Queued write requests should be invoked on handle close, otherwise the
"consumer" might be already destroyed when the write callbacks of the
"consumed" handle will be invoked. Same applies to the shutdown
requests.
Make sure to "move" away socket from server to not break the
`connections` counter in `net.js`. Otherwise it might not call `close`
callback, or call it too early.
Fix: https://github.com/iojs/io.js/issues/1696
PR-URL: https://github.com/nodejs/io.js/pull/1910
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Defer reading until user-land has a chance to add listeners. This
allows the TLS wrapper to listen for _tlsError and trigger a
clientError event if the socket already has data that could trigger.
Fixes: https://github.com/nodejs/io.js/issues/1114
PR-URL: https://github.com/nodejs/io.js/pull/1496
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
5795e835a1 introduced unintentional
copy-paste bug. `cb` is not actually present in those functions and
should not be called, the socket should be destroy instead.
PR-URL: https://github.com/nodejs/io.js/pull/1951
Reviewed-By: Roman Reiss <me@silverwind.io>
Emit errors using `.destroy(err)` instead of `.destroy()` and
`.emit('error', err)`. Otherwise `close` event is emitted with the
`error` argument set to `false`, even if the connection was torn down
because of the error.
See: https://github.com/nodejs/io.js/issues/1119
PR-URL: https://github.com/nodejs/io.js/pull/1711
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
In ssl.onerror event, `this` refers `ssl` so that
`this._secureEstablished` is always undefined. Fix it to refer
TLSSocket.
PR-URL: https://github.com/nodejs/io.js/pull/1661
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This makes `TLSWrap` and `SecureContext` objects collectable by the
incremental gc.
`res = null` destroys the cyclic reference in the `reading` property.
`this.ssl = null` removes the remaining reference to the `TLSWrap`.
`this.ssl._secureContext.context = null` removes the reference to
the `SecureContext` object, even though there might be references
to `this.ssl._secureContext` somewhere.
The `reading` property will now throw an error if accessed after the
socket is closed, but that should not happen.
PR-URL: https://github.com/iojs/io.js/pull/1580
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Do not enable ClientHello parser for async SNI/OCSP. Use new
OpenSSL-1.0.2's API `SSL_set_cert_cb` to pause the handshake process and
load the cert/OCSP response asynchronously. Hopefuly this will make
whole async SNI/OCSP process much faster and will eventually let us
remove the ClientHello parser itself (which is currently used only for
async session, see #1462 for the discussion of removing it).
NOTE: Ported our code to `SSL_CTX_add1_chain_cert` to use
`SSL_CTX_get0_chain_certs` in `CertCbDone`. Test provided for this
feature.
Fix: https://github.com/iojs/io.js/issues/1423
PR-URL: https://github.com/iojs/io.js/pull/1464
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
tls.connect(options) with no options.host should accept a certificate
with CN: 'localhost'. Fix Error: Hostname/IP doesn't match
certificate's altnames: "Host: undefined. is not cert's CN: localhost"
'localhost' is not added directly to defaults because that is not
always desired (for example, when using options.socket)
PR-URL: https://github.com/iojs/io.js/pull/1493
Fixes: https://github.com/iojs/io.js/issues/1489
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
This commit better handles calls to process.binding() in lib/ by
no longer lazy loading the bindings (the load times themselves are
rather miniscule compared to the load time of V8) and never reloading
the bindings (which is 172 times slower than referencing a variable with
the same value).
PR-URL: https://github.com/iojs/io.js/pull/1367
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Set proxied methods wrappers in `TLSWrap` prototype instead of doing it
on every socket allocation. Should speed up things a bit and will
certainly make heapsnapshot less verbose.
PR-URL: https://github.com/iojs/io.js/pull/1108
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Hold non-persistent reference in JS, rather than in C++ to avoid cycles.
PR-URL: https://github.com/iojs/io.js/pull/1078
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Accept `new net.Socket()` as a `socket` option to `tls.connect()`
without triggering an assertion error in C++.
This is done by wrapping it into a JSStream to ensure that there will be
a handle at the time of wrapping the socket into TLSSocket.
Fix: https://github.com/iojs/io.js/issues/987
PR-URL: https://github.com/iojs/io.js/pull/1046
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
The problem does not manifest itself on unixes, because
`uv_read_start()` always return 0 there. However on Windows on a second
call `uv_read_start()` returns `UV__EALREADY` destroying all sockets on
a read attempt.
Set `.reading` property that is already handled by `net.js` code.
Fix: https://github.com/iojs/io.js/issues/988
PR-URL: https://github.com/iojs/io.js/pull/994
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Introduce a way to wrap plain-js `stream.Duplex` streams into C++
StreamBase's child class. With such method at hand it is now possible to
pass `stream.Duplex` instance as a `socket` parameter to
`tls.connect()`.
PR-URL: https://github.com/iojs/io.js/pull/926
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
StreamBase is an improved way to write C++ streams. The class itself is
for separting `StreamWrap` (with the methods like `.writeAsciiString`,
`.writeBuffer`, `.writev`, etc) from the `HandleWrap` class, making
possible to write abstract C++ streams that are not bound to any uv
socket.
The following methods are important part of the abstraction (which
mimics libuv's stream API):
* Events:
* `OnAlloc(size_t size, uv_buf_t*)`
* `OnRead(ssize_t nread, const uv_buf_t*, uv_handle_type pending)`
* `OnAfterWrite(WriteWrap*)`
* Wrappers:
* `DoShutdown(ShutdownWrap*)`
* `DoTryWrite(uv_buf_t** bufs, size_t* count)`
* `DoWrite(WriteWrap*, uv_buf_t*, size_t count, uv_stream_t* handle)`
* `Error()`
* `ClearError()`
The implementation should provide all of these methods, thus providing
the access to the underlying resource (be it uv handle, TLS socket, or
anything else).
A C++ stream may consume the input of another stream by replacing the
event callbacks and proxying the writes. This kind of API is actually
used now for the TLSWrap implementation, making it possible to wrap TLS
stream into another TLS stream. Thus legacy API calls are no longer
required in `_tls_wrap.js`.
PR-URL: https://github.com/iojs/io.js/pull/840
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
`TLSSocket` wraps the original `net.Socket`, but writes/reads to/from
`TLSSocket` do not touch the timers of original `net.Socket`.
Introduce `socket._parent` property, and iterate through all parents
to unref timers and prevent timeout event on original `net.Socket`.
Fix: https://github.com/joyent/node/issues/9242
PR-URL: https://github.com/iojs/io.js/pull/891
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.
Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).
Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit replaces a number of var statements throughout
the lib code with const statements.
PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The copyright and license notice is already in the LICENSE file. There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
Turn on strict mode for the files in the lib/ directory. It helps
catch bugs and can have a positive effect on performance.
PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
When listening for client hello parser events (like OCSP requests), do
not hang if `newSession` event handler is not present.
fixjoyent/node#8660
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/node-forward/node/pull/47
In case of an invalid DH parameter file, it is sliently discarded. To
use auto DH parameter in a server and DHE key length check in a
client, we need to wait for the next release of OpenSSL-1.0.2.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
When creating a TLSSocket instance based on the existing connecting
socket, `_connecting` property is copied after the initialization of
`net.Socket`. However, since `net.Socket` constructor will call
`.read(0)` if the `readable` is true - error may happen at this code
chunk in net.js:
Socket.prototype._read = function(n) {
debug('_read');
if (this._connecting || !this._handle) {
debug('_read wait for connection');
this.once('connect', this._read.bind(this, n));
...
Leading to a test failures on windows:
- test/simple/test-tls-connect-given-socket.js
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix#7249
These are an old and deprecated properties that was used by previous
stream implementation, and are still in use in some user-land modules.
Prior to this commit, they were read from the underlying socket, which
may be non-readable/non-writable while connecting or while staying
uninitialized.
Force set them to `true`, just to make sure that there will be no
inconsistency.
fix#7152