Skip to content
Snippets Groups Projects
  1. Oct 23, 2014
    • Julien Gilli's avatar
      tests: add TLS tests matrix · 8d045a30
      Julien Gilli authored
      Add a test that goes through the whole matrix of:
      - command line options (--enable-ssl*)
      - secureOptions
      - secureProtocols
      
      and makes sure that compatible test setups actually work as expected.
      
      The test works by spawning two processes for each test case: one client
      and one server. The test passes if a SSL/TLS connection from the client
      to the server is successful and the test case was supposed to pass, or
      if the connection couldn't be established and the test case was supposed
      to fail.
      
      The test is currently located in the directory 'test/external' because
      it has external dependencies.
      v0.10.33
      8d045a30
    • Timothy J Fontaine's avatar
      tls: enforce secureOptions on incoming clients · 69080f54
      Timothy J Fontaine authored
      Reuse the secureProtocol and secureOptions of the server when creating
      the secure context for incoming clients.
      69080f54
    • Timothy J Fontaine's avatar
      tls: honorCipherOrder should not degrade defaults · b9283cf9
      Timothy J Fontaine authored
      Specifying honorCipherOrder should not change the SSLv2/SSLv3 defaults
      for a TLS server.
      
      Use secureOptions logic in both lib/tls.js and lib/crypto.js
      b9283cf9
  2. Oct 21, 2014
    • Timothy J Fontaine's avatar
      2014.10.20, Version 0.10.33 (Stable) · fe2e8a4a
      Timothy J Fontaine authored
      * openssl: Update to 1.0.1j (Addressing multiple CVEs)
      
      * uv: Update to v0.10.29
      
      * child_process: properly support optional args (cjihrig)
      
      * crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
      Timothy J Fontaine, Alexis Campailla)
      
      This is a behavior change, by default we will not allow the negotiation to
      SSLv2 or SSLv3. If you want this behavior, run Node.js with either
      `--enable-ssl2` or `--enable-ssl3` respectively.
      
      This does not change the behavior for users specifically requesting
      `SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
      assumed you know what you're doing since you're specifically asking to use
      these methods.
      fe2e8a4a
  3. Oct 20, 2014
  4. Oct 17, 2014
  5. Oct 16, 2014
  6. Oct 15, 2014
  7. Oct 13, 2014
  8. Sep 26, 2014
  9. Sep 23, 2014
  10. Sep 17, 2014
  11. Sep 16, 2014
  12. Sep 15, 2014
  13. Sep 03, 2014
  14. Sep 02, 2014
    • Julien Gilli's avatar
      tests: add test for non-integer delay timers. · 8e60b452
      Julien Gilli authored
      
      PR #8034 came with a test to make sure that timers expiry is based on
      monotonic time and not on wall-clock time. However, a bug in the
      implementation broke timers with non-integer delays. A fix for this
      issue was provided with PR #8073, but it didn't come with a test.
      
      Because #8073 fixed a subtle issue that could reappear in the future,
      and because the impact of such an issue would be significant, I suggest
      adding this test.
      
      The test would timeout after 1 minute if the issue was reproduced.
      Otherwise it will run very quickly.
      
      Reviewed-By: default avatarFedor Indutny <fedor@indutny.com>
      8e60b452
  15. Aug 27, 2014
    • Mathias Bynens's avatar
      url: Add support for RFC 3490 separators · b869797a
      Mathias Bynens authored
      
      There is no need to split the host by hand in `url.js` – Punycode.js
      takes care of it anyway. This not only simplifies the code, but also
      adds support for RFC 3490 separators (i.e. not just U+002E, but U+3002,
      U+FF0E, and U+FF61 as well).
      
      Closes #6055.
      
      Reviewed-By: default avatarFedor Indutny <fedor@indutny.com>
      b869797a
    • Tristan Berger's avatar
      querystring: fix unescape override · 0f295619
      Tristan Berger authored
      
      Documentation states that `querystring.unescape` may be overridden to
      replace unescaper during parsing. However, the function was only
      being used as a fallback for when the native decoder throws (on a
      malformed URL). This patch moves the call to the native function and
      the try/catch around it into querystring.unescape then has the parser
      always invoke it, so that an override will always be used.
      
      Fixes #4055
      
      Reviewed-By: default avatarFedor Indutny <fedor@indutny.com>
      0f295619
  16. Aug 26, 2014
  17. Aug 22, 2014
    • Fedor Indutny's avatar
      deps: fix up v8 after fd80a3 · 3122e0ea
      Fedor Indutny authored
      fd80a31e has introduced a segfault
      during redundant boundary check elimination (#8208).
      
      The problem consists of two parts:
      
        1. Abscense of instruction iterator in
           `EliminateRedundantBoundsChecks`. It was present in recent v8, but
           wasn't considered important at the time of backport. However, since
           the function is changing instructions order in block, it is
           important to not rely at `i->next()` at the end of the loop.
        2. Too strict ASSERT in `MoveIndexIfNecessary`. It is essentially a
           backport of a45c96ab from v8's upstream. See
           https://github.com/v8/v8/commit/a45c96ab for details.
      
      fix #8208
      3122e0ea
Loading