In closed environments, self-signed or privately signed certificates are
commonly used, and rejected by Node.js since their root CAs are not
well-known. Allow extending the set of well-known compiled-in CAs via
environment, so they can be set as a matter of policy.
PR-URL: https://github.com/nodejs/node/pull/9139
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
__dirname is path.dirname(__filename), but its docs, specifically the
attempt to describe javascript scope in terms of "running" and
"executing" had drifted apart. Rework to describe one as a variation of
the other, move the example, and just describe the names in terms of the
module, and it's local variables rather than the ill defined execution
concepts.
Fix: https://github.com/nodejs/node/issues/5525
PR-URL: https://github.com/nodejs/node/pull/10527
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
This checks to see that clearBuffer appropriately decrements the
correct values in _writableState when clearBuffer is invoked in
end.
Fixes: https://github.com/nodejs/node/issues/8687
PR-URL: https://github.com/nodejs/node/pull/9922
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
- Remove assignment of this to variable.
- Add common.mustCall() as needed.
- Move from var to const.
PR-URL: https://github.com/nodejs/node/pull/10547
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This commit removes assignments of this to a variable in the
tests.
PR-URL: https://github.com/nodejs/node/pull/10548
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
* use const instead of var
* use common.mustCall to control functions execution
* use assert.strictEqual instead of assert.equal
* use arrow functions
PR-URL: https://github.com/nodejs/node/pull/10503
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
child_process.exec*() and child_process.spawn*() (if options.shell is
true) allow trivial arbitrary command execution if code passes
unsanitised user input to it. Add warnings in the docs to make that
clear.
PR-URL: https://github.com/nodejs/node/pull/10466
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
* use const instead of var
* use common.mustCall to control functions execution
* use assert.strictEqual instead of assert.equal
* use arrow functions
PR-URL: https://github.com/nodejs/node/pull/10479
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Collaborators have elevated privileges. The CTC now requires
Collaborator accounts to have two-factor authentication. This changes
wording in the onboarding documentation to make it clear that two-factor
authentication is required and not merely recommended.
PR-URL: https://github.com/nodejs/node/pull/10529
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
* replace `process.on('exit', ...)` checks with `common.mustCall()`
* assert.equal() -> assert.strictEqual()
* provide duration of 1ms to timer without a duration
* remove unused function argument
PR-URL: https://github.com/nodejs/node/pull/10483
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
PR-URL: https://github.com/nodejs/node/pull/10478
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
To ease the use of the AIX binaries, add
/opt/freeware/lib/pthread{/ppc64} into the search path encoded into the
library, so that any version the user has installed from the common
download locations will work out of the box without having to explicitly
set LIBPATH in their environment.
PR-URL: https://github.com/nodejs/node/pull/10128
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
- Change var to const
- Remove dependency crypto
PR-URL: https://github.com/nodejs/node/pull/10033
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/10245
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Current comment described what to do with it when the ABI changes, but
implied that Node.js would load modules with newer ABI numbers, which it
will not.
PR-URL: https://github.com/nodejs/node/pull/10414
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
* use const instead of var
* use assert.strictEqual instead assert.equal
PR-URL https://github.com/nodejs/node/pull/10428
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Remove `setTimeout()` in test and instead rely on `common.mustCall()` on
a `timeout` event handler.
The test was flaky on CI. The flakiness was replicable by running the
test under load. This version, in contrast, is robust under load.
Took the opportunity to do some `var` -> `const` while refactoring.
PR-URL: https://github.com/nodejs/node/pull/10404
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* use let and const instead of var
* use assert.strictEqual instead assert.equal
PR-URL: https://github.com/nodejs/node/pull/10396
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Change a single word in documentation with a more precise one.
Native is a module compiled in machine "native" code.
A module normally written in a compiled language, not in JavaScript.
Core modules form Node's built-in "core" functionalities.
You don't need to install them. They are included in every Node installation
and documented in https://nodejs.org/api/ .
PR-URL: https://github.com/nodejs/node/pull/10324
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Previously, autocompletion of scoped packages was not supported by the
repl due to not including the `@` character in the regular expression.
PR-URL: https://github.com/nodejs/node/pull/10296
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Adds flags that marks WinCtrlCHandlerRoutine as disabled instead of
removing it. Trying to remove the controller from the controller
handle itself leads to deadlock.
PR-URL: https://github.com/nodejs/node/pull/10248
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Adds/mentions:
- Link to glossary
- Commit squashing and CI run
- 48/72 hour wait and PR review feature
- Extra notes section
- "Landed in <sha>" comment
PR-URL: https://github.com/nodejs/node/pull/10202
Ref: https://github.com/nodejs/node/pull/10151
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
This line `pool = null;` isn't needed and has
been around since the first iteration of streams.
I can't find a good reason for it to exist, it's
not more readable, nor does it seem to trick the
compiler into any optimizations.
PR-URL: https://github.com/nodejs/node/pull/10260
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Deleting property in the vm context has no effect
as reported in https://github.com/nodejs/node/issues/6287
The test is moved to the known_issues and will be fixed
with the 5.5 V8 API changes.
PR-URL: https://github.com/nodejs/node/pull/10272
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
warning: format ‘%lx’ expects argument of type ‘long
unsigned int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
BIO_printf(bio, "0x%lx", exponent_word);
PR-URL: https://github.com/nodejs/node/pull/10082
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Added duration to setTimeout and removed extraneous callback args,
as per Rich Trott's instructions
PR-URL: https://github.com/nodejs/node/pull/10291
Reviewed-By: Italo A. Casas <me@italoacasas.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
file: test/parallel/test-domain-uncaught-exception.js
1. There are three setTimeout() in the file and they do not specify a
duration (the second argument), so I change them to setImmediate()
instead.
2. There are four callbacks that take an argument called `err` but that
argument is never used, so I removed them.
PR-URL: https://github.com/nodejs/node/pull/10193
Reviewed-By: Sam Roberts <sam@strongloop.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Fix the fast path for `buffer.fill()` with a single-character string.
The fast path only works for strings that are equivalent to a
single-byte buffer, but that condition was not checked properly
for the `utf8` or `utf16le` encodings and is always true for the
`latin1` encoding.
This change fixes these problems.
Fixes: https://github.com/nodejs/node/issues/9836
PR-URL: https://github.com/nodejs/node/pull/9837
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
There was a byte-order mismatch for `buffer#fill` on big-endian
platforms. Weirdly, the tests seemed to expect that wrong behaviour.
PR-URL: https://github.com/nodejs/node/pull/9837
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Instead of ignoring missing `.out` files for message/pseudo-tty tests,
raise an error to indicate that something is not quite right.
Ref: https://github.com/nodejs/node/pull/10037
PR-URL: https://github.com/nodejs/node/pull/10150
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Add a hostPattern variable for readable purposes
PR-URL: https://github.com/nodejs/node/pull/9653
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
After processing all the callbacks in the destroy_ids vector make sure
to clear() it otherwise the DestroyIdsCb() won't run again.
PR-URL: https://github.com/nodejs/node/pull/10400
Fixes: b49b496 "async_wrap: call destroy() callback in uv_idle_t"
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Fix leaking the BIO in the error path. Introduced in commit 34febfbf4
("crypto: fix handling of root_cert_store").
PR-URL: https://github.com/nodejs/node/pull/9604
Refs: https://github.com/nodejs/node/pull/9409
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
SecureContext::AddRootCerts only parses the root certificates once and
keeps the result in root_cert_store, a global X509_STORE. This change
addresses the following issues:
1. SecureContext::AddCACert would add certificates to whatever
X509_STORE was being used, even if that happened to be root_cert_store.
Thus adding a CA certificate to a SecureContext would also cause it to
be included in unrelated SecureContexts.
2. AddCRL would crash if neither AddRootCerts nor AddCACert had been
called first.
3. Calling AddCACert without calling AddRootCerts first, and with an
input that didn't contain any certificates, would leak an X509_STORE.
4. AddCRL would add the CRL to whatever X509_STORE was being used. Thus,
like AddCACert, unrelated SecureContext objects could be affected.
The following, non-obvious behaviour remains: calling AddRootCerts
doesn't /add/ them, rather it sets the CA certs to be the root set and
overrides any previous CA certificates.
Points 1–3 are probably unimportant because the SecureContext is
typically configured by `createSecureContext` in `lib/_tls_common.js`.
This function either calls AddCACert or AddRootCerts and only calls
AddCRL after setting up CA certificates. Point four could still apply in
the unlikely case that someone configures a CRL without explicitly
configuring the CAs.
PR-URL: https://github.com/nodejs/node/pull/9409
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>