lukechilds/node - node - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
Ben Noordhuis	5b65638124	tls, https: add tls handshake timeout Don't allow connections to stall indefinitely if the SSL/TLS handshake does not complete. Adds a new tls.Server and https.Server configuration option, handshakeTimeout. Fixes #4355.	12 years ago
Ben Noordhuis	121ed91331	tls: fix tls.connect() resource leak The 'secureConnect' event listener was attached with .on(), which blocked it from getting garbage collected. Use .once() instead. Fixes #4308.	12 years ago
Girish Ramakrishnan	2f03eaf76f	doc: tls: rejectUnauthorized defaults to true after `35607f3a`	12 years ago
Brandon Philips	19b87bbda0	tls: delete useless removeListener call onclose was never attached to 'end' so this call to remove this listener is useless. Delete it.	12 years ago
isaacs	4266f5cf2e	tls: Provide buffer to Connection.setSession	12 years ago
isaacs	061f2075cf	string_decoder: Add 'end' method, do base64 properly	12 years ago
Ben Noordhuis	0ad005852c	https: fix renegotation attack protection Listen for the 'clientError' event that is emitted when a renegotation attack is detected and close the connection. Fixes test/pummel/test-https-ci-reneg-attack.js	12 years ago
Ben Noordhuis	7394e89ff6	tls: remove dead code Remove dead code. Forgotten in `76ddf06`.	12 years ago
Ben Noordhuis	76ddf06f10	tls: don't use a timer to track renegotiations It makes tls.createSecurePair(null, true) hang until the timer expires. Using a timer here is silly. Use a timestamp instead.	12 years ago
isaacs	411d46087f	tls: lint cc @indutny >_<	12 years ago
Fedor Indutny	7651228ab2	tls: use slab allocator	13 years ago
Ben Noordhuis	35607f3a2d	tls, https: validate server certificate by default This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949.	13 years ago
Fedor Indutny	8e0c830cd0	tls: async session storage	13 years ago
Shigeki Ohtsu	f347077e78	tls: support unix domain socket/named pipe in tls.connect	13 years ago
Ben Noordhuis	8bec26122d	tls, https: throw exception on missing key/cert Throw an exception in the tls.Server constructor when the options object doesn't contain either a PFX or a key/certificate combo. Said change exposed a bug in simple/test-tls-junk-closes-server. Addressed. Fixes #3941.	13 years ago
isaacs	ee200942dd	lint	13 years ago
Ben Noordhuis	badbd1af27	tls: update default cipher list Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH in order to mitigate BEAST attacks. The documentation suggested AES256-SHA but unfortunately that's a CBC cipher and therefore susceptible to attacks. Fixes #3900.	13 years ago
Ben Noordhuis	c492d43f48	tls: fix segfault in pummel/test-tls-ci-reneg-attack Commit `4e5fe2d` changed the way how process.nextTick() works: process.nextTick(function foo() { process.nextTick(function bar() { // ... }); }); Before said commit, foo() and bar() used to run on separate event loop ticks but that is no longer the case. However, that's exactly the behavior that the TLS renegotiation attack guard relies on. It gets called by OpenSSL and needs to defer the 'error' event to a later tick because the default action is to destroy the TLS context - the same context that OpenSSL currently operates on. When things change underneath your feet, bad things happen and OpenSSL is no exception. Ergo, use setImmediate() instead of process.nextTick() to ensure that the 'error' event is actually emitted at a later tick. Fixes #3840.	13 years ago
Ben Noordhuis	6b18e88b68	tls: handle multiple CN fields when verifying cert Fixes #3861.	13 years ago
Fedor Indutny	42c6952edb	tls: pass linting	13 years ago
Fedor Indutny	85185bbbaa	tls: pass linting	13 years ago
Fedor Indutny	92e7433ff9	tls: fix 'hostless' tls connection verification And fix last failing tests	13 years ago
Fedor Indutny	50122fed8a	tls: fix 'hostless' tls connection verification And fix last failing tests	13 years ago
Fedor Indutny	93d496a4ec	tls: revert accidental API change socket.authorizationError should always be string. Also make sni test pass.	13 years ago
Fedor Indutny	5950db197c	tls: revert accidental API change socket.authorizationError should always be string. Also make sni test pass.	13 years ago
Fedor Indutny	4aa09d1e0e	tls: localhost is valid against identity-check	13 years ago
Fedor Indutny	0cf235410d	tls: localhost is valid against identity-check	13 years ago
Fedor Indutny	eb2ca10462	tls: veryify server's identity	13 years ago
Fedor Indutny	8ba189b8d3	tls: veryify server's identity	13 years ago
isaacs	3ad07ed0b8	lint	13 years ago
Jonas Westerlund	4cfdc57712	Inline timeout function, avoiding declaration in conditional Moving it out would require an anonymous function, or bind(), anyway. Luckily It's a tiny function. Fixes crash in strict mode.	13 years ago
Fedor Indutny	f210530f46	tls: use slab allocator	13 years ago
Ben Noordhuis	ff552ddbaa	tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it.	13 years ago
Andreas Madsen	1e0ce5d1bd	domain: the EventEmitter constructor is now always called in nodecore	13 years ago
isaacs	9611354f08	lint	13 years ago
ssuda	fb7348ae06	crypto: add PKCS12/PFX support Fixes #2845.	13 years ago
fukayatsu	0f95a93a2c	tls: remove duplicate line	13 years ago
Yosef Dinerstein	d7c96cf289	tls: reduce memory overhead, reuse buffer Instead of allocating a new 64KB buffer each time when checking if there is something to transform, continue to use the same buffer. Once the buffer is exhausted, allocate a new buffer. This solves the problem of huge allocations when small fragments of data are processed, but will also continue to work well with big pieces of data.	13 years ago
Shigeki Ohtsu	e1199fa335	tls: fix CryptoStream.setKeepAlive()	13 years ago
ssuda	9b672bcaa2	tls: parsing multiple values of a key in ssl certificate Fixes #2864.	13 years ago
Dmitry Nizovtsev	1e9bcf26ce	net, http, https: add localAddress option Binds to a local address before making the outgoing connection.	13 years ago
isaacs	959a19e118	lint	13 years ago
Jimb Esser	78db18739a	tls: proxy set(Timeout\|NoDelay\|KeepAlive) methods - fix crash calling ClientRequest::setKeepAlive if the underlying request is HTTPS. - fix discarding of callback parameter when calling ClientRequest::setTimeout on HTTPS requests. - fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on HTTPS requests.	13 years ago
Blake Miner	7343f8e776	tls: add `honorCipherOrder` option to tls.createServer() Documented how to mitigate BEAST attacks.	13 years ago
Maciej Małecki	da908364a8	tls http https: don't pollute user's `options` object	13 years ago
isaacs	0cdf85e28d	Lint all the JavaScripts.	13 years ago
Ben Noordhuis	3415427dbf	tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded.	13 years ago
koichik	b19b8836c3	tls: Allow establishing secure connection on the existing socket	13 years ago
Ben Noordhuis	e806ad39d0	net, tls, http: remove socket.ondrain Replace the ondrain hack with a regular 'drain' listener. Speeds up the bytes/1024 http benchmark by about 1.2%.	13 years ago
koichik	534df2f8d2	tls: fix double 'error' events on HTTPS Requests Fixes #2549.	13 years ago

1 2 3 4