Skip to content

Commit

Permalink
Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
Browse files Browse the repository at this point in the history
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
  • Loading branch information
isaacs committed May 15, 2012
2 parents 01103d0 + f19f980 commit 5164ae3
Show file tree
Hide file tree
Showing 23 changed files with 400 additions and 21 deletions.
29 changes: 29 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,35 @@
* Bug fixes


2012.05.15 Version 0.6.18 (stable), 4bc1d395de6abed2cf1e4d0b7b3a1480a21c368f

* windows: skip GetFileAttributes call when opening a file (Bert Belder)

* crypto: add PKCS12/PFX support (Sambasiva Suda)

* #3240: child_process: delete NODE_CHANNEL_FD from env in spawn (Ben Noordhuis)

* windows: add test for path.normalize with UNC paths (Bert Belder)

* windows: make path.normalize convert all slashes to backslashes (Bert Belder)

* fs: Automatically close FSWatcher on error (Bert Belder)

* #3258: fs.ReadStream.pause() emits duplicate data event (koichik)

* pipe_wrap: don't assert() on pipe accept errors (Ben Noordhuis)

* Better exception output for module load and process.nextTick (Felix Geisendörfer)

* zlib: fix error reporting (Ben Noordhuis)

* http: Don't destroy on timeout (isaacs)

* #3231: http: Don't try to emit error on a null'ed req object (isaacs)

* #3236: http: Refactor ClientRequest.onSocket (isaacs)


2012.05.04 Version 0.6.17 (stable), 4ced23deaf36493f4303a18f6fdce768c58becc0

* Upgrade npm to 1.1.21
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ out/doc/api/%.html: doc/api/%.markdown
out/Release/node tools/doc/generate.js --format=html --template=doc/template.html $< > $@

email.md: ChangeLog tools/email-footer.md
bash tools/changelog-head.sh > $@
bash tools/changelog-head.sh | sed 's|^\* #|* \\#|g' > $@
cat tools/email-footer.md | sed -e 's|__VERSION__|'$(VERSION)'|g' >> $@

blog.html: email.md
Expand Down
8 changes: 4 additions & 4 deletions doc/api/buffer.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ Allocates a new buffer containing the given `str`.

* `string` String - data to be written to buffer
* `offset` Number, Optional, Default: 0
* `length` Number, Optional
* `length` Number, Optional, Default: `buffer.length - offset`
* `encoding` String, Optional, Default: 'utf8'

Writes `string` to the buffer at `offset` using the given encoding.
Expand All @@ -93,7 +93,7 @@ next time `buf.write()` is called.

* `encoding` String, Optional, Default: 'utf8'
* `start` Number, Optional, Default: 0
* `end` Number, Optional
* `end` Number, Optional, Default: `buffer.length`

Decodes and returns a string from buffer data encoded with `encoding`
(defaults to `'utf8'`) beginning at `start` (defaults to `0`) and ending at
Expand Down Expand Up @@ -171,7 +171,7 @@ buffer object. It does not change when the contents of the buffer are changed.
* `targetBuffer` Buffer object - Buffer to copy into
* `targetStart` Number, Optional, Default: 0
* `sourceStart` Number, Optional, Default: 0
* `sourceEnd` Number, Optional, Default: 0
* `sourceEnd` Number, Optional, Default: `buffer.length`

Does copy between buffers. The source and target regions can be overlapped.
`targetStart` and `sourceStart` default to `0`.
Expand All @@ -197,7 +197,7 @@ into `buf2`, starting at the 8th byte in `buf2`.
### buf.slice([start], [end])

* `start` Number, Optional, Default: 0
* `end` Number, Optional, Default: 0
* `end` Number, Optional, Default: `buffer.length`

Returns a new buffer which references the same memory as the old, but offset
and cropped by the `start` (defaults to `0`) and `end` (defaults to
Expand Down
3 changes: 2 additions & 1 deletion doc/api/crypto.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,9 @@ It also offers a set of wrappers for OpenSSL's hash, hmac, cipher, decipher, sig

Creates a credentials object, with the optional details being a dictionary with keys:

* `pfx` : A string or buffer holding the PFX or PKCS12 encoded private key, certificate and CA certificates
* `key` : A string holding the PEM encoded private key
* `passphrase` : A string of passphrase for the private key
* `passphrase` : A string of passphrase for the private key or pfx
* `cert` : A string holding the PEM encoded certificate
* `ca` : Either a string or list of strings of PEM encoded CA certificates to trust.
* `crl` : Either a string or list of strings of PEM encoded CRLs (Certificate Revocation List)
Expand Down
16 changes: 15 additions & 1 deletion doc/api/https.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,19 @@ Example:
res.end("hello world\n");
}).listen(8000);

Or

var https = require('https');
var fs = require('fs');

var options = {
pfx: fs.readFileSync('server.pfx')
};

https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);

## https.request(options, callback)

Expand Down Expand Up @@ -91,8 +104,9 @@ The options argument has the following options
The following options from [tls.connect()](tls.html#tls.connect) can also be
specified. However, a [globalAgent](#https.globalAgent) silently ignores these.

- `pfx`: Certificate, Private key and CA certificates to use for SSL. Default `null`.
- `key`: Private key to use for SSL. Default `null`.
- `passphrase`: A string of passphrase for the private key. Default `null`.
- `passphrase`: A string of passphrase for the private key or pfx. Default `null`.
- `cert`: Public x509 certificate to use. Default `null`.
- `ca`: An authority certificate or array of authority certificates to check
the remote host against.
Expand Down
5 changes: 0 additions & 5 deletions doc/api/stream.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -74,11 +74,6 @@ Resumes the incoming `'data'` events after a `pause()`.

Closes the underlying file descriptor. Stream will not emit any more events.


### stream.destroySoon()

After the write queue is drained, close the file descriptor.

### stream.pipe(destination, [options])

This is a `Stream.prototype` method available on all `Stream`s.
Expand Down
66 changes: 64 additions & 2 deletions doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,17 @@ Alternatively you can send the CSR to a Certificate Authority for signing.
(TODO: docs on creating a CA, for now interested users should just look at
`test/fixtures/keys/Makefile` in the Node source code)

To create .pfx or .p12, do this:

openssl pkcs12 -export -in agent5-cert.pem -inkey agent5-key.pem \
-certfile ca-cert.pem -out agent5.pfx

- `in`: certificate
- `inkey`: private key
- `certfile`: all CA certs concatenated in one file like
`cat ca1-cert.pem ca2-cert.pem > ca-cert.pem`


## Client-initiated renegotiation attack mitigation

<!-- type=misc -->
Expand Down Expand Up @@ -72,10 +83,14 @@ The `connectionListener` argument is automatically set as a listener for the
[secureConnection](#event_secureConnection_) event.
The `options` object has these possibilities:

- `pfx`: A string or `Buffer` containing the private key, certificate and
CA certs of the server in PFX or PKCS12 format. (Mutually exclusive with
the `key`, `cert` and `ca` options.)

- `key`: A string or `Buffer` containing the private key of the server in
PEM format. (Required)

- `passphrase`: A string of passphrase for the private key.
- `passphrase`: A string of passphrase for the private key or pfx.

- `cert`: A string or `Buffer` containing the certificate key of the server in
PEM format. (Required)
Expand Down Expand Up @@ -155,7 +170,29 @@ Here is a simple example echo server:
console.log('server bound');
});

Or

var tls = require('tls');
var fs = require('fs');

var options = {
pfx: fs.readFileSync('server.pfx'),

// This is necessary only if using the client certificate authentication.
requestCert: true,

};

var server = tls.createServer(options, function(cleartextStream) {
console.log('server connected',
cleartextStream.authorized ? 'authorized' : 'unauthorized');
cleartextStream.write("welcome!\n");
cleartextStream.setEncoding('utf8');
cleartextStream.pipe(cleartextStream);
});
server.listen(8000, function() {
console.log('server bound');
});
You can test this server by connecting to it with `openssl s_client`:


Expand All @@ -177,10 +214,13 @@ Creates a new client connection to the given `port` and `host` (old API) or
creating a new socket. If this option is specified, `host` and `port`
are ignored.

- `pfx`: A string or `Buffer` containing the private key, certificate and
CA certs of the server in PFX or PKCS12 format.

- `key`: A string or `Buffer` containing the private key of the client in
PEM format.

- `passphrase`: A string of passphrase for the private key.
- `passphrase`: A string of passphrase for the private key or pfx.

- `cert`: A string or `Buffer` containing the certificate key of the client in
PEM format.
Expand Down Expand Up @@ -233,6 +273,28 @@ Here is an example of a client of echo server as described previously:
server.close();
});

Or

var tls = require('tls');
var fs = require('fs');

var options = {
pfx: fs.readFileSync('client.pfx')
};

var cleartextStream = tls.connect(8000, options, function() {
console.log('client connected',
cleartextStream.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(cleartextStream);
process.stdin.resume();
});
cleartextStream.setEncoding('utf8');
cleartextStream.on('data', function(data) {
console.log(data);
});
cleartextStream.on('end', function() {
server.close();
});

## tls.createSecurePair([credentials], [isServer], [requestCert], [rejectUnauthorized])

Expand Down
8 changes: 8 additions & 0 deletions lib/crypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,14 @@ exports.createCredentials = function(options, context) {
c.context.setSessionIdContext(options.sessionIdContext);
}

if (options.pfx) {
if (options.passphrase) {
c.context.loadPKCS12(options.pfx, options.passphrase);
} else {
c.context.loadPKCS12(options.pfx);
}
}

return c;
};

Expand Down
4 changes: 3 additions & 1 deletion lib/fs.js
Original file line number Diff line number Diff line change
Expand Up @@ -740,6 +740,7 @@ function FSWatcher() {

this._handle.onchange = function(status, event, filename) {
if (status) {
self._handle.close();
self.emit('error', errnoException(errno, 'watch'));
} else {
self.emit('change', event, filename);
Expand Down Expand Up @@ -1286,8 +1287,9 @@ ReadStream.prototype.resume = function() {
this.paused = false;

if (this.buffer) {
this._emitData(this.buffer);
var buffer = this.buffer;
this.buffer = null;
this._emitData(buffer);
}

// hasn't opened yet.
Expand Down
3 changes: 1 addition & 2 deletions lib/http.js
Original file line number Diff line number Diff line change
Expand Up @@ -1315,6 +1315,7 @@ function socketErrorListener(err) {
socket.destroy();
}


function responseOnEnd() {
var req = this.req;
var socket = req.socket;
Expand Down Expand Up @@ -1397,7 +1398,6 @@ function socketOnEnd() {
socket.destroy();
}


function socketOnData(d, start, end) {
var socket = this;
var req = this._httpMessage;
Expand Down Expand Up @@ -1461,7 +1461,6 @@ ClientRequest.prototype.onSocket = function(socket) {

socket._httpMessage = req;


// Setup "drain" propogation.
httpSocketSetup(socket);
socket.ondata = socketOnData;
Expand Down
3 changes: 3 additions & 0 deletions lib/path.js
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,9 @@ if (isWindows) {
tail += '\\';
}

// Convert slashes to backslashes when `device` points to an UNC root.
device = device.replace(/\//g, '\\');

return device + (isAbsolute ? '\\' : '') + tail;
};

Expand Down
2 changes: 2 additions & 0 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -932,6 +932,7 @@ function Server(/* [options], listener */) {
this.setOptions(options);

var sharedCreds = crypto.createCredentials({
pfx : self.pfx,
key: self.key,
passphrase: self.passphrase,
cert: self.cert,
Expand Down Expand Up @@ -1016,6 +1017,7 @@ Server.prototype.setOptions = function(options) {
this.rejectUnauthorized = false;
}

if (options.pfx) this.pfx = options.pfx;
if (options.key) this.key = options.key;
if (options.passphrase) this.passphrase = options.passphrase;
if (options.cert) this.cert = options.cert;
Expand Down
4 changes: 4 additions & 0 deletions src/node.js
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,10 @@
// start parsing data from that stream.
if (process.env.NODE_CHANNEL_FD) {
assert(parseInt(process.env.NODE_CHANNEL_FD) >= 0);

// Make sure it's not accidentally inherited by child processes.
delete process.env.NODE_CHANNEL_FD;

var cp = NativeModule.require('child_process');

// Load tcp_wrap to avoid situation where we might immediately receive
Expand Down
Loading

0 comments on commit 5164ae3

Please sign in to comment.