Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of
the new format.
Fixes#6013.
The security fix from commit 6b92a713 also back-ported the test case.
Said test case relies on API that is only available in newer versions
of V8 and, as a result, broke the `make native` and `make <arch.mode>`
builds. This commit reverts that part of the back-port. Fixes the
following build error:
../test/cctest/test-api.cc: In function ‘void TestRegress260106()’:
../test/cctest/test-api.cc:17712:34: error: ‘class v8::Context’ has
no member named ‘GetIsolate’
Upstream V8 as of commit v8/v8@4bc70e8 uses a fixed seed of 314159265
for hash tables unless instructed otherwise. Tell V8 to keep using a
random seed.
CONTAINER_OF was introduced a while ago but was not used consistently
everywhere yet. This commit fixes that.
Why CONTAINER_OF instead of container_of? The former makes it crystal
clear that it's a macro, not a function.
Unbreak the build when linking against a shared version of OpenSSL that
doesn't support NPN (Next Protocol Negotiation.)
Fixes the following build error:
../src/node_crypto.cc:140: error: no member function
'AdvertiseNextProtoCallback' declared in
'node::crypto::SSLWrap<node::TLSCallbacks>'
../src/node_crypto.cc:147: error: no member function
'SelectNextProtoCallback' declared in
'node::crypto::SSLWrap<node::TLSCallbacks>'
Otherwise it might get stall (`Peek()` will return zero-length chunk)
in following situation:
1. `Write(kBufferLength)`
2. `Read(kBufferLength)`
3. `Write(anything)`
4. `Peek()` => `len=0`
Otherwise the string triggers an assertion error in node_http_parser.c,
line 370:
assert(Buffer::HasInstance(args[0]) == true);
because the first argument is not a Buffer object.
As discussed on the mailing list: the module will not go away but the
API will continue to receive updates as the need arises.
Link: https://groups.google.com/forum/#!topic/nodejs/uqyTcQfimAI
Message-ID: <7384b30e-b64c-4086-b78f-b5acca9842a9@googlegroups.com>
When socket, passed in `tls.connect()` `options` argument is not yet
connected to the server, `_handle` gets assigned to a `net.Socket`,
instead of `TLSSocket`.
When socket is connecting to the remote server (i.e. not yet connected,
but already past dns resolve phase), derive `_connecting` property from
it, because otherwise `afterConnect()` will throw an assertion.
fix#6443
|i| and |j| arent't used when building without crypto support. Hat tip
to Brian White.
Rename |l| to |k| while we're here because it's quite hard to discern
from |i| or |j| with some fonts.
The domain module has been switched over to use the domain module API as
much as currently possible. There are still some hooks in the
EventEmitter, but hopefully we can remove those in the future.
pbkdf2_req has been renamed to PBKDF2Request and converted to a class.
It now uses AsyncWrap::MakeCallback.
Also includes, using env()->ondone_string() instead of "ondone" and
using malloc instead of new char[].
Since RandomBytesRequest makes a call to MakeCallback, needed it to be
a class so AsyncWrap could handle any async listeners.
Also added a simple test for an issue had during implementation where
the memory was being released and returned.
AsyncListener is a JS API that works in tandem with the AsyncWrap class
to allow the user to be alerted to key events in the life cycle of an
asynchronous event. The AsyncWrap class has its own MakeCallback
implementation that core will be migrated to use, and uses state sharing
techniques to allow quicker communication between JS and C++ whether the
async event callbacks need to be called.
Profiling suggested that on Linux sometimes over 10% of CPU time was
being spent inside the systemtap probe entry points in the binding
layer, even when the process was not actively being traced with the
`stap` tool.
That's why this commit makes it possible to use the *_ENABLED() macros
and bail out early when we're not being traced, reducing the overhead
of unused probes to (almost) zero.
Said macros were already being generated by `dtrace -h` but were not
usable because they rely on external definitions. To remedy that, we
now generate the accompanying object files with `dtrace -G`.
This commit includes a change to libuv that has been landed upstream in
commit joyent/libuv@3c172ea.
When `tls.connect()` is called with `socket` option, it should try to
reuse hostname previously passed to `net.connect()` and only after that
fall back to `'localhost'`.
fix#6409
Currently fs.watch does not have an option to specify if a directory
should be recursively watched for events across all subdirectories.
Several file watcher APIs support this. FSEvents on OS X > 10.5 is
one example. libuv has added support for FSEvents, but fs.watch had
no way to specify that a recursive watch was required.
fs.watch now has an additional boolean option 'recursive'. When set
to true, and when supported, fs.watch will return notifications for
the entire directory tree hierarchy rooted at the specified path.