lukechilds/node - node - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
isaacs	88644eaa2d	stream: There is no _read cb, there is only push This makes it so that `stream.push(chunk)` is the only way to signal the end of reading, removing the confusing disparity between the callback-style _read method, and the fact that most real-world streams do not have a 1:1 corollation between the "please give me data" event, and the actual arrival of a chunk of data. It is still possible, of course, to implement a `CallbackReadable` on top of this. Simply provide a method like this as the callback: function readCallback(er, chunk) { if (er) stream.emit('error', er); else stream.push(chunk); } However, only fs streams actually would behave in this way, so it makes not a lot of sense to make TCP, TLS, HTTP, and all the rest have to bend into this uncomfortable paradigm.	12 years ago
Fedor Indutny	ebc95f0716	tls: _handle.readStart/readStop for CryptoStream lib/http.js is using stream._handle.readStart/readStop to control data-flow coming out from underlying stream. If this methods are not present - data might be buffered regardless of whether it'll be read. see #4657	12 years ago
isaacs	60238cce12	tls: Write pending data on socket drain Fixes #4800	12 years ago
isaacs	02374d0c17	tls: Cycle data when underlying socket drains	12 years ago
Fedor Indutny	d59beb9f68	tls: port CryptoStream to streams2	12 years ago
Andy Burke	595b5974d7	Add bytesWritten to tls.CryptoStream This adds a proxy for bytesWritten to the tls.CryptoStream. This change makes the connection object more similar between HTTP and HTTPS requests in an effort to avoid confusion. See issue #4650 for more background information.	12 years ago
Fedor Indutny	82f1d340c1	tls: make slab buffer's size configurable see #4636	12 years ago
Fedor Indutny	31583be042	tls: follow RFC6125 more stricly * Allow wildcards only in left-most part of hostname identifier. * Do not match CN if altnames are present	12 years ago
Fedor Indutny	e70d1bfe64	Revert "Revert "tls: allow wildcards in common name"" This reverts commit `30e237041d`. Works properly with `b4b750b`	12 years ago
Ben Noordhuis	30e237041d	Revert "tls: allow wildcards in common name" This reverts commit `45024e7b75`. It's making test/simple/test-tls-check-server-identity.js fail: AssertionError: Test#4 failed: { host: 'b.a.com', cert: { subject: { CN: '*.a.com' } }, result: false } at <omitted>/test/simple/test-tls-check-server-identity.js:201:10	12 years ago
Fedor Indutny	b4b750b6a5	tls: follow RFC6125 more stricly * Allow wildcards only in left-most part of hostname identifier. * Do not match CN if altnames are present	12 years ago
Fedor Indutny	45024e7b75	tls: allow wildcards in common name see #4592	12 years ago
Fedor Indutny	4dd70bb12c	tls: allow wildcards in common name see #4592	12 years ago
Ben Noordhuis	5b65638124	tls, https: add tls handshake timeout Don't allow connections to stall indefinitely if the SSL/TLS handshake does not complete. Adds a new tls.Server and https.Server configuration option, handshakeTimeout. Fixes #4355.	12 years ago
Ben Noordhuis	121ed91331	tls: fix tls.connect() resource leak The 'secureConnect' event listener was attached with .on(), which blocked it from getting garbage collected. Use .once() instead. Fixes #4308.	12 years ago
Girish Ramakrishnan	2f03eaf76f	doc: tls: rejectUnauthorized defaults to true after `35607f3a`	12 years ago
Brandon Philips	19b87bbda0	tls: delete useless removeListener call onclose was never attached to 'end' so this call to remove this listener is useless. Delete it.	12 years ago
isaacs	4266f5cf2e	tls: Provide buffer to Connection.setSession	12 years ago
isaacs	061f2075cf	string_decoder: Add 'end' method, do base64 properly	12 years ago
Ben Noordhuis	0ad005852c	https: fix renegotation attack protection Listen for the 'clientError' event that is emitted when a renegotation attack is detected and close the connection. Fixes test/pummel/test-https-ci-reneg-attack.js	12 years ago
Ben Noordhuis	7394e89ff6	tls: remove dead code Remove dead code. Forgotten in `76ddf06`.	12 years ago
Ben Noordhuis	76ddf06f10	tls: don't use a timer to track renegotiations It makes tls.createSecurePair(null, true) hang until the timer expires. Using a timer here is silly. Use a timestamp instead.	12 years ago
isaacs	411d46087f	tls: lint cc @indutny >_<	12 years ago
Fedor Indutny	7651228ab2	tls: use slab allocator	13 years ago
Ben Noordhuis	35607f3a2d	tls, https: validate server certificate by default This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949.	12 years ago
Fedor Indutny	8e0c830cd0	tls: async session storage	13 years ago
Shigeki Ohtsu	f347077e78	tls: support unix domain socket/named pipe in tls.connect	12 years ago
Ben Noordhuis	8bec26122d	tls, https: throw exception on missing key/cert Throw an exception in the tls.Server constructor when the options object doesn't contain either a PFX or a key/certificate combo. Said change exposed a bug in simple/test-tls-junk-closes-server. Addressed. Fixes #3941.	12 years ago
isaacs	ee200942dd	lint	12 years ago
Ben Noordhuis	badbd1af27	tls: update default cipher list Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH in order to mitigate BEAST attacks. The documentation suggested AES256-SHA but unfortunately that's a CBC cipher and therefore susceptible to attacks. Fixes #3900.	12 years ago
Ben Noordhuis	c492d43f48	tls: fix segfault in pummel/test-tls-ci-reneg-attack Commit `4e5fe2d` changed the way how process.nextTick() works: process.nextTick(function foo() { process.nextTick(function bar() { // ... }); }); Before said commit, foo() and bar() used to run on separate event loop ticks but that is no longer the case. However, that's exactly the behavior that the TLS renegotiation attack guard relies on. It gets called by OpenSSL and needs to defer the 'error' event to a later tick because the default action is to destroy the TLS context - the same context that OpenSSL currently operates on. When things change underneath your feet, bad things happen and OpenSSL is no exception. Ergo, use setImmediate() instead of process.nextTick() to ensure that the 'error' event is actually emitted at a later tick. Fixes #3840.	12 years ago
Ben Noordhuis	6b18e88b68	tls: handle multiple CN fields when verifying cert Fixes #3861.	12 years ago
Fedor Indutny	42c6952edb	tls: pass linting	12 years ago
Fedor Indutny	85185bbbaa	tls: pass linting	12 years ago
Fedor Indutny	92e7433ff9	tls: fix 'hostless' tls connection verification And fix last failing tests	12 years ago
Fedor Indutny	50122fed8a	tls: fix 'hostless' tls connection verification And fix last failing tests	12 years ago
Fedor Indutny	93d496a4ec	tls: revert accidental API change socket.authorizationError should always be string. Also make sni test pass.	12 years ago
Fedor Indutny	5950db197c	tls: revert accidental API change socket.authorizationError should always be string. Also make sni test pass.	12 years ago
Fedor Indutny	4aa09d1e0e	tls: localhost is valid against identity-check	12 years ago
Fedor Indutny	0cf235410d	tls: localhost is valid against identity-check	12 years ago
Fedor Indutny	eb2ca10462	tls: veryify server's identity	12 years ago
Fedor Indutny	8ba189b8d3	tls: veryify server's identity	12 years ago
isaacs	3ad07ed0b8	lint	12 years ago
Jonas Westerlund	4cfdc57712	Inline timeout function, avoiding declaration in conditional Moving it out would require an anonymous function, or bind(), anyway. Luckily It's a tiny function. Fixes crash in strict mode.	13 years ago
Fedor Indutny	f210530f46	tls: use slab allocator	13 years ago
Ben Noordhuis	ff552ddbaa	tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it.	13 years ago
Andreas Madsen	1e0ce5d1bd	domain: the EventEmitter constructor is now always called in nodecore	13 years ago
isaacs	9611354f08	lint	13 years ago
ssuda	fb7348ae06	crypto: add PKCS12/PFX support Fixes #2845.	13 years ago
fukayatsu	0f95a93a2c	tls: remove duplicate line	13 years ago

1 2 3 4