lukechilds/node - node - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Farrin Reid	3950024c2f	doc: tls: added path property to tls.connect In tls.connect a unix socket connection to a path may be made in recent versions of node by specifying the value for the path property. Signed-off-by: Fedor Indutny <fedor@indutny.com>	12 years ago
Fedor Indutny	345c40b661	tls: `getPeerCertificate(detailed)` Add `raw` property to certificate, add mode to output full certificate chain.	11 years ago
Fedor Indutny	b3ef289ffb	tls: support OCSP on client and server	11 years ago
Dominic Tarr	cdc093b31f	docs: correct tls docs. server -> client when a pfx file is passed to tls.connection, it is the client private key, not the server's private key.	11 years ago
Goh Yisheng (Andrew)	47bed4828c	doc: typo clean up in tls	11 years ago
Fedor Indutny	5d2aef17ee	crypto: move `createCredentials` to tls Move `createCredentials` to `tls` module and rename it to `createSecureContext`. Make it use default values from `tls` module: `DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`. fix #7249	11 years ago
Fedor Indutny	75ea11fc08	tls: introduce asynchronous `newSession` fix #7105	11 years ago
Fedor Indutny	528a3ce3ed	tls: more session configuration options, methods Introduce `ticketKeys` server option, `session` client option, `getSession()` and `getTLSTicket()` methods. fix #7032	11 years ago
Fedor Indutny	7f9b01509f	lib: introduce `.setMaxSendFragment(size)` fix #6889	11 years ago
Ben Noordhuis	023f0a3122	doc: tls: note that SSLv2 is disabled by default As of commit `39aa894`, SSLv2 support is disabled by default. Update the documentation to reflect that.	11 years ago
Ben Noordhuis	8c303115f5	doc: tls: clarify server cipher list * Make it clear that ECDHE-RSA-AES128-SHA256 and AES128-GCM-SHA256 are TLS v1.2 ciphers. * Note that RC4 is under suspicion.	11 years ago
Ben Noordhuis	262a752c29	tls: show human-readable error messages Before this commit, verification exceptions had err.message set to the OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'). This commit moves the error code to err.code and replaces err.message with a human-readable error. Example: // before { message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } // after { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', message: 'unable to verify the first certificate' } UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this: the error code suggests that it's the last certificate that fails to validate while it's actually the first certificate in the chain. Going by the number of mailing list posts and StackOverflow questions, it's a source of confusion to many people.	11 years ago
Lorenz Leutgeb	e1f4f6aa28	doc: Add forward secrecy section to TLS docs This fixes confusion connected to comparison of ECDH with RSA and wrong information on forward secrecy.	11 years ago
Fedor Indutny	7c3643b767	tls: reintroduce socket.encrypted Just a property that is always `true` for TLS sockets. fix #6735	11 years ago
Ben Noordhuis	84c03a984a	tls: add serialNumber to getPeerCertificate() Add a 'serialNumber' property to the object that is returned by tls.CryptoStream#getPeerCertificate(). Contains the certificate's serial number encoded as a hex string. The format is identical to `openssl x509 -serial -in path/to/certificate`. Fixes #6583.	11 years ago
Erik Dubbelboer	bb909ad642	tls: add ECDH ciphers support Switch test fixtures to 1024 bit keys.	11 years ago
Nathan Rajlich	5bda2bed37	doc: fix typos in the tls `NPNProtocols` option	11 years ago
Nathan Rajlich	afabdf0e15	doc: specify the format of the `ca` tls option	11 years ago
Fedor Indutny	af76b08666	tls: socket.renegotiate(options, callback) This utility function allows renegotiaion of secure connection after establishing it. fix #2496	12 years ago
Fedor Indutny	048e0e77e0	tls: asynchronous SNICallback Make ClientHelloParser handle SNI extension, and extend `_tls_wrap.js` to support loading SNI Context from both hello, and resumed session. fix #5967	12 years ago
Ben Noordhuis	0de5b831e2	doc: document tls.Server 'secureProtocol' option	12 years ago
Nathan Rajlich	ed5324687e	doc: fix bad markdown parsing in list	12 years ago
Fedor Indutny	07fbb43d78	tls: export TLSSocket	12 years ago
Ben Noordhuis	c1bf89df2e	doc: tls: ECDH ciphers are not supported	12 years ago
Fedor Indutny	212e9cd8c9	tls: session API returns	12 years ago
isaacs	0a4260c8c0	doc: Correct TLS deprecation notices	12 years ago
Fedor Indutny	af80e7bc6e	tls: introduce TLSSocket based on tls_wrap binding Split `tls.js` into `_tls_legacy.js`, containing legacy `createSecurePair` API, and `_tls_wrap.js` containing new code based on `tls_wrap` binding. Remove tests that are no longer useful/valid.	12 years ago
Daniel G. Taylor	30cb9fec91	tls: Add `secureProtocol` docs Add `secureProtocol` parameter docs to the tls.connect method.	12 years ago
Ben Noordhuis	d820b64412	tls: add localAddress and localPort properties Add localAddress and localPort properties to tls.CleartextStream. Like remoteAddress and localPort, delegate to the backing net.Socket object. Refs #5502.	12 years ago
Kyle Robinson Young	889fec3cc8	doc: typo fixes	12 years ago
Manav Rathi	d20576165a	tls: expose SSL_CTX_set_timeout via tls.createServer Add the `sessionTimeout` integral value to the list of options recognized by `tls.createServer`. This option will be useful for applications which need frequently establish short-lived TLS connections to the same endpoint. The TLS tickets RFC is an ideal option to reduce the socket setup overhead for such scenarios, but the default ticket timeout value (5 minutes) is too low to be useful.	12 years ago
Ben Noordhuis	cfd0dca9ae	crypto: make getCiphers() return non-SSL ciphers Commit `f53441a` added crypto.getCiphers() as a function that returns the names of SSL ciphers. Commit `14a6c4e` then added crypto.getHashes(), which returns the names of digest algorithms, but that creates a subtle inconsistency: the return values of crypto.getHashes() are valid arguments to crypto.createHash() but that is not true for crypto.getCiphers() - the returned values are only valid for SSL/TLS functions. Rectify that by adding tls.getCiphers() and making crypto.getCiphers() return proper cipher names.	12 years ago
Andy Burke	595b5974d7	Add bytesWritten to tls.CryptoStream This adds a proxy for bytesWritten to the tls.CryptoStream. This change makes the connection object more similar between HTTP and HTTPS requests in an effort to avoid confusion. See issue #4650 for more background information.	12 years ago
Fedor Indutny	82f1d340c1	tls: make slab buffer's size configurable see #4636	12 years ago
Ben Noordhuis	5b65638124	tls, https: add tls handshake timeout Don't allow connections to stall indefinitely if the SSL/TLS handshake does not complete. Adds a new tls.Server and https.Server configuration option, handshakeTimeout. Fixes #4355.	12 years ago
Ben Noordhuis	0ad005852c	https: fix renegotation attack protection Listen for the 'clientError' event that is emitted when a renegotation attack is detected and close the connection. Fixes test/pummel/test-https-ci-reneg-attack.js	12 years ago
Andreas Madsen	be5a8e24c2	doc: consistent use of the callback argument	12 years ago
Ben Noordhuis	35607f3a2d	tls, https: validate server certificate by default This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949.	13 years ago
Fedor Indutny	8e0c830cd0	tls: async session storage	13 years ago
Ben Noordhuis	badbd1af27	tls: update default cipher list Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH in order to mitigate BEAST attacks. The documentation suggested AES256-SHA but unfortunately that's a CBC cipher and therefore susceptible to attacks. Fixes #3900.	13 years ago
Ben Kelly	c6185c8484	doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs.	13 years ago
ssuda	fb7348ae06	crypto: add PKCS12/PFX support Fixes #2845.	13 years ago
Shigeki Ohtsu	0d13142332	tcp: make getsockname() return address family as string	13 years ago
Shigeki Ohtsu	75face6139	doc: fix TLS cipher names	13 years ago
Shigeki Ohtsu	2cf5f040a5	doc: add cleartextStream.getCipher() in tls	13 years ago
isaacs	2d44dcc8be	doc: Add stability indicators to documentation	13 years ago
isaacs	7bfa5cf284	s/streams/stream/	13 years ago
isaacs	c0446edcc2	doc refactor: tls	13 years ago
Blake Miner	7343f8e776	tls: add `honorCipherOrder` option to tls.createServer() Documented how to mitigate BEAST attacks.	13 years ago
isaacs	f9df88c6da	s/streams/stream/	13 years ago

1 2

95 Commits (fcbffa71d030e48a10e29e35d973e40d0418fda0)