NodeJS can already use an external, shared OpenSSL library. This
library knows where to look for OS managed certificates. Allow
a compile-time option to use this CA store by default instead of
using bundled certificates.
In case when using bundled OpenSSL, the paths are also valid for
majority of Linux systems without additional intervention. If
this is not set, we can use SSL_CERT_DIR to point it to correct
location.
Fixes: https://github.com/nodejs/node/issues/3159
PR-URL: https://github.com/nodejs/node/pull/8334
Backport-PR-URL: https://github.com/nodejs/node/pull/11794
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
The pointer to std::vector is unnecessary, so replace it with standard
instance. Also, make the for() loop more readable by using actual type
instead of inferred - there is no readability benefit here from
obfuscating the type.
PR-URL: https://github.com/nodejs/node/pull/8334
Backport-PR-URL: https://github.com/nodejs/node/pull/11794
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
See the commit log of the reverted commit: it's a semver-minor change
that can land in the next minor release.
This reverts commit 47cbb88ac5929ce6ba17f681785034dd019ce063.
Allow method chaining as with setAutoPadding and other methods.
PR-URL: https://github.com/nodejs/node/pull/9398
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <sam@strongloop.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
A side-effect of https://github.com/nodejs/node-private/pull/82
was to remove support for OPENSSL_CONF, as well as removing the default
read of a configuration file on startup.
Partly revert this, allowing OPENSSL_CONF to be used to specify a
configuration file to read on startup, but do not read a file by
default.
If the --openssl-config command line option is provided, its value is
used, not the OPENSSL_CONF environment variable.
Fix: https://github.com/nodejs/node/issues/10938
PR-URL: https://github.com/nodejs/node/pull/11006
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Allow it to be used anywhere in src/ that env variables with security
implications are accessed.
PR-URL: #11006
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.
PR-URL: https://github.com/nodejs/node/pull/11051
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
When the double dash "--" appears after "-e <script>" on the
command line, it indicates the end of options and the beginning
of positional parameters for the script.
PR-URL: #10651
Backport-PR-URL: https://github.com/nodejs/node/pull/11013
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This guide should help answer questions for contributors
that are not familiar with the backport process.
PR-URL: https://github.com/nodejs/node/pull/11099
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
The onboarding doc links to the "Technical How-to" portion of the
Collaborator's Guide for landing PRs. That section is a subsection of
the "Landing Pull Requests" portion of that document. By skipping the
main section header, important information is skipped, such as the part
about not using the merge button and descriptions of the metadata
required. Update the link to target the main section and not the
subsection.
PR-URL: https://github.com/nodejs/node/pull/12415
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/12427
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Use of `common.PORT` in `parallel` tests is not completely safe (because
the same port can be previously assigned to another test running in
parallel if that test uses port `0` to get an arbitrary available port).
Remove `common.PORT` from test-cluster-basic.
PR-URL: https://github.com/nodejs/node/pull/12377
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Add notes about path.parse(), path.basename() and path.dirname()
ignoring trailing slashes.
PR-URL: https://github.com/nodejs/node/pull/12181
Fixes: https://github.com/nodejs/node/issues/6229
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
querystring.stringify() doesn't serialize some values.
Explicitly mention what values are serialized in the docs.
Add what happens when another data type is passed to
`querystring.stringify()` besides the ones that can be correctly parsed
PR-URL: https://github.com/nodejs/node/pull/12313
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Use of extra `|` breaks markdown table rendering. Fix it.
PR-URL: https://github.com/nodejs/node/pull/12350
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
When configuring --without-ssl test-debug-usage.js fails with the
following error:
assert.js:82
throw new assert.AssertionError({
^
AssertionError: false == true
at ChildProcess.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-debug-usage.js:24:5)
at ChildProcess.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
at emitTwo (events.js:125:13)
at ChildProcess.emit (events.js:213:7)
at Process.ChildProcess._handle.onexit
(internal/child_process.js:208:12)
But the underlying error is the following:
(node:55665) [DEP0068] DeprecationWarning: `node debug` is deprecated.
Please use `node inspect` instead.
internal/util.js:83
throw new Error('Node.js is not compiled with openssl crypto
support');
^
Error: Node.js is not compiled with openssl crypto support
at Object.exports.assertCrypto (internal/util.js:83:11)
at crypto.js:28:14
at NativeModule.compile (bootstrap_node.js:559:7)
at NativeModule.require (bootstrap_node.js:500:18)
at node-inspect/lib/internal/inspect_client.js:24:16
at NativeModule.compile (bootstrap_node.js:559:7)
at NativeModule.require (bootstrap_node.js:500:18)
at node-inspect/lib/_inspect.js:39:5
at NativeModule.compile (bootstrap_node.js:559:7)
at Function.NativeModule.require (bootstrap_node.js:500:18)
assert.js:82
throw new assert.AssertionError({
^
AssertionError: false == true
at ChildProcess.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/parallel/test-debug-usage.js:25:5)
at ChildProcess.<anonymous>
(/Users/danielbevenius/work/nodejs/node/test/common.js:461:15)
at emitTwo (events.js:125:13)
at ChildProcess.emit (events.js:213:7)
at Process.ChildProcess._handle.onexit
(internal/child_process.js:208:12)
This commit adds a check for crypto like some of the other tests do.
PR-URL: https://github.com/nodejs/node/pull/12357
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
lint target now runs both linters
even if one of them failed.
PR-URL: https://github.com/nodejs/node/pull/12276
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Makes LazyTransform writable by Streams1 by assigning .writable = true
before the actual classes are loaded.
Fixes: https://github.com/nodejs/node/issues/12269
PR-URL: https://github.com/nodejs/node/pull/12380
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
We generally stick to 80 columns even in markdown files.
PR-URL: https://github.com/nodejs/node/pull/12358
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/12354
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Set the expected outcome of `util.format('%%')` to be `%%`
instead of `%`.
PR-URL: https://github.com/nodejs/node/pull/12374
Fixes: https://github.com/nodejs/node/issues/12362
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reversed "actual" and "expected" arguments for assert.strictEqual().
Replaced constructor with regular expression for assert.throws().
PR-URL: https://github.com/nodejs/node/pull/12595
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Replaced TypeError with a regular expression of the actual error.
PR-URL: https://github.com/nodejs/node/pull/12591
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds a mustNotCall() helper for testing. This provides
an alternative to using common.fail() as a callback, or creating
a callback function for the sole purpose of calling common.fail().
PR-URL: https://github.com/nodejs/node/pull/11152
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
PR-URL: https://github.com/nodejs/node/pull/12629
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
We should not use hardcoded string to warn users about
file was generated by configure script. Since we already
have do_not_edit variable we can use it
PR-URL: https://github.com/nodejs/node/pull/12610
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Replaced constructor with regular expression for assert.throw().
PR-URL: https://github.com/nodejs/node/pull/12602
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
test-https-set-timeout-server fails under load. Move it to sequential so
it is not competing with other tests.
PR-URL: https://github.com/nodejs/node/pull/12704
Fixes: https://github.com/nodejs/node/issues/10130
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Forced conversion of the encoding parameter to a string within
crypto.js, fixing segmentation faults in node_crypto.cc.
Fixes: https://github.com/nodejs/node/issues/9819
PR-URL: https://github.com/nodejs/node/pull/12164
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
This change was suggested by bnoordhuis in the following comment:
https://github.com/nodejs/node/pull/9163#discussion_r84264628
Not including any tests as this is covered by test/addons/at-exit.
PR-URL: https://github.com/nodejs/node/pull/12255
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Use the original property descriptor instead of just taking the value,
which would, by default, be non-writable and non-configurable.
PR-URL: https://github.com/nodejs/node/pull/9306
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
This brings the node::MakeCallback and node::AsyncWrap::MakeCallback
implementations into alignment in that they return early if the
nextTickQueue is empty after processing the MicrotaskQueue.
Include test to make sure early return happens. Test has text explaining
the conditions for the test to pass, since it relies on internal
mechanisms that aren't guaranteed in the future.
PR-URL: https://github.com/nodejs/node/pull/10274
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Squashed from:
- child_process: stop indexOf() on whole IPC buffer
- child_process: get rid of forEach() and slice() in IPC
- child_process: get rid of another forEach() in IPC
Fixes: https://github.com/nodejs/node/issues/3145
PR-URL: https://github.com/nodejs/node/pull/10557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Squashed from:
- child_process: fix IPC bench to obey send() ret val
- child_process: fix IPC benchmark message has two more bytes
- child_process: use setImmediate for IPC bench
PR-URL: https://github.com/nodejs/node/pull/10557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Currently test-tls-socket-close will fail if node
was built using --without-ssl. This commit adds a check to
verify is crypto support exists and if not skip this test.
PR-URL: https://github.com/nodejs/node/pull/11911
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
>= 4.8.5 is required because of compiler bugs in earlier versions
PR-URL: https://github.com/nodejs/node/pull/11840
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>