Fedor Indutny
4aa09d1e0e
tls: localhost is valid against identity-check
13 years ago
Fedor Indutny
0cf235410d
tls: localhost is valid against identity-check
13 years ago
Fedor Indutny
eb2ca10462
tls: veryify server's identity
13 years ago
Fedor Indutny
8ba189b8d3
tls: veryify server's identity
13 years ago
isaacs
3ad07ed0b8
lint
13 years ago
Jonas Westerlund
4cfdc57712
Inline timeout function, avoiding declaration in conditional
Moving it out would require an anonymous function, or bind(), anyway.
Luckily It's a tiny function. Fixes crash in strict mode.
13 years ago
Fedor Indutny
f210530f46
tls: use slab allocator
13 years ago
Ben Noordhuis
ff552ddbaa
tls: fix off-by-one error in renegotiation check
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.
Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
13 years ago
Andreas Madsen
1e0ce5d1bd
domain: the EventEmitter constructor is now always called in nodecore
13 years ago
isaacs
9611354f08
lint
13 years ago
ssuda
fb7348ae06
crypto: add PKCS12/PFX support
Fixes #2845 .
13 years ago
fukayatsu
0f95a93a2c
tls: remove duplicate line
13 years ago
Yosef Dinerstein
d7c96cf289
tls: reduce memory overhead, reuse buffer
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
13 years ago
Shigeki Ohtsu
e1199fa335
tls: fix CryptoStream.setKeepAlive()
13 years ago
ssuda
9b672bcaa2
tls: parsing multiple values of a key in ssl certificate
Fixes #2864 .
13 years ago
Dmitry Nizovtsev
1e9bcf26ce
net, http, https: add localAddress option
Binds to a local address before making the outgoing connection.
13 years ago
isaacs
959a19e118
lint
13 years ago
Jimb Esser
78db18739a
tls: proxy set(Timeout|NoDelay|KeepAlive) methods
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
HTTPS requests.
13 years ago
Blake Miner
7343f8e776
tls: add `honorCipherOrder` option to tls.createServer()
Documented how to mitigate BEAST attacks.
13 years ago
Maciej Małecki
da908364a8
tls http https: don't pollute user's `options` object
13 years ago
isaacs
0cdf85e28d
Lint all the JavaScripts.
13 years ago
Ben Noordhuis
3415427dbf
tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
13 years ago
koichik
b19b8836c3
tls: Allow establishing secure connection on the existing socket
13 years ago
Ben Noordhuis
e806ad39d0
net, tls, http: remove socket.ondrain
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
13 years ago
koichik
534df2f8d2
tls: fix double 'error' events on HTTPS Requests
Fixes #2549 .
13 years ago
koichik
c1a63a9e90
tls: Allow establishing secure connection on the existing socket
This is necessary to use SSL over HTTP tunnels.
Refs #2259 , #2474 .
Fixes #2489 .
13 years ago
Maciej Małecki
4b4d059791
tls: make `tls.connect` accept port and host in `options`
Previous API used form:
tls.connect(443, "google.com", options, ...)
now it's replaced with:
tls.connect({port: 443, host: "google.com", ...}, ...)
It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.
Fixes #1983 .
13 years ago
koichik
b962ff35dd
tls: fix test-https-client-reject fails
Fixes #2417 .
13 years ago
koichik
07c27e040e
tls: Fix node swallows openssl error on request
Fixes #2308 .
Fixes #2246 .
13 years ago
Ben Noordhuis
7a7f1062bf
tls: remove duplicate assignment
13 years ago
koichik
f8c335d0ca
tls: enable rejectUnauthorized option to client
Fiexes #2247 .
13 years ago
koichik
5451ba3aa8
tls: fix https with fs.openReadStream hangs
Fixes #2185 .
Fixes #2198 .
13 years ago
Ben Noordhuis
5e3b0095de
tls: make cipher list configurable
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.
Fixes #2066 .
13 years ago
koichik
f53d092a2a
tls, https: add passphrase option
Fixes #1925 .
13 years ago
koichik
cbcaeedba9
tls: add address(), remoteAddress/remotePort
Fixes #758 .
Fixes #1055 .
13 years ago
koichik
0e8a55d2a2
tls: does not emit 'end' from EncryptedStream
de09168
and 4cdf9d4
breaks `test/pummel/test-https-large-response.js`.
It is never finished.
Fixes #1936 .
13 years ago
Ryan Dahl
de09168e5a
Emit 'end' from crypto streams on close
Fixes test/simple/test-tls-peer-certificate.js on Windows
Patch from bnoordhuis.
See also 75a0cf970f
13 years ago
koichik
68cc173c6d
tls: The TLS API is inconsistent with the TCP API
Add 'secureConnect' event to tls.CleartextStream.
Fixes #1467 .
13 years ago
koichik
19a855382c
tls: requestCert unusable with Firefox and Chrome
Fixes #1516 .
13 years ago
koichik
4cdf9d4158
tls: Improve TLS flow control
Fixes #1775 .
13 years ago
Ben Noordhuis
243c218c7a
tls: remove superfluous setOptions() call
13 years ago
Sean Cunningham
eb99083d0b
tls: add client-side session resumption support
14 years ago
koichik
6f60683802
tls: x509 certificate subject parsing fail
Fixes #1568 .
14 years ago
Fedor Indutny
942f8b5afb
Add NPN and SNI documentation.
Fixes #1420 .
Fixes #1426 .
14 years ago
Fedor Indutny
9010f5fbab
Add support for TLS SNI
Fixes #1411
14 years ago
Robert Mustacchi
de0b8d601c
jslint cleanup: path.js, readline.js, repl.js, tls.js, tty_win32.js, url.js
14 years ago
Stefan Rusu
901ebed8ff
Fixes #1304 . The Connection instance may be destroyed by abort() when process.nextTick is executed.
14 years ago
Ryan Dahl
9c7f89bf56
CryptoStream.prototype.readyState shoudn't reference fd
Fixes #1069
14 years ago
Fedor Indutny
21724ecaec
Share SSL context between server connections
Fixes #1073 .
14 years ago
Felix Geisendörfer
1fde5f51b4
Make https 'timeout' events bubble up
Also adds a test case for it.
14 years ago