This is a flag to make it easier for users to upgrade through the
breaking crypto change, and easier for us to switch it back if it's a
problem.
Explicitly set default encoding to 'buffer' in other tests, in case it
ever changes back.
crypto: Hash and Hmac default to buffers
crypto: Move Cipher encoding logic to JS
crypto: Move Cipheriv encoding logic to JS
crypto: Move Decipher encoding logic to JS
crypto: Move Decipheriv into JS, default to buffers
crypto: Move Sign class to JS
crypto: Better encoding handling in Hash.update
crypto: Move Verify class to JS
crypto: Move DiffieHellman to JS, default to buffers
crypto: Move DiffieHellmanGroup to JS, default to buffers
Also, create a test for this feature
Before there was this weird module-scoped "context" variable which seemingly
shared the "context" of subsequent REPL instances, unless ".clear" was invoked
inside the REPL. To be proper, we need to ensure that each REPL gets its own
"context" object. I literally don't know why this "sharing" behavior was in place
before, but it was just plain wrong.
Consolidates all the formatting options into an "options" object argument.
This is so that we don't have to be constantly remembering the order of
the arguments and so that we can add more formatting options easily.
Closes#4085.
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.
Fixes test/pummel/test-https-ci-reneg-attack.js
Make the 'listening' event handler in the master process see the actual port
that the worker bound to when the worker specified port 0, i.e. a random port.
Encoding failures can be somewhat confusing, especially when they are due to
control flow frameworks auto-filling parameters from the previous step output
values to functions (such as toString and write) that developers don't expect
to take an encoding parameter. By outputting the value as part of the message,
should make it easier to track down these sort of bugs.
This reverts commit 790d651f0d.
This makes Duplex streams unworkable, and would only ever be a special
case for HTTP responses, which is not ideal.
Intead, we're going to just bless the 'finish' event for all Writable
streams in 0.10
Just as the 'WWW-Authenticate' HTTP header the 'Proxy-Authenticate' header might
be received several times as well. Currently only one value is preserved. This
change allows to receive multiple values concatenated by space and comma.
Just as the 'WWW-Authenticate' HTTP header the 'Proxy-Authenticate' header might
be received several times as well. Currently only one value is preserved. This
change allows to receive multiple values concatenated by space and comma.
A child process created with .fork() needed to call `process.exit()` explicitly
because the communication channel with the parent kept the event loop alive.
Fix that by only ref'ing the channel when there are 'message' event listeners.
Fixes#3799.
This addresses #4034. There are two problems happening:
1. The domain is not exited automatically when calling dispose() on it.
Then, since the domain is disposed, attempting to exit it again will do
nothing.
2. The active domain is stored on process.domain. Since thrown errors
call `process.emit('uncaughtException', er)`, and the process is an
event emitter with a `.domain` member, it re-enters the domain a second
time before calling the error handler, pushing it onto the stack again.
Thus, if the handler calls `domain.dispose()`, then the domain is now on
the stack twice, and cannot be exited properly. Since the domain is
disposed, any subsequent IO will be no-op'ed, since we've declared that
this context is done and best forgotten.
The solution here is twofold:
1. In EventEmitter.emit, do not enter the domain if `this===process`.
2. Automatically exit the domain when calling `domain.dispose()`.
Make sure the deletion event gets reported in the following scenario:
1. Watch a file.
2. The initial stat() goes okay.
3. Something deletes the watched file.
4. The second stat() fails with ENOENT.
The second stat() translates into the first 'change' event but a logic error
stopped it from getting emitted.
Fixes#4027.
This commit changes the default value of the rejectUnauthorized option from
false to true.
What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.
There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.
Fixes#3949.
isaacs
Soarez
Ben Noordhuis
Nathan Rajlich
Aaditya Bhatia
Ricky Ng-Adam
Bert Belder
koichik
Paul Serby
Fedor Indutny
Alex Kocharin
Pavel Lang
thewilli
Andreas Madsen
tasogarepg
Frédéric Germain