Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
error. We should figure out how to geenrate platform specific implementation
of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.
This patch is taken from Chromium.
ASN1_STRING_to_UTF8() passes an ASN1_STRING to ASN1_STRING_set() but
forgot to initialize the `length` field.
Fixes the following valgrind error:
$ valgrind -q --track-origins=yes --num-callers=19 \
out/Debug/node test/simple/test-tls-client-abort.js
==2690== Conditional jump or move depends on uninitialised value(s)
==2690== at 0x784B69: ASN1_STRING_set (asn1_lib.c:382)
==2690== by 0x809564: ASN1_mbstring_ncopy (a_mbstr.c:204)
==2690== by 0x8090F0: ASN1_mbstring_copy (a_mbstr.c:86)
==2690== by 0x782F1F: ASN1_STRING_to_UTF8 (a_strex.c:570)
==2690== by 0x78F090: asn1_string_canon (x_name.c:409)
==2690== by 0x78EF17: x509_name_canon (x_name.c:354)
==2690== by 0x78EA7D: x509_name_ex_d2i (x_name.c:210)
==2690== by 0x788058: ASN1_item_ex_d2i (tasn_dec.c:239)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x787C93: ASN1_item_d2i (tasn_dec.c:136)
==2690== by 0x78F5E4: d2i_X509 (x_x509.c:141)
==2690== by 0x7C9B91: PEM_ASN1_read_bio (pem_oth.c:81)
==2690== by 0x7CA506: PEM_read_bio_X509 (pem_x509.c:67)
==2690== by 0x703C9A: node::crypto::SecureContext::AddRootCerts(v8::Arguments const&) (node_crypto.cc:497)
==2690== Uninitialised value was created by a stack allocation
==2690== at 0x782E89: ASN1_STRING_to_UTF8 (a_strex.c:560)
There are many symbolic links under /etc/ssl/certs created by using hash of
the pem certificates in order for OpenSSL to find those certificate.
Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
However the new openssl changed the hash algorithm, Unless you compile/install
the latest openssl library and re-create all related symbolic links, the new
openssl can not find some certificates because the links of those certificates
were created by using old hash algorithm, which causes some tests failed.
This patch gives a way to find a certificate according to its hash by using both
new algorithm and old algorithm.
crbug.com/111045 is used to track this issue.
This patch is taken from the Chromium project.
Enables SSL3+ clients to send application data immediately following the
Finished message even when negotiating full-handshakes. With this patch,
clients can negotiate SSL connections in 1-RTT even when performing
full-handshakes.
This patch is taken from the Android Open Source Project.
SSL records may be as large as 16K, but are typically < 2K. In
addition, a historic bug in Windows allowed records to be as large
32K. OpenSSL statically allocates read and write buffers (34K and
18K respectively) used for processing records.
With this patch, OpenSSL statically allocates 4K + 4K buffers, with
the option of dynamically growing buffers to 34K + 4K, which is a
saving of 44K per connection for the typical case.
This patch is taken from the Android Open Source Project.
Don't execute the callback in the context of the global object.
MakeCallback() tries to apply the active domain to the callback. If the user
polluted the global object with a 'domain' property, as in the code example
below, MakeCallback() will try to apply that.
Example:
domain = {}; // missing var keyword is intentional
crypto.randomBytes(8, cb); // TypeError: undefined is not a function
Fixes#3956.
pthread_t is a pointer type on OS X but an unsigned long on most other
platforms. Use a C style cast because reinterpret_cast nor static_cast
work in all cases.
With this patch the IPC socket is no longer available in the
ChildProcess.stdio array. This shouldn't be very problematic, since
this socket was effectively non-functional; it would never emit any
events.
Throw an exception in the tls.Server constructor when the options object
doesn't contain either a PFX or a key/certificate combo.
Said change exposed a bug in simple/test-tls-junk-closes-server. Addressed.
Fixes#3941.
It takes an optional "expected exception" argument that is not used meaningfully
but is nevertheless documented. Undocument it, it confuses casual readers of the
documentation.
Fixes#3935.
* buffer: Add Buffer.isEncoding(enc) to test for valid encoding values (isaacs)
* Raise UV_ECANCELED on premature close. (Ben Noordhuis)
* Remove c-ares from libuv, move to a top-level node dependency (Bert Belder)
* ref/unref for all HandleWraps, timers, servers, and sockets (Timothy J Fontaine)
* addon: remove node-waf, superseded by node-gyp (Ben Noordhuis)
* child_process: emit error on exec failure (Ben Noordhuis)
* cluster: do not use internal server API (Andreas Madsen)
* constants: add O_DIRECT (Ian Babrou)
* crypto: add sync interface to crypto.pbkdf2() (Ben Noordhuis)
* darwin: emulate fdatasync() (Fedor Indutny)
* dgram: make .bind() always asynchronous (Ben Noordhuis)
* events: Make emitter.listeners() side-effect free (isaacs, Joe Andaverde)
* fs: Throw early on invalid encoding args (isaacs)
* fs: fix naming of truncate/ftruncate functions (isaacs)
* http: bubble up parser errors to ClientRequest (Brian White)
* linux: improve cpuinfo parser on ARM and MIPS (Ben Noordhuis)
* net: add support for IPv6 addresses ending in :: (Josh Erickson)
* net: support Server.listen(Pipe) (Andreas Madsen)
* node: don't scan add-on for "init" symbol (Ben Noordhuis)
* remove process.uvCounters() (Ben Noordhuis)
* repl: console writes to repl rather than process stdio (Nathan Rajlich)
* timers: implement setImmediate (Timothy J Fontaine)
* tls: fix segfault in pummel/test-tls-ci-reneg-attack (Ben Noordhuis)
* tools: Move gyp addon tools to node-gyp (Nathan Rajlich)
* unix: preliminary signal handler support (Ben Noordhuis)
* unix: remove dependency on ev_child (Ben Noordhuis)
* unix: work around darwin bug, don't poll() on pipe (Fedor Indutny)
* util: Formally deprecate util.pump() (Ben Noordhuis)
* windows: make active and closing handle state independent (Bert Belder)
* windows: report spawn errors to the exit callback (Bert Belder)
* windows: signal handling support with uv_signal_t (Bert Belder)