Not allowing string was a change from v0.10 behaviour, commented on in
joyent/node#7991. Allow them again, but still check that argument is
numberish. Also, simplify the fragile and non-portable test code
introduced in 832ec1cd50 that required fixups 2a415358ee, and
ef3c4ed3d.
PR-URL: https://github.com/joyent/node/pull/8531
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Clarify and emphasize the differences between dns.lookup and the rest of
the functions in the dns module.
PR-URL: https://github.com/joyent/node/pull/8726
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>
this puts the type-checking assertions in require
into proper order.
PR-URL: https://github.com/joyent/node/pull/8333
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
So what I did here is to make the icutools library actually contain the
entire ICU dependencies needed for host-side tools. Sadly, this will
build ICU twice, but avoids conflicts between host and target side.
This all seems like a gyp bug of some sort, but without docs for
toolsets, who’s to say?
I removed the icuio library as a separate target, because it was only
used by the host-side tools.
PR-URL: https://github.com/joyent/node/pull/8681
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
This updates key size to 2048 and default hash function to sha256.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/joyent/node/pull/8690
Adding note to api/modules.markdown about ability to
load arbitrary path from modules from node_module path
by adding reference to path after module name in call
to require()
PR-URL: https://github.com/joyent/node/pull/7794
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Reviewed-by: Timothy J Fontaine <tjfontaine@gmail.com>
pending tls.TLSSocket growing the ability to work
with streams, createSecurePair will remain.
PR-URL: https://github.com/joyent/node/pull/8695
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Revert uv_thread_self() to return unsigned long instead of uv_thread_t.
This was causing a build failure on Windows and is only a temporary fix
until the proper patch lands upstream.
Reverts: https://github.com/joyent/libuv/commit/59658a8
Fixes: ce112c2 "deps: update uv to v1.0.0-rc2"
It was modified in libuv to be consistent with uv_exepath and not
include the trailing NULL byte in the returned size.
PR-URL: https://github.com/joyent/node/pull/8566
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
copyOnto is broken when one argument has 1 byte size and the other > 1
byte.
PR-URL: https://github.com/joyent/node/pull/8637
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Currently when a server receives a new connection the underlying socket
handle begins reading data immediately. This causes problems when
sockets are passed between processes, as data can be read by the first
process and thus never read by the second process.
This commit allows sockets that are constructed with a handle to be
paused initially.
PR-URL: https://github.com/joyent/node/pull/8576
Fixes: https://github.com/joyent/node/issues/7905
Fixes: https://github.com/joyent/node/issues/7784
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Also couple of additions about dispose and limitations of smalloc'ed
objects.
Fixes: https://github.com/joyent/node/pull/8625
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Fixes usage of global object 'Buffer' in lib/* files by ensuring that
each file does an explicit require('buffer').Buffer. Previously, when
running a repl, due to usage of global 'Buffer', any redefinition of
Buffer would cause a crash eg var Buffer = {}.
Fixes: https://github.com/joyent/node/issues/8588
PR-URL: https://github.com/joyent/node/pull/8603
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Add a test that goes through the whole matrix of:
- command line options (--enable-ssl*)
- secureOptions
- secureProtocols
and makes sure that compatible test setups actually work as expected.
The test works by spawning two processes for each test case: one client
and one server. The test passes if a SSL/TLS connection from the client
to the server is successful and the test case was supposed to pass, or
if the connection couldn't be established and the test case was supposed
to fail.
The test is currently located in the directory 'test/external' because
it has external dependencies.
* openssl: Update to 1.0.1j (Addressing multiple CVEs)
* uv: Update to v0.10.29
* child_process: properly support optional args (cjihrig)
* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
Timothy J Fontaine, Alexis Campailla)
This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.
This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.
adds a note to the crypto docs passing along
the advice that openssl gives about what
key derivation function they recommend.
PR-URL: https://github.com/joyent/node/pull/8580
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Always set ssl2/ssl3 disabled based on whether they are enabled in Node.
In some corner-case scenario, node with OPENSSL_NO_SSL3 defined could
be linked to openssl that has SSL3 enabled.
In the case of a pipe'd input, i.e. from the CI the fd will be a PIPE
and when listen() is called it will return ENOTSOCK instead of EINVAL.
Backport: cd2d3aedaa
The order of the callbacks is non-deterministic, so don't expect the
error messages to come back in the same order every time, instead just
verify they are expected messages.
This change disables SSLv2/SSLv3 use by default, and introduces a
command line flag to opt into using SSLv2/SSLv3.
SSLv2 and SSLv3 are considered unsafe, and should only be used in
situations where compatibility with other components is required and
they cannot be upgrade to support newer forms of TLS.
Because of constant-timeness change made in openssl-1.0.1j the error is
no longer returned from EVP_DecryptFinal_ex. Now it just return 0, and
thus the error message does not contain proper error code. Adapt to this
change, there is not much that we could do about it.