The --redirect-warnings command line argument allows process warnings
to be written to a specified file rather than printed to stderr.
Also adds an equivalent NODE_REDIRECT_WARNINGS environment variable.
If the specified file cannot be opened or written to for any reason,
the argument is ignored and the warning is printed to stderr.
If the file already exists, it will be appended to.
Backport-PR-URL: https://github.com/nodejs/node/pull/12677
PR-URL: https://github.com/nodejs/node/pull/10116
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Adds support for the PSS padding scheme. Until now, the sign/verify
functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it
impossible to change the padding scheme. Fixed by first computing the
message digest and then signing/verifying with a custom EVP_PKEY_CTX,
allowing us to specify options such as the padding scheme and the PSS
salt length.
Fixes: https://github.com/nodejs/node/issues/1127
PR-URL: https://github.com/nodejs/node/pull/11705
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: https://github.com/nodejs/node/pull/12615
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Ever since e2fcfea46e, `OnReadCommon()` is no longer shared
between more than one function.
PR-URL: https://github.com/nodejs/node/pull/14959
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
While stepping though SetupPromises I noticed that the environments
Isolate is used but not when creating the string "_setupPromises".
Is there a reason for using args.GetIsolate() instead of using the
environments isolate? I see that GetIsolate() is an inline call, but
could there be situations where it returns a different Isolate?
If not perhaps using the local isolate variable would be a litte
clearer.
PR-URL: https://github.com/nodejs/node/pull/14768
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reset the underlying socket of an HTTP stream to be marked as
unconsume after the HTTP parser no longer owns it.
Fixes: https://github.com/nodejs/node/issues/14407
PR-URL: https://github.com/nodejs/node/pull/14410
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Unchecked argument conversion in Parser::Consume crashes node
in an slightly undesirable manner - 'unreachable code' in parser.
Make sure we validate the incoming type at the earliest point.
PR-URL: https://github.com/nodejs/node/pull/12288
Fixes: https://github.com/nodejs/node/issues/12178
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
This is a very very minor change.
PR-URL: https://github.com/nodejs/node/pull/14587
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
It doesn't seem to make much sense to have the mentioned typedef
declaration equipped with NODE_EXTERN. In fact, when compiling with GCC,
an attribute specifier like __attribute__((visibility("default"))) in
such a typedef declaration will cause the following warning message:
warning: ‘visibility’ attribute ignored [-Wattributes]
The issue goes unnoticed because NODE_EXTERN is defined as nothing for
GCC builds, but for correctness it's better to not specify it here at
all.
PR-URL: https://github.com/nodejs/node/pull/14466
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
As indicated by the FIXME comment, this macro guard is no longer needed.
PR-URL: https://github.com/nodejs/node/pull/12638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Currently, node_crypto_bio and node_crypto_clienthello are not in the
crypto namespace but simply in the node namespace. Not sure if this was
intentional or not, but I think it would make sense to move them to be
consistent.
PR-URL: https://github.com/nodejs/node/pull/13957
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13940
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Merge two duplicate `fn_name` into one in NODE_SET_PROTOTYPE_METHOD,
it may improve a bit performance.
PR-URL: https://github.com/nodejs/node/pull/13547
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit attempts to address the TODO regarding not calling
FatalException if the try_catch is verbose.
PR-URL: https://github.com/nodejs/node/pull/12826
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
bootstrap_node.js was directly parsing process.execArgv to see if
internals should be exposed, even though the argv was already parsed by
node. This is unusual and unnecessary, change it to set the option value
from the parser onto the config binding.
Backport-PR-URL: https://github.com/nodejs/node/pull/14483
PR-URL: https://github.com/nodejs/node/pull/12245
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
A few of the CLI option values exposed as properties on the process
object were missing a comment, fix this.
Backport-PR-URL: https://github.com/nodejs/node/pull/14483
PR-URL: https://github.com/nodejs/node/pull/12245
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Fix the bug that you start process without network at first, but it
connected lately, `dns.resolve` will stay failed with ECONNREFUSED
because c-ares servers fallback to 127.0.0.1 at the very beginning.
If c-ares servers "127.0.0.1" is detected and its not set by user self,
and last query is not OK, recreating `ares_channel` operation will be
triggered to reload servers.
Fixes: https://github.com/nodejs/node/issues/1644
Backport-PR-URL: https://github.com/nodejs/node/pull/14434
PR-URL: https://github.com/nodejs/node/pull/13076
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
root_cert_store is defined as extern in node_crypto.h but only used in
node_crypto.cc. It is then set using SSL_CTX_set_cert_store. The only
usages of SSL_CTX_get_cert_store are in node_crypto.cc which would all
be accessing the same X509_STORE through the root_cert_store pointer as
far as I can tell. Am I missing something here?
This commit suggests removing it from the header and making it static
in node_crypto.cc.
PR-URL: https://github.com/nodejs/node/pull/13194
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
root_cert_vector currently has file scope and external linkage, but is
only used in the NewRootCertsStore function. If this is not required to
be externally linked perhaps it can be changed to be static and function
scoped instead.
PR-URL: https://github.com/nodejs/node/pull/12788
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
This fixes a race condition in the watchdog timer used for vm timeouts.
The condition would terminate the main stack's execution instead of the
code running under the sandbox.
Backport-PR-URL: https://github.com/nodejs/node/pull/14373
PR-URL: https://github.com/nodejs/node/pull/13074
Reviewed-By: Anna Henningsen <anna@addaleax.net>
The indentation in one of the if statements blocks is four spaces
instead of two. This commit changes the indentation to two spaces.
PR-URL: https://github.com/nodejs/node/pull/13543
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
The most common way to perfom this check is by using the simple CHECK
macro. This commit suggest making this consistent in favour of the most
commonly used.
PR-URL: https://github.com/nodejs/node/pull/13473
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
VerifyCallback returns 1 in two locations but CHECK_CERT_REVOKED in a
third return statment. This commit suggests that CHECK_OK is used
instead of 1. CHECK_OK is also used as the return value in
CheckWhitelistedServerCert so it seems to be consitent change to make.
PR-URL: https://github.com/nodejs/node/pull/13241
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently it is possible to call TLSWrap() without using new and the
following error message:
FATAL ERROR: v8::Object::SetAlignedPointerInInternalField() Internal
field out of bounds
1: node::Abort()
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
2: node::OnFatalError(char const*, char const*)
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
3: v8::Utils::ReportApiFailure(char const*, char const*)
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
4: v8::Utils::ApiCheck(bool, char const*, char const*)
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
5: v8::InternalFieldOK(v8::internal::Handle<v8::internal::JSReceiver>,
int, char const*)
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
6: v8::Object::SetAlignedPointerInInternalField(int, void*)
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
7: node::TLSWrap::Initialize(v8::Local<v8::Object>,
v8::Local<v8::Value>,
v8::Local<v8::Context>)::$_0::operator()(v8::FunctionCallbackInfo<v8::Value>
const&) const [/Users/danielbevenius/work/nodejs/node/out/Debug/node]
This commit adds a IsConstructCall check which will produce the
following error message:
/Users/danielbevenius/work/nodejs/node/out/Debug/node[2212]:
../src/tls_wrap.cc:936:auto node::TLSWrap::Initialize(Local<v8::Object>,
Local<v8::Value>, Local<v8::Context>)::(anonymous
class)::operator()(const FunctionCallbackInfo<v8::Value> &) const:
Assertion `args.IsConstructCall()' failed.
1: node::Abort()
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
2: node::Assert(char const* const (*) [4])
[/Users/danielbevenius/work/nodejs/node/out/Debug/node]
3: node::TLSWrap::Initialize(v8::Local<v8::Object>,
v8::Local<v8::Value>,
v8::Local<v8::Context>)::$_0::operator()(v8::FunctionCallbackInfo<v8::Value>
const&) const [/Users/danielbevenius/work/nodejs/node/out/Debug/node]
PR-URL: https://github.com/nodejs/node/pull/13097
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
I can't find any usage of Buffer in this file and think the include
can be removed.
PR-URL: https://github.com/nodejs/node/pull/13095
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently the function CryptoPemCallback is used for two things:
1. As a passphrase callback.
2. To avoid the default OpenSSL passphrase routine.
The default OpenSSL passphase routine would apply if both
the callback and the passphrase are null pointers and the typical
behaviour is to prompt for the passphase which is not appropriate in
node.
This commit suggests that the PasswordCallback function only handle
passphrases, and that an additional function named NoPasswordCallback
used for the second case to avoid OpenSSL's passphase routine.
PR-URL: https://github.com/nodejs/node/pull/12827
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.
Certificates added:
- TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
Certificates removed:
- ApplicationCA - Japanese Government
- Microsec e-Szigno Root CA
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- WellsSecure Public Root Certificate Authority
PR-URL: https://github.com/nodejs/node/pull/13279
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.
Certificates added:
- AC RAIZ FNMT-RCM
- Amazon Root CA 1
- Amazon Root CA 2
- Amazon Root CA 3
- Amazon Root CA 4
- Certplus Root CA G1
- Certplus Root CA G2
- Hellenic Academic and Research Institutions ECC RootCA 2015
- Hellenic Academic and Research Institutions RootCA 2015
- ISRG Root X1
- LuxTrust Global Root 2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
Certificates removed:
- Buypass Class 2 CA 1
- EBG Elektronik Sertifika Hizmet Sağlayıcısı
- IGC/A
- Juur-SK
- RSA Security 2048 v3
- Root CA Generalitat Valenciana
PR-URL: https://github.com/nodejs/node/pull/12402
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Having semicolons there runs counter to our documentation and illicits
warnings in pedantic mode. This removes semicolons from after uses of
NODE_MODULE and NODE_MODULE_CONTEXT_AWARE_BUILTIN.
PR-URL: https://github.com/nodejs/node/pull/12919
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
This commit fixes two coverity warnings for unchecked
return values.
Refs: https://github.com/nodejs/node/pull/13050
PR-URL: https://github.com/nodejs/node/pull/13116
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Resolve build warnings on Windows with the following pattern:
warning C4244: '=': conversion from 'int64_t' to 'int32_t',
possible loss of data
PR-URL: https://github.com/nodejs/node/pull/10143
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Turn a `CHECK()` that could be brought to fail using public APIs
into throwing an error.
Fixes: https://github.com/nodejs/node/issues/12152
PR-URL: https://github.com/nodejs/node/pull/12753
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
While reading through node_crypto.cc I think the code could perhaps
be be a made a little clearer if CryptPemCallback was renamed.
I admit that I'm very new to the code base and openssl but having a
name like PasswordCallback or something similar would have helped me
so I'm suggesting this change.
PR-URL: https://github.com/nodejs/node/pull/12787
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Throw `Error`s instead of hard crashing when the `.digest()` output
encoding is UTF-16.
Fixes: https://github.com/nodejs/node/issues/9817
PR-URL: https://github.com/nodejs/node/pull/12752
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Check that invoking a callback on a receiver from a different context
works.
It ran afoul of an `env->context() == isolate->GetCurrentContext()`
assertion so retrieve the environment from the callback context and
the context to enter from the environment's context() method.
We could also have retrieved the environment from the receiver's context
and that would have made little practical difference. It just seemed
more correct to get it from the callback context because that is the
actual execution context.
PR-URL: https://github.com/nodejs/node/pull/9221
Reviewed-By: Anna Henningsen <anna@addaleax.net>
It's only used once at startup in a single place so create the string
in place instead of caching it for the lifetime of the isolate.
PR-URL: https://github.com/nodejs/node/pull/9213
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Functions that call `ECDH::BufferToPoint` were not clearing the
error stack on failure, so an invalid key could leave leftover
error state and cause subsequent (unrelated) signing operations
to fail.
PR-URL: https://github.com/nodejs/node/pull/13275
Backport-PR-URL: https://github.com/nodejs/node/pull/13397
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
James M Snell
Tobias Nießen
Refael Ackermann
Myles Borins
Brian White
Ben Noordhuis
Daniel Bevenius
Anna Henningsen
Gireesh Punathil
Myles Borins
Jiajie Hu
Timothy Gu
XadillaX
Sam Roberts
Marcel Laverdet
Gabriel Schulhof
cjihrig
Christopher J. Brody
Ryan Kelly