SSLv2 has been deprecated and known broken for nearly twenty years now.
I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.
PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This commit fixes a few grammar issues located
within the doc files for timers and tls.
They primarily include incorrect use of a / an
and a single insertion of a comma.
same as [this PR](https://github.com/joyent/node/pull/8581)
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/76
In `tls.markdown`, there was a misuse of 'a' which has been replaced
with 'an'.
In `timers.markdown`...
line 31: misuse of 'a', replaced with 'an'
line 59: unclear wording, haywire 'a', added new comma
pending tls.TLSSocket growing the ability to work
with streams, createSecurePair will remain.
PR-URL: https://github.com/joyent/node/pull/8695
Reviewed-by: Fedor Indutny <fedor@indutny.com>
The parameter parser specifically looked for the old bracket syntax.
This generated a lot of warnings when building the docs. Those warnings
have been fixed by changing the parsing logic.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Documentation incorrectly used bracket notation for optional parameters.
This caused inconsistencies in usage because of examples like the
following:
fs.write(fd, data[, position[, encoding]], callback)
This simply fixes all uses of bracket notation in documentation.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
In case of an invalid DH parameter file, it is sliently discarded. To
use auto DH parameter in a server and DHE key length check in a
client, we need to wait for the next release of OpenSSL-1.0.2.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
In tls.connect a unix socket connection to a path may be made in
recent versions of node by specifying the value for the path
property.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix#7249
Before this commit, verification exceptions had err.message set to the
OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE').
This commit moves the error code to err.code and replaces err.message
with a human-readable error. Example:
// before
{
message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
// after
{
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
message: 'unable to verify the first certificate'
}
UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this:
the error code suggests that it's the last certificate that fails to
validate while it's actually the first certificate in the chain.
Going by the number of mailing list posts and StackOverflow questions,
it's a source of confusion to many people.
Add a 'serialNumber' property to the object that is returned by
tls.CryptoStream#getPeerCertificate(). Contains the certificate's
serial number encoded as a hex string. The format is identical to
`openssl x509 -serial -in path/to/certificate`.
Fixes#6583.
Split `tls.js` into `_tls_legacy.js`, containing legacy
`createSecurePair` API, and `_tls_wrap.js` containing new code based on
`tls_wrap` binding.
Remove tests that are no longer useful/valid.
Add localAddress and localPort properties to tls.CleartextStream.
Like remoteAddress and localPort, delegate to the backing net.Socket
object.
Refs #5502.
Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.
This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.
Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.
Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.