Add `secureContext` option to `tls.connect`. It is useful for caching
client certificates, key, and CA certificates.
PR-URL: https://github.com/nodejs/node/pull/4246
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix node exiting due to an exception being thrown rather than emitting
an `'uncaughtException'` event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an `'uncaughtException'` event listener is set on the process
Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
Finally, change the behavior of --abort-on-uncaught-exception so that,
if the domain within which the error is thrown has no error handler, but
a domain further up the domains stack has one, the process will not
abort.
Fixes#3607 and #3653.
PR: #3654
PR-URL: https://github.com/nodejs/node/pull/3654
Reviewed-By: Chris Dickinson <chris@neversaw.us>
the description of buffer.equals(otherBuffer) was at the wrong
place; move it underneath the method signature
PR-URL: https://github.com/nodejs/node/pull/4227
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
When loading directory instead of file, no error message
is displayed. It's good to display error message for
this scenario.
PR-URL: https://github.com/nodejs/node/pull/4170
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Add Buffer#includes() by wrapping an indexOf and performing a strict
equals check to -1.
The includes method takes the search value, byteOffset, and encoding as
arguments.
The test is a modified version of the indexOf test.
Fixes: https://github.com/nodejs/node/issues/3552
PR-URL: https://github.com/nodejs/node/pull/3567
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
It can happen that the HTTP connection is closed before the server has received
all the requests, thus the server close condition is never reached. To solve
this, close the server when the socket is fully closed.
PR-URL: https://github.com/nodejs/node/pull/4041
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
When sending a very large buffer (400000 bytes) the test fails due to
the client socket from the `a` server erroring with `ECONNRESET`.
There's a race condition between the closing of this socket and the `ssl`
socket closing on the other side of the connection. To improve things,
destroy the socket as soon as possible: in the `end` event of the `dest`
socket.
PR-URL: https://github.com/nodejs/node/pull/4195
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Make sure all the data is read before checking its validity.
Remove `gotHello` variable and just check that the ssl `end` event
is received.
Remove unused variables.
PR-URL: https://github.com/nodejs/node/pull/4195
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Fix module loading of third-party modules in the REPL by inheriting
module.paths from the REPL's parent module.
Commit ee72ee7 ("module,repl: remove repl require() hack") introduced
a regression where require() of modules in node_modules directories
no longer worked in the REPL (and fortunately only in the REPL.)
It turns out we didn't have test coverage for that but we do now.
Fixes: https://github.com/nodejs/node/issues/4208
PR-URL: https://github.com/nodejs/node/pull/4215
Reviewed-By: Roman Reiss <me@silverwind.io>
Some API doc referenced Node.js with "node" or "node.js". This commit
replaces these references.
PR-URL:https://github.com/nodejs/node/pull/4177
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Before this change, configure used processor specific macro defines
(like __ARM_ARCH_6M__) to detect the arm processor version. This
changes configure to use __ARM_ARCH, that should be defined to the
correct version.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/4123
When cross compiling, GYP uses the variables CC_host and CXX_host to
find the host compiler, if they are defined. This ensures that
variable is used, if defined, when detecting the host architecture.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/4117
Notable changes:
* build:
- Add support for Intel's VTune JIT profiling when compiled with
--enable-vtune-profiling. For more information about VTune, see
https://software.intel.com/en-us/node/544211. (Chunyang Dai) #3785.
- Properly enable V8 snapshots by default. Due to a configuration
error, snapshots have been kept off by default when the intention
is for the feature to be enabled. (Fedor Indutny) #3962.
* crypto:
- Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects
(created via crypto.createECDH(curve_name)) with private keys that
are not dynamically generated via generateKeys(). The public key
is now computed when explicitly setting a private key. Added
validity checks to reduce the possibility of computing weak or
invalid shared secrets. Also, deprecated the setPublicKey() method
for ECDH objects as its usage is unnecessary and can lead to
inconsistent state. (Michael Ruddy) #3511.
- Update root certificates from the current list stored maintained
by Mozilla NSS. (Ben Noordhuis) #3951.
- Multiple CA certificates can now be passed with the ca option to
TLS methods as an array of strings or in a single new-line
separated string. (Ben Noordhuis) #4099
* tools: Include a tick processor in core, exposed via the
--prof-process command-line argument which can be used to process V8
profiling output files generated when using the --prof command-line
argument. (Matt Loring) #4021.
PR-URL: https://github.com/nodejs/node/pull/4181
Before this commit you had to pass multiple CA certificates as an array
of strings. For convenience you can now pass them as a single string.
Fixes: https://github.com/nodejs/node/issues/4096
PR-URL: https://github.com/nodejs/node/pull/4099
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Writing `// NOLINT(whitespace/if-one-line)` was not possible because the
directive was not listed in the list of known lint rules. You can now.
PR-URL: https://github.com/nodejs/node/pull/4099
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
remove a bunch of variables and rely on %configure_flags% where
possible, also allow for an external %config_flags% variable to supply
additional arguments to configure to match the behaviour of the Makefile
PR-URL: https://github.com/nodejs/node/pull/3399
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: João Reis <reis@janeasystems.com>
This change cleans up outstanding comments on #3032. It improves error
handling when no isolate file is provided and adds the --prof-process
flag to the node binary which executes the tick processor on the
provided isolate file.
PR-URL: https://github.com/nodejs/node/pull/4021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Rename doNTCallback functions for clarity when profiling, these make
sense internally but the "NT" in particular is a bit obtuse to be
immediately understandable by non-core developers.
PR-URL: https://github.com/nodejs/node/pull/4167
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
These changes simplify using ECDH with private keys that are not
dynamically generated with ECDH.generateKeys.
Support for computing the public key corresponding to the given private
key was added. Validity checks to reduce the possibility of computing
a weak or invalid shared secret were also added.
Finally, ECDH.setPublicKey was softly deprecated.
PR-URL: https://github.com/nodejs/node/pull/3511
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
If not running on Windows it skips the long path tests in:
* test-fs-long-path.js
* test-require-long-path.js
Fixes: https://github.com/nodejs/node/issues/2255
PR-URL: https://github.com/nodejs/node/pull/4116
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
A lot of machines don't upgrade libstdc++.so library for a long time,
but the new version of node requires the latest GLIBCXX.
Using "--fully-static" configurable options may resolve this problem,
but the side effect is that the size of the executable file will be
increased.
Adding "--partly-static" configurable options it will only build
libgcc and libstdc++ libraries into executable file, resolve the
problem and control the size of file.
PR-URL: https://github.com/nodejs/node/pull/4152
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
As it can happen that the HTTP response is received in more than
one TCP chunk.
PR-URL: https://github.com/nodejs/node/pull/3961
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Change url.format's references to slash postfixing to reflect
true behaviour (it only automatically postfixes slashes to the
slashedProtocols when host is present).
Fixes: #3361
PR-URL: https://github.com/nodejs/node/pull/4119
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Check if the worker 'isDead' instead of 'isConnected' as the
'disconnect' event is not guaranteed to be received before the
'exit' event.
Remove the 'net' dependency as it is not used.
PR-URL: https://github.com/nodejs/node/pull/3954
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
The Buffer constructor will generally get inlined, but any call to the Buffer
constructor for a string without encoding will cause an eager deoptimization
of any function that inlined the Buffer constructor. This is due to a an
out-of-bounds read on `arguments[1]`. This change prevents that deopt.
PR-URL: https://github.com/nodejs/node/pull/4158
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
If JS throws an object whose toString() method throws, then Node
attempts to print an empty message, but actually prints garbage.
This commit checks for this case, and prints a message instead.
Fixes: https://github.com/nodejs/node/issues/4079
PR-URL: https://github.com/nodejs/node/pull/4112
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Commit a9c0c65 ("src: define getpid() based on OS") made src/env.cc
use `GetCurrentProcessId()` on Windows for the PID in log messages.
`GetCurrentProcessId()` is also what is used by libuv, OpenSSL and V8.
This commit makes `process.pid` use `GetCurrentProcessId()` instead of
`_getpid()` for consistency.
PR-URL: https://github.com/nodejs/node/pull/4163
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
The modification time of a file is assumed to happen at the
exact time when it was requested. As the utime API specification
delcares that the resolution of the result is 1 second,
relax the constrain to 1 second helps the test case to be
robust and consistent under different load conditions in the system
PR-URL: https://github.com/nodejs/node/pull/3981
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Security Update
Notable items:
* **http**: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against DH, an attack against RSA
and DSA is considered possible but unlikely, EC algorithms are not
affected. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/11