Ben Noordhuis
3415427dbf
tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
13 years ago
Ryan Dahl
be67fa7e09
Revert "crypto: add SecureContext.clearOptions() method"
API addition needs to go in master. Also openssl-0.9.8k doesn't have
SSL_CTX_clear_options().
This reverts commit 6f8839d2ac
.
13 years ago
Ben Noordhuis
6f8839d2ac
crypto: add SecureContext.clearOptions() method
SecureContext.setOptions() is backed by SSL_CTX_set_options() which, contrary to
what the name suggests, is additive: it doesn't set options, it adds them to the
already active options.
Hence the need for SecureContext.clearOptions(), which lets you unset active
options.
13 years ago
Bert Belder
189dd8f803
Fix line endings and trailing whitespace
13 years ago
koichik
19a855382c
tls: requestCert unusable with Firefox and Chrome
Fixes #1516 .
14 years ago
Ben Noordhuis
c4eaf7e5a9
crypto: implement randomBytes() and pseudoRandomBytes()
14 years ago
Sean Cunningham
eb99083d0b
tls: add client-side session resumption support
14 years ago
Niclas Hoyer
7b2536a1a2
Added additional properties to getPeerCertificate, now includes subjectAltName, Exponent and Modulus (FOAF+SSL friendly).
Patch written by Nathan,
http://groups.google.com/group/nodejs/browse_thread/thread/1d42da4cb2e51536
14 years ago
Fedor Indutny
9010f5fbab
Add support for TLS SNI
Fixes #1411
14 years ago
Fedor Indutny
759fb36df3
crypto: dispose persistent properties on class destruction
14 years ago
Fedor Indutny
c9b40da368
OpenSSL NPN in node.js
closes #926 .
14 years ago
Theo Schlossnagle
2a88dd3bc1
TLS: Add secureOptions flag
Also, secureOptions flag was added (and passed through) and allows
the context to have all supported SSL_OP_* set via createCredentials.
All SSL_OP_ flags (outside of ALL) have been added to constants.
14 years ago
Ryan Dahl
5c35dff419
Don't load root certs for each SSL context
14 years ago
Ryan Dahl
55048cdf79
Update copyright headers
14 years ago
Theo Schlossnagle
01a864a29d
TLS: CRL support
Needs more tests.
14 years ago
Ryan Dahl
56ab929c55
Remove unused parameter from crypto::Handle*Error
14 years ago
Ryan Dahl
519dc2c114
tls: split bio errors from ssl errors
14 years ago
Ryan Dahl
807fca6803
TLS: Set ssl.receivedShutdown after each read
Closes GH-613.
14 years ago
Ryan Dahl
2ff593ad23
TLS: better error reporting at binding layer
Closes GH-612.
14 years ago
Ryan Dahl
e3d1808ef0
Rename node::SecureStream to node::crypto::Connection
node::SecureStream is definitely not a "stream" in the Node sense. Renaming
it to avoid ambiguity. (Adding namespace to not confuse with some other
Connection object.)
14 years ago
Ryan Dahl
70baeba8a9
Add receivedShutdown() binding
14 years ago
Ryan Dahl
127f17a0ea
Remove should_verify from C++ - to handle in JS land
14 years ago
Ryan Dahl
28a86c3e56
Remove unnecessary call to X509_STORE_free
14 years ago
Ryan Dahl
504a80dc6d
Rename VerifyPeerError to VerifyError
14 years ago
Ryan Dahl
355936dcde
Implement SecureContext destructor
14 years ago
Ryan Dahl
ea540c94f8
Better verify info
14 years ago
Ryan Dahl
4b947310b2
Move root certs out of JavaScript
14 years ago
Paul Querna
1ce4684a27
Centralize error handling in SecureStream
and add a start method, to kick off SSL handshaking, without writing a zero
byte buffer
14 years ago
Ryan Dahl
9911629de0
Fix style in node_crypto.cc
15 years ago
Ryan Dahl
163485c8aa
Rename some SecureStream methods
15 years ago
Peter Griess
792c7caf40
Coverity fixes: src/node_crypto
15 years ago
Rhys Jones
afce4c3ae8
Added default CAs, updated openssl verify behaviour, added crypto and https documentation
15 years ago
Paulo Matias
430cfd1825
Read all records to always empty the OpenSSL reading buffer.
15 years ago
Rhys Jones
80174392bb
Moved Credentials into crypto module. Added node_crypto into crypto module
15 years ago
Rhys Jones
fb3a9cd0d8
Initial openssl support for net2
15 years ago