL: https://github.com/iojs/io.js/pull/278
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Timeout#unref() call returns undefined, not this. The test already
worked before, because the interval was still unref'd, and the test also
succeeds without clearing the interval.
PR-URL: https://github.com/joyent/node/pull/9171
Reviewed-by: Colin Ihrig <cjihrig@gmail.com>
Reviewed-by: Timothy J Fontaine <tjfontaine@gmail.com>
Conflicts:
test/simple/test-timers-unref.js
This commit restricts socket timeouts non-negative, finite
numbers. Any other value throws a TypeError or RangeError.
This prevents subtle bugs that can happen due to type
coercion.
Fixes: https://github.com/joyent/node/issues/8618
PR-URL: https://github.com/joyent/node/pull/8884
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Conflicts:
lib/timers.js
test/simple/test-net-settimeout.js
test/simple/test-net-socket-timeout.js
This commit distributes many of the various tests that were previously
strewn about `test-crypto.js` into their own files, such as for Ciphers
and Deciphers, Hashing, and HMACs. Copy pasta, and no style changes
besides removing a few now-unnecessary closures.
Helps eliminate file bloat and allows for easier test prognosis.
PR-URL: https://github.com/iojs/io.js/pull/827
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Everything that is not an object should be a primitive.
PR-URL: https://github.com/iojs/io.js/pull/739
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
All own enumerable properties are compared already. Comparing
`prototype` property specifically can cause weird behaviour.
PR-URL: https://github.com/iojs/io.js/pull/636
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The IPv6 test in parallel/test-dgram-error-message-address may fail
when the host system has disabled IPv6, as is the case on our FreeBSD
machines. The test already accepted EAFNOSUPPORT as of commit 5ba307a,
now make it accept EPROTONOSUPPORT as well.
I'm not exactly thrilled by the profusion of error codes but they are
all legitimate.
PR-URL: https://github.com/iojs/io.js/pull/733
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Private keys may be used along with publicEncrypt since the private key
includes the public one. This adds the ability to use encrypted private
keys which previously threw an error. This commit also makes sure the
user exposed functions have names.
PR-URL: https://github.com/iojs/io.js/pull/626
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
When the last signal listener is removed, the signal wrap should be
closed, restoring the default signal handling behaviour. This is done in
a (patched) process.removeListener(). However, events.removeAllListeners
has an optimization to avoid calling removeListener() if there are no
listeners for the 'removeListener' event, introduced in 56668f54d1. That
caused the following code to fail to terminate:
process.stdin.resume();
function listener() {};
process.on('SIGINT', listener);
process.removeAllListeners('SIGINT');
process.kill(process.pid, 'SIGINT')
while the following will terminate:
process.stdin.resume();
function listener() {};
process.on('SIGINT', listener);
process.removeListener('SIGINT', listener);
process.kill(process.pid, 'SIGINT')
Replace the method patching with use of the 'newListener' and
'removeListener' events, which will fire no matter which methods are
used to add or remove listeners.
PR-URL: https://github.com/iojs/io.js/pull/687
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The order of the `newListener` and `removeListener` events with respect
to the actual adding and removing from the underlying listeners array
should be deterministic. There is no compelling reason for leaving it
indeterminate. Changing the ordering is likely to result in breaking
code that was unwittingly relying on the current behaviour, and the
indeterminancy makes it impossible to use these events to determine when
the first or last listener is added for an event.
PR-URL: https://github.com/iojs/io.js/pull/687
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Currently, JSON.stringify() is used to create error messages
on failed assertions. This causes an error when stringifying
objects with circular references. This commit switches out
JSON.stringify() for util.inspect(), which can handle
circular references.
PR-URL: https://github.com/iojs/io.js/pull/668
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
* Include a description for the error message
* For rename, link, and symlink, include both the source and destination
path in the error message.
* Expose the destination path as the `dest` property on the error object.
* Fix a bug where `ThrowUVException()` would incorrectly delegate to
`Environment::TrowErrnoException()`.
API impact:
* Adds an extra overload for node::UVException() which takes 6
arguments.
PR: https://github.com/iojs/io.js/pull/675
Fixes: https://github.com/iojs/io.js/issues/207
Closes: https://github.com/iojs/io.js/pull/293
Reviewed-by: Ben Noordhuis <info@bnoordhuis.nl>
A number -> uint32 type coercion bug made buffer sizes
larger than kMaxLength (0x3fffffff) wrap around.
Instead of rejecting the requested size with an exception,
the constructor created a buffer with the wrong size.
PR-URL: https://github.com/iojs/io.js/pull/657
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Server sockets should be shared by default, and client sockets should be
exclusive by default. For net/TCP, this is how it is, for dgram/UDP, its
a little less clear what a client socket is, but a socket that is
auto-bound during a dgram.send() is not usefully shared among cluster
workers, any more than an outgoing TCP connection would be usefully
shared.
Since implicit binds become exclusive, implicit/client dgram sockets can
now be used with cluster on Windows. Before, neither explicit nor
implicitly bound sockets could be used, causing dgram to be completely
unsupported with cluster on Windows. After this change, they become half
supported.
PR: https://github.com/iojs/io.js/pull/325
PR: https://github.com/joyent/node/pull/8643
Reviewed-by: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Bert Belder <bertbelder@gmail.com>
Add a regression test for https://github.com/iojs/io.js/issues/627.
Before the http_parser rollback to 2.3.0, the request callback was
called but an 'upgrade' event was not emitted, even though there is
an Upgrade header present in the request.
PR-URL: https://github.com/iojs/io.js/pull/628
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
This makes possible to use `for..of` loop with
buffers. Also related `keys`, `values` and `entries`
methods are added for feature parity with `Uint8Array`.
PR-URL: https://github.com/iojs/io.js/pull/525
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Console.prototype.timeEnd() returns NaN if the timer label
corresponds to a property on Object.prototype. This commit
uses a Map to construct the _times object.
Fixes: https://github.com/joyent/node/issues/9069
PR-URL: https://github.com/iojs/io.js/pull/563
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
It is supposed to test an internal debug feature but what it effectively
ends up testing, is the exact lifecyle of different kinds of internal
handles.
Lifecycles are different across releases and platforms, making the test
fail intermittently or, in some environments, consistently. It's not a
good test, delete it.
PR-URL: https://github.com/iojs/io.js/pull/575
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Ameliorate a timing sensitivity issue by switching from setImmediate()
to setTimeout() with a 50 ms timeout.
This commit also adds EPIPE as an accepted error (besides ECONNABORT
and ECONNRESET) because that's a plausible outcome given the timing
sensitive nature of test.
PR-URL: https://github.com/iojs/io.js/pull/575
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
The test expects EADDRNOTAVAIL when trying to bind to address 111::1.
Systems that have IPv6 disabled throw EAFNOSUPPORT instead, however.
Update the test accordingly.
PR-URL: https://github.com/iojs/io.js/pull/575
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Commit 2931348 added EventEmitter#getMaxListeners() but introduced a
regression when people abuse EventEmitter.prototype.on.call() to call
EventEmitter#on() on a non-EE object. Add a workaround for that.
Fixes: https://github.com/iojs/io.js/issues/523
PR-URL: https://github.com/iojs/io.js/pull/527
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add missing commas in parallel/test-event-emitter-get-max-listeners.
Comma-less style is fine and dandy but it throws off vim's autoindent.
PR-URL: https://github.com/iojs/io.js/pull/527
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Commit 3e1b1dd missed a few files in test/parallel, this commit
rectifies that.
Only test/parallel/test-url.js still has a copyright header. I left
it in because the original author is neither an io.js contributor nor
a StrongLoop employee.
PR-URL: https://github.com/iojs/io.js/pull/527
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reland the changes from commit 11c1bae ("lib: make --debug-port work
with cluster") that were temporarily backed out to cherry-pick commits
from joyent/node.
PR-URL: https://github.com/iojs/io.js/pull/501
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
unref one superfluous timer (as the test suite already has a global
timeout), and improve the state machine to iterate the messages more
reliably.
Ultimately make the test complete more quickly.
Original-PR-URL: [unknown]
Signed-off-by: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/iojs/io.js/pull/501
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Temporarily revert the changes to test/ from commit 11c1bae ("lib: make
--debug-port work with cluster") to ease cherry-picks from joyent/node.
PR-URL: https://github.com/iojs/io.js/pull/501
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Move sequential/test-debug-port-from-cmdline to test/parallel. Per the
previous commit, it should now be possible to run the test in parallel
with other debugger tests.
PR-URL: https://github.com/iojs/io.js/pull/501
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Let REPL enter multiline mode if user's input contains unterminated
template literals.
PR-URL: https://github.com/iojs/io.js/pull/333
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
make sure that process.versions contains an expected list of software to avoid
potential mistakes with refactoring.
PR-URL: https://github.com/iojs/io.js/pull/352
Reviewed-By: Rod Vagg <rod@vagg.org>
The test wasn't checking directly that an assertion was thrown. Instead,
it was checking that spawn did not sucessfully spawn a non-existent
command.
However, the command chosen, dir, exists in GNU coreutils, so it exists
on Linux (though not on BSD derived OS X). The test as written passed on
Linux, even with the TypeError it is supposed to be checking for deleted
from spawn(). It would also pass on Windows if a ls.exe existed.
The approach is unnecessarily obscure, assert.throw() is for asserting
code throws, using it is more clear and works regardless of what
commands do or do not exist.
PR-URL: https://github.com/joyent/node/pull/8454
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Cherry-picked-from: 2ff29cc7e3
Conflicts:
test/parallel/test-child-process-spawn-typeerror.js
Use an array instead of an object to pass a parsed header chunk from c++
to javascript. This offers a 5-10% speedup on the http_simple benchmark,
as evidenced by running:
ab -k -t 100 -c 100 http://127.0.0.1:8000/bytes/100
PR: https://github.com/iojs/io.js/pull/292
Reviewed-by: Ben Noordhuis <info@bnoordhuis.nl>
The copyright and license notice is already in the LICENSE file. There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.