Ben Noordhuis
ff552ddbaa
tls: fix off-by-one error in renegotiation check
...
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.
Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
2012-06-18 04:31:40 +02:00
Andreas Madsen
1e0ce5d1bd
domain: the EventEmitter constructor is now always called in nodecore
2012-06-15 09:49:05 -07:00
isaacs
9611354f08
lint
2012-05-15 13:03:43 -07:00
isaacs
5164ae3838
Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
...
Conflicts:
ChangeLog
deps/uv/include/uv-private/uv-unix.h
deps/uv/src/unix/core.c
deps/uv/src/unix/sunos.c
deps/v8/src/runtime.cc
doc/api/crypto.markdown
lib/http.js
src/node_version.h
test/gc/test-http-client-timeout.js
wscript
2012-05-15 11:37:34 -07:00
ssuda
fb7348ae06
crypto: add PKCS12/PFX support
...
Fixes #2845 .
2012-05-14 17:12:59 +02:00
fukayatsu
0f95a93a2c
tls: remove duplicate line
2012-04-16 21:38:26 +02:00
Yosef Dinerstein
d7c96cf289
tls: reduce memory overhead, reuse buffer
...
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
2012-03-29 17:17:15 +02:00
Shigeki Ohtsu
e1199fa335
tls: fix CryptoStream.setKeepAlive()
2012-03-23 00:20:46 +01:00
ssuda
9b672bcaa2
tls: parsing multiple values of a key in ssl certificate
...
Fixes #2864 .
2012-03-10 23:43:16 +09:00
Dmitry Nizovtsev
1e9bcf26ce
net, http, https: add localAddress option
...
Binds to a local address before making the outgoing connection.
2012-03-06 13:35:49 +01:00
isaacs
959a19e118
lint
2012-03-03 23:48:57 -08:00
Jimb Esser
78db18739a
tls: proxy set(Timeout|NoDelay|KeepAlive) methods
...
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
HTTPS requests.
2012-03-03 00:28:43 +01:00
Blake Miner
7343f8e776
tls: add honorCipherOrder option to tls.createServer()
...
Documented how to mitigate BEAST attacks.
2012-02-29 02:16:08 +01:00
Maciej Małecki
da908364a8
tls http https: don't pollute user's options object
2012-02-20 21:58:00 +01:00
isaacs
0cdf85e28d
Lint all the JavaScripts.
2012-02-18 15:34:57 -08:00
isaacs
31721da4b1
Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
...
Conflicts:
AUTHORS
ChangeLog
Makefile
doc/about/index.html
doc/api/tls.markdown
doc/community/index.html
doc/index.html
doc/logos/index.html
doc/template.html
lib/http.js
lib/tls.js
src/node_version.h
src/platform_win32.cc
test/simple/test-tls-connect-given-socket.js
2012-02-18 09:46:58 -08:00
Ben Noordhuis
3415427dbf
tls: mitigate session renegotiation attacks
...
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
2012-02-16 18:15:21 +01:00
koichik
b19b8836c3
tls: Allow establishing secure connection on the existing socket
2012-02-14 11:53:05 -08:00
Ben Noordhuis
e806ad39d0
net, tls, http: remove socket.ondrain
...
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
2012-01-24 15:57:50 +01:00
Fedor Indutny
667aae596c
Merge branch 'v0.6'
...
Conflicts:
ChangeLog
doc/template.html
lib/cluster.js
lib/http.js
lib/tls.js
src/node.h
src/node_version.h
test/simple/test-cluster-kill-workers.js
2012-01-24 00:30:28 +06:00
koichik
534df2f8d2
tls: fix double 'error' events on HTTPS Requests
...
Fixes #2549 .
2012-01-17 17:09:27 +01:00
koichik
c1a63a9e90
tls: Allow establishing secure connection on the existing socket
...
This is necessary to use SSL over HTTP tunnels.
Refs #2259 , #2474 .
Fixes #2489 .
2012-01-09 02:31:46 +01:00
Maciej Małecki
4b4d059791
tls: make tls.connect accept port and host in options
...
Previous API used form:
tls.connect(443, "google.com", options, ...)
now it's replaced with:
tls.connect({port: 443, host: "google.com", ...}, ...)
It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.
Fixes #1983 .
2012-01-08 11:12:56 +01:00
koichik
b962ff35dd
tls: fix test-https-client-reject fails
...
Fixes #2417 .
2011-12-27 17:33:23 +09:00
Ryan Dahl
f7f8af8420
Merge remote branch 'origin/v0.6'
...
Conflicts:
Makefile
lib/_debugger.js
2011-12-21 12:17:23 -08:00
koichik
07c27e040e
tls: Fix node swallows openssl error on request
...
Fixes #2308 .
Fixes #2246 .
2011-12-21 19:48:15 +01:00
Ben Noordhuis
7a7f1062bf
tls: remove duplicate assignment
2011-12-21 15:01:07 +01:00
koichik
f8c335d0ca
tls: enable rejectUnauthorized option to client
...
Fiexes #2247 .
2011-12-07 22:47:06 +09:00
koichik
5451ba3aa8
tls: fix https with fs.openReadStream hangs
...
Fixes #2185 .
Fixes #2198 .
2011-11-27 16:31:45 +09:00
Ben Noordhuis
5e3b0095de
tls: make cipher list configurable
...
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.
Fixes #2066 .
2011-11-17 00:01:41 +01:00
koichik
f53d092a2a
tls, https: add passphrase option
...
Fixes #1925 .
2011-10-31 17:36:43 +09:00
koichik
cbcaeedba9
tls: add address(), remoteAddress/remotePort
...
Fixes #758 .
Fixes #1055 .
2011-10-27 00:28:16 +09:00
koichik
0e8a55d2a2
tls: does not emit 'end' from EncryptedStream
...
de091684cdf9d4Fixes #1936 .
2011-10-27 00:18:29 +09:00
Ryan Dahl
493d3b9f7c
Merge remote branch 'origin/v0.4'
...
Conflicts:
ChangeLog
Makefile
deps/libev/wscript
doc/index.html
doc/template.html
lib/net.js
src/node_version.h
src/platform_cygwin.cc
test/pummel/test-net-write-callbacks.js
test/simple/test-buffer.js
2011-10-21 18:02:30 -07:00
Ryan Dahl
de09168e5a
Emit 'end' from crypto streams on close
...
Fixes test/simple/test-tls-peer-certificate.js on Windows
Patch from bnoordhuis.
See also 75a0cf970f
2011-10-21 13:16:41 -07:00
koichik
68cc173c6d
tls: The TLS API is inconsistent with the TCP API
...
Add 'secureConnect' event to tls.CleartextStream.
Fixes #1467 .
2011-10-15 19:27:21 +09:00
koichik
19a855382c
tls: requestCert unusable with Firefox and Chrome
...
Fixes #1516 .
2011-10-15 00:54:46 +09:00
koichik
4cdf9d4158
tls: Improve TLS flow control
...
Fixes #1775 .
2011-09-30 15:44:45 +09:00
Ben Noordhuis
243c218c7a
tls: remove superfluous setOptions() call
2011-09-19 16:28:22 +02:00
Sean Cunningham
eb99083d0b
tls: add client-side session resumption support
2011-09-07 20:01:14 +02:00
koichik
6f60683802
tls: x509 certificate subject parsing fail
...
Fixes #1568 .
2011-08-31 03:47:23 +09:00
Fedor Indutny
942f8b5afb
Add NPN and SNI documentation.
...
Fixes #1420 .
Fixes #1426 .
2011-08-10 09:44:35 -07:00
Fedor Indutny
9010f5fbab
Add support for TLS SNI
...
Fixes #1411
2011-07-29 16:57:28 -07:00
Robert Mustacchi
de0b8d601c
jslint cleanup: path.js, readline.js, repl.js, tls.js, tty_win32.js, url.js
2011-07-29 11:58:02 -07:00
Ryan Dahl
041c983290
Merge branch 'v0.4'
...
Conflicts:
deps/libev/wscript
doc/api/modules.markdown
2011-07-14 15:52:08 -07:00
Stefan Rusu
901ebed8ff
Fixes #1304 . The Connection instance may be destroyed by abort() when process.nextTick is executed.
2011-07-15 00:32:46 +09:00
Ryan Dahl
59274e8a33
Merge branch 'v0.4'
...
Conflicts:
lib/crypto.js
lib/tls.js
2011-05-20 10:29:16 -07:00
Ryan Dahl
9c7f89bf56
CryptoStream.prototype.readyState shoudn't reference fd
...
Fixes #1069
2011-05-20 10:20:22 -07:00
Fedor Indutny
21724ecaec
Share SSL context between server connections
...
Fixes #1073 .
2011-05-19 14:45:42 -07:00
Ryan Dahl
85bc8d02fa
Merge branch 'v0.4'
...
Conflicts:
src/node_crypto.cc
2011-05-16 19:29:02 -07:00
