Stefan Bühler
db993956d6
Fix crypto hmac to accept binary keys + add test cases from rfc 2202 and 4231
Fixes #324 .
Fixes #1027 .
Instead of converting buffers to strings and back again to char array
directly use the buffer data in hmac_init (same as in hmac_update).
14 years ago
SAWADA Tadashi
e357acc55b
Fix crypto encryption/decryption with Base64.
Fixes #738 .
Fixes #1205 .
14 years ago
Ben Noordhuis
6f0740e67b
crypto: check for SSL_COMP_get_compression_methods()
Function was named SSL_COMP_get_compression_method() (singular)
in OpenSSL 0.9.7 and older.
Fixes #1242 .
14 years ago
Mark Cavage
7c51275bce
Cleanup crypto verify to not print unnecessary errors
14 years ago
Mark Cavage
88552c51ae
Support for signature verification with RSA/DSA public keys
Fixes #1166 .
14 years ago
Ryan Dahl
1d7a46a588
Disabling SSL compression is dependent on OpenSSL version 0.9.8
Fixes #1087 .
14 years ago
Jérémy Lal
f23c45f7f4
Option to disable SSL v2
Fixes #880
14 years ago
Ben Noordhuis
eb4c9ed881
Fix resource leaks in node_crypto.cc
Fixes #1097 .
14 years ago
Ryan Dahl
e83c6959db
Disable compression with OpenSSL.
This improves memory and speed. Users may apply compression in "userland"
above the CryptoStream layer if they desire.
14 years ago
Håvard Stranden
9f0b1a9bc6
Add Diffie-Hellman support to crypto module
Fixes #573
14 years ago
Fedor Indutny
c9b40da368
OpenSSL NPN in node.js
closes #926 .
14 years ago
Theo Schlossnagle
2a88dd3bc1
TLS: Add secureOptions flag
Also, secureOptions flag was added (and passed through) and allows
the context to have all supported SSL_OP_* set via createCredentials.
All SSL_OP_ flags (outside of ALL) have been added to constants.
14 years ago
Ryan Dahl
a7254f3df9
Revert "Disable compression with OpenSSL."
This reverts commit 362785f704
.
14 years ago
Ryan Dahl
362785f704
Disable compression with OpenSSL.
This improves memory and speed. Users may apply compression in "userland"
above the CryptoStream layer if they desire.
14 years ago
Ryan Dahl
5c35dff419
Don't load root certs for each SSL context
14 years ago
Ryan Dahl
55048cdf79
Update copyright headers
14 years ago
Felix Geisendörfer
9d4c5a12f4
Crypto update should only accept strings / buffers
I have seen a lot of people trying to pass objects to crypto's update
functions, assuming that it would somehow serialize the object before
hashing.
In reality, the object was converted to '[object Object]' which was
then hashed, without any error message showing.
This patch modifies the DecodeBytes function (used exclusively by
crypto at this point) to complain when receiving anything but a
string or buffer.
Overall this should be a less-suprising, more robust behavior.
14 years ago
Theo Schlossnagle
2a61e1cd49
without this the server will not advertise support for client certs
Closes GH-774.
14 years ago
Theo Schlossnagle
01a864a29d
TLS: CRL support
Needs more tests.
14 years ago
Ryan Dahl
8cd07bb273
TLS: handle cert chains
14 years ago
Ryan Dahl
56ab929c55
Remove unused parameter from crypto::Handle*Error
14 years ago
Ryan Dahl
519dc2c114
tls: split bio errors from ssl errors
14 years ago
Ryan Dahl
448e0f4394
tls fixes
14 years ago
Ryan Dahl
807fca6803
TLS: Set ssl.receivedShutdown after each read
Closes GH-613.
14 years ago
Ryan Dahl
2ff593ad23
TLS: better error reporting at binding layer
Closes GH-612.
14 years ago
Greg Hughes
1a5e513084
Fix style issues with ext_key_usage patch
Closes GH-586.
14 years ago
Greg Hughes
6c32e155d3
Add ext_key_usage to getPeerCertificate
14 years ago
Tom Hughes
54b1f8028a
Free (ref-counted) private key.
14 years ago
Tom Hughes
b38f4712c4
Fix memory leak in node_crypto.cc.
Both HexDecode and unbase64 allocate buffers, which weren't being freed.
14 years ago
Ryan Dahl
e3d1808ef0
Rename node::SecureStream to node::crypto::Connection
node::SecureStream is definitely not a "stream" in the Node sense. Renaming
it to avoid ambiguity. (Adding namespace to not confuse with some other
Connection object.)
14 years ago
Ryan Dahl
70baeba8a9
Add receivedShutdown() binding
14 years ago
Ryan Dahl
dac4d486ec
Accept Buffers as well as strings for addCert, addKey
14 years ago
Ryan Dahl
6bc9b2ef92
clients without certs are unauthed.
14 years ago
Ryan Dahl
5bca100afe
Server must not request cert.
14 years ago
Ryan Dahl
127f17a0ea
Remove should_verify from C++ - to handle in JS land
14 years ago
Ryan Dahl
28a86c3e56
Remove unnecessary call to X509_STORE_free
14 years ago
Ryan Dahl
504a80dc6d
Rename VerifyPeerError to VerifyError
14 years ago
Ryan Dahl
355936dcde
Implement SecureContext destructor
14 years ago
Ryan Dahl
ea540c94f8
Better verify info
14 years ago
Ryan Dahl
4b947310b2
Move root certs out of JavaScript
14 years ago
Ryan Dahl
486c74e72b
Revert "Default to TLSv1"
This reverts commit 97970b05fe
.
14 years ago
Ryan Dahl
db98d6e4e0
Remove assert in verify_peer; add comments
14 years ago
Ryan Dahl
97970b05fe
Default to TLSv1
14 years ago
Ryan Dahl
bf89872306
style
14 years ago
Ryan Dahl
be2457aaca
Use SSL_MODE_RELEASE_BUFFERS by default.
14 years ago
Ryan Dahl
7515360951
fix style for SecureStream::IsInitFinished
14 years ago
Ryan Dahl
de6e88c428
Fix segfault on test-crypto
Plus random cleanups. This code needs help.
14 years ago
Tim-Smart
79ecc8e9b7
Style changes.
14 years ago
Paul Querna
6ea61acf29
remove old todo.
14 years ago
Paul Querna
1ce4684a27
Centralize error handling in SecureStream
and add a start method, to kick off SSL handshaking, without writing a zero
byte buffer
14 years ago