jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-18 22:53:45 +00:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity
13,162 Commits 67 Branches 878 Tags 2.1 GiB
e9192249c8
Commit Graph

155 Commits

Author SHA1 Message Date
Trevor Norris
f2a78de6ec doc: fix optional parameter parsing 
The parameter parser specifically looked for the old bracket syntax.
This generated a lot of warnings when building the docs. Those warnings
have been fixed by changing the parsing logic.

Signed-off-by: Trevor Norris <trev.norris@gmail.com>
 2014-09-29 16:32:34 -07:00
Trevor Norris
51b6b6844e doc: fix brackets for optional parameters 
Documentation incorrectly used bracket notation for optional parameters.
This caused inconsistencies in usage because of examples like the
following:

    fs.write(fd, data[, position[, encoding]], callback)

This simply fixes all uses of bracket notation in documentation.

Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
 2014-09-25 11:26:15 -07:00
Trevor Livingston
bf5e2f246e tls: checkServerIdentity option 
Allow overriding `checkServerIdentity` function, when connecting to a
TLS server.

Reviewed-By: Fedor Indutny <fedor@indutny.com>
 2014-09-09 17:15:50 +01:00
Fedor Indutny
73631bbcc8 tls: support multiple keys/certs 
Required to serve website with both ECDSA/RSA certificates.
 2014-09-03 17:36:54 +04:00
Shigeki Ohtsu
f6877f37b2 tls: add DHE-RSA-AES128-SHA256 to the def ciphers 
`!EDH` is also removed from the list in the discussion of #8272

Reviewed-By: Fedor Indutny <fedor@indutny.com>
 2014-08-29 00:36:51 +04:00
Shigeki Ohtsu
0dfedb7127 tls, crypto: add DHE support 
In case of an invalid DH parameter file, it is sliently discarded. To
use auto DH parameter in a server and DHE key length check in a
client, we need to wait for the next release of OpenSSL-1.0.2.

Reviewed-By: Fedor Indutny <fedor@indutny.com>
 2014-08-29 00:36:48 +04:00
Kyle Robinson Young
00004160a1 doc: typo fixes on stream, tls and http 
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
 2014-08-12 21:04:41 -07:00
Jackson Tian
e1ce8ba639 net: add remoteFamily for socket 
Signed-off-by: Fedor Indutny <fedor@indutny.com>
 2014-07-23 23:44:57 +04:00
Fedor Indutny
c147e81091
crypto: add honorCipherOrder argument 
Add `honorCipherOrder` argument to `crypto.createCredentials`.

fix #7249
 2014-06-25 14:47:59 +04:00
Fedor Indutny
e50749bb05
doc: document tls.createSecureContext 2014-06-25 14:11:09 +04:00
Farrin Reid
3950024c2f doc: tls: added path property to tls.connect 
In tls.connect a unix socket connection to a path may be made in
recent versions of node by specifying the value for the path
property.

Signed-off-by: Fedor Indutny <fedor@indutny.com>
 2014-04-24 10:14:48 +04:00
Fedor Indutny
345c40b661 tls: getPeerCertificate(detailed) 
Add `raw` property to certificate, add mode to output full certificate
chain.
 2014-04-18 02:21:16 +04:00
Fedor Indutny
b3ef289ffb tls: support OCSP on client and server 2014-04-18 02:21:16 +04:00
Fedor Indutny
de7c0e8c02 Merge branch 'v0.10' 
Conflicts:
	deps/openssl/asm/x64-elf-gas/aes/vpaes-x86_64.s
	deps/openssl/asm/x64-macosx-gas/aes/vpaes-x86_64.s
	deps/openssl/asm/x64-win32-masm/aes/vpaes-x86_64.asm
	deps/openssl/openssl/CHANGES
	deps/openssl/openssl/Makefile
	deps/openssl/openssl/Makefile.org
	deps/openssl/openssl/NEWS
	deps/openssl/openssl/README
	deps/openssl/openssl/crypto/opensslv.h
	deps/openssl/openssl/openssl.spec
	deps/openssl/openssl/ssl/s23_clnt.c
	lib/http.js
	test/simple/test-http-client-readable.js
 2014-04-08 08:55:57 +04:00
Dominic Tarr
cdc093b31f docs: correct tls docs. server -> client 
when a pfx file is passed to tls.connection,
it is the client private key, not the server's private key.
 2014-04-02 15:34:16 +04:00
Goh Yisheng (Andrew)
47bed4828c doc: typo clean up in tls 2014-03-31 07:40:17 -07:00
Fedor Indutny
5d2aef17ee
crypto: move createCredentials to tls 
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.

fix #7249
 2014-03-29 12:01:43 +04:00
Fedor Indutny
75ea11fc08 tls: introduce asynchronous newSession 
fix #7105
 2014-02-18 01:07:09 +04:00
Fedor Indutny
528a3ce3ed tls: more session configuration options, methods 
Introduce `ticketKeys` server option, `session` client option,
`getSession()` and `getTLSTicket()` methods.

fix #7032
 2014-02-05 23:28:34 +04:00
Fedor Indutny
7f9b01509f lib: introduce .setMaxSendFragment(size) 
fix #6889
 2014-01-20 20:39:57 +04:00
Ben Noordhuis
023f0a3122 doc: tls: note that SSLv2 is disabled by default 
As of commit 39aa894, SSLv2 support is disabled by default.  Update
the documentation to reflect that.
 2014-01-20 19:33:18 +04:00
Ben Noordhuis
8c303115f5 doc: tls: clarify server cipher list 
* Make it clear that ECDHE-RSA-AES128-SHA256 and AES128-GCM-SHA256 are
  TLS v1.2 ciphers.

* Note that RC4 is under suspicion.
 2014-01-20 19:33:18 +04:00
Ben Noordhuis
262a752c29 tls: show human-readable error messages 
Before this commit, verification exceptions had err.message set to the
OpenSSL error code (e.g. 'UNABLE_TO_VERIFY_LEAF_SIGNATURE').

This commit moves the error code to err.code and replaces err.message
with a human-readable error.  Example:

    // before
    {
      message: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
    }

    // after
    {
      code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
      message: 'unable to verify the first certificate'
    }

UNABLE_TO_VERIFY_LEAF_SIGNATURE is a good example of why you want this:
the error code suggests that it's the last certificate that fails to
validate while it's actually the first certificate in the chain.

Going by the number of mailing list posts and StackOverflow questions,
it's a source of confusion to many people.
 2014-01-17 18:51:25 +00:00
Lorenz Leutgeb
e1f4f6aa28 doc: Add forward secrecy section to TLS docs 
This fixes confusion connected to comparison of ECDH
with RSA and wrong information on forward secrecy.
 2014-01-05 17:15:08 +04:00
Fedor Indutny
7c3643b767 tls: reintroduce socket.encrypted 
Just a property that is always `true` for TLS sockets.

fix #6735
 2013-12-21 01:03:05 +04:00
Ben Noordhuis
84c03a984a tls: add serialNumber to getPeerCertificate() 
Add a 'serialNumber' property to the object that is returned by
tls.CryptoStream#getPeerCertificate().  Contains the certificate's
serial number encoded as a hex string.  The format is identical to
`openssl x509 -serial -in path/to/certificate`.

Fixes #6583.
 2013-11-26 14:24:37 +01:00
Erik Dubbelboer
bb909ad642 tls: add ECDH ciphers support 
Switch test fixtures to 1024 bit keys.
 2013-10-30 08:34:47 +01:00
Timothy J Fontaine
42af62f33a Merge remote-tracking branch 'upstream/v0.10' 
Conflicts:
	AUTHORS
	ChangeLog
	configure
	deps/uv/ChangeLog
	deps/uv/src/version.c
	lib/tls.js
	src/node_version.h
 2013-09-24 16:49:01 -07:00
Nathan Rajlich
5bda2bed37 doc: fix typos in the tls NPNProtocols option 2013-09-16 13:57:34 -07:00
Nathan Rajlich
afabdf0e15 doc: specify the format of the ca tls option 2013-09-16 13:57:00 -07:00
Fedor Indutny
af76b08666 tls: socket.renegotiate(options, callback) 
This utility function allows renegotiaion of secure connection after
establishing it.

fix #2496
 2013-09-05 18:10:31 +04:00
Fedor Indutny
048e0e77e0 tls: asynchronous SNICallback 
Make ClientHelloParser handle SNI extension, and extend `_tls_wrap.js`
to support loading SNI Context from both hello, and resumed session.

fix #5967
 2013-08-06 16:13:01 +04:00
Ben Noordhuis
b8c04b921b Merge remote-tracking branch 'origin/v0.10' 
Conflicts:
	AUTHORS
	ChangeLog
	deps/uv/ChangeLog
	deps/uv/src/version.c
	deps/uv/src/win/fs.c
	src/node.cc
	src/node_crypto.cc
	src/node_os.cc
	src/node_version.h
 2013-07-30 15:19:48 +02:00
Ben Noordhuis
0de5b831e2 doc: document tls.Server 'secureProtocol' option 2013-07-25 23:21:54 +02:00
Timothy J Fontaine
48c542db52 Merge remote-tracking branch 'upstream/v0.10' 
Conflicts:
	AUTHORS
	ChangeLog
	deps/npm/Makefile
	deps/npm/doc/api/npm-commands.md
	deps/npm/doc/api/npm-deprecate.md
	deps/npm/doc/api/npm-init.md
	deps/npm/doc/api/npm-owner.md
	deps/npm/doc/api/npm-publish.md
	deps/npm/doc/api/npm-run-script.md
	deps/npm/doc/cli/npm-adduser.md
	deps/npm/doc/cli/npm-bin.md
	deps/npm/doc/cli/npm-bugs.md
	deps/npm/doc/cli/npm-build.md
	deps/npm/doc/cli/npm-cache.md
	deps/npm/doc/cli/npm-completion.md
	deps/npm/doc/cli/npm-deprecate.md
	deps/npm/doc/cli/npm-docs.md
	deps/npm/doc/cli/npm-edit.md
	deps/npm/doc/cli/npm-explore.md
	deps/npm/doc/cli/npm-help-search.md
	deps/npm/doc/cli/npm-help.md
	deps/npm/doc/cli/npm-init.md
	deps/npm/doc/cli/npm-install.md
	deps/npm/doc/cli/npm-link.md
	deps/npm/doc/cli/npm-ls.md
	deps/npm/doc/cli/npm-outdated.md
	deps/npm/doc/cli/npm-owner.md
	deps/npm/doc/cli/npm-pack.md
	deps/npm/doc/cli/npm-prefix.md
	deps/npm/doc/cli/npm-prune.md
	deps/npm/doc/cli/npm-publish.md
	deps/npm/doc/cli/npm-restart.md
	deps/npm/doc/cli/npm-rm.md
	deps/npm/doc/cli/npm-root.md
	deps/npm/doc/cli/npm-run-script.md
	deps/npm/doc/cli/npm-search.md
	deps/npm/doc/cli/npm-shrinkwrap.md
	deps/npm/doc/cli/npm-start.md
	deps/npm/doc/cli/npm-stop.md
	deps/npm/doc/cli/npm-submodule.md
	deps/npm/doc/cli/npm-tag.md
	deps/npm/doc/cli/npm-test.md
	deps/npm/doc/cli/npm-uninstall.md
	deps/npm/doc/cli/npm-unpublish.md
	deps/npm/doc/cli/npm-update.md
	deps/npm/doc/cli/npm-version.md
	deps/npm/doc/cli/npm-view.md
	deps/npm/doc/cli/npm-whoami.md
	deps/npm/doc/files/npm-folders.md
	deps/npm/doc/files/package.json.md
	deps/npm/doc/misc/npm-coding-style.md
	deps/npm/doc/misc/npm-config.md
	deps/npm/doc/misc/npm-developers.md
	deps/npm/doc/misc/npm-disputes.md
	deps/npm/doc/misc/npm-faq.md
	deps/npm/doc/misc/npm-registry.md
	deps/npm/doc/misc/npm-scripts.md
	deps/npm/doc/misc/semver.md
	deps/npm/html/doc/README.html
	deps/npm/html/doc/api/npm-bin.html
	deps/npm/html/doc/api/npm-bugs.html
	deps/npm/html/doc/api/npm-commands.html
	deps/npm/html/doc/api/npm-config.html
	deps/npm/html/doc/api/npm-deprecate.html
	deps/npm/html/doc/api/npm-docs.html
	deps/npm/html/doc/api/npm-edit.html
	deps/npm/html/doc/api/npm-explore.html
	deps/npm/html/doc/api/npm-help-search.html
	deps/npm/html/doc/api/npm-init.html
	deps/npm/html/doc/api/npm-install.html
	deps/npm/html/doc/api/npm-link.html
	deps/npm/html/doc/api/npm-load.html
	deps/npm/html/doc/api/npm-ls.html
	deps/npm/html/doc/api/npm-outdated.html
	deps/npm/html/doc/api/npm-owner.html
	deps/npm/html/doc/api/npm-pack.html
	deps/npm/html/doc/api/npm-prefix.html
	deps/npm/html/doc/api/npm-prune.html
	deps/npm/html/doc/api/npm-publish.html
	deps/npm/html/doc/api/npm-rebuild.html
	deps/npm/html/doc/api/npm-restart.html
	deps/npm/html/doc/api/npm-root.html
	deps/npm/html/doc/api/npm-run-script.html
	deps/npm/html/doc/api/npm-search.html
	deps/npm/html/doc/api/npm-shrinkwrap.html
	deps/npm/html/doc/api/npm-start.html
	deps/npm/html/doc/api/npm-stop.html
	deps/npm/html/doc/api/npm-submodule.html
	deps/npm/html/doc/api/npm-tag.html
	deps/npm/html/doc/api/npm-test.html
	deps/npm/html/doc/api/npm-uninstall.html
	deps/npm/html/doc/api/npm-unpublish.html
	deps/npm/html/doc/api/npm-update.html
	deps/npm/html/doc/api/npm-version.html
	deps/npm/html/doc/api/npm-view.html
	deps/npm/html/doc/api/npm-whoami.html
	deps/npm/html/doc/api/npm.html
	deps/npm/html/doc/cli/npm-adduser.html
	deps/npm/html/doc/cli/npm-bin.html
	deps/npm/html/doc/cli/npm-bugs.html
	deps/npm/html/doc/cli/npm-build.html
	deps/npm/html/doc/cli/npm-bundle.html
	deps/npm/html/doc/cli/npm-cache.html
	deps/npm/html/doc/cli/npm-completion.html
	deps/npm/html/doc/cli/npm-config.html
	deps/npm/html/doc/cli/npm-dedupe.html
	deps/npm/html/doc/cli/npm-deprecate.html
	deps/npm/html/doc/cli/npm-docs.html
	deps/npm/html/doc/cli/npm-edit.html
	deps/npm/html/doc/cli/npm-explore.html
	deps/npm/html/doc/cli/npm-help-search.html
	deps/npm/html/doc/cli/npm-help.html
	deps/npm/html/doc/cli/npm-init.html
	deps/npm/html/doc/cli/npm-install.html
	deps/npm/html/doc/cli/npm-link.html
	deps/npm/html/doc/cli/npm-ls.html
	deps/npm/html/doc/cli/npm-outdated.html
	deps/npm/html/doc/cli/npm-owner.html
	deps/npm/html/doc/cli/npm-pack.html
	deps/npm/html/doc/cli/npm-prefix.html
	deps/npm/html/doc/cli/npm-prune.html
	deps/npm/html/doc/cli/npm-publish.html
	deps/npm/html/doc/cli/npm-rebuild.html
	deps/npm/html/doc/cli/npm-restart.html
	deps/npm/html/doc/cli/npm-rm.html
	deps/npm/html/doc/cli/npm-root.html
	deps/npm/html/doc/cli/npm-run-script.html
	deps/npm/html/doc/cli/npm-search.html
	deps/npm/html/doc/cli/npm-shrinkwrap.html
	deps/npm/html/doc/cli/npm-star.html
	deps/npm/html/doc/cli/npm-stars.html
	deps/npm/html/doc/cli/npm-start.html
	deps/npm/html/doc/cli/npm-stop.html
	deps/npm/html/doc/cli/npm-submodule.html
	deps/npm/html/doc/cli/npm-tag.html
	deps/npm/html/doc/cli/npm-test.html
	deps/npm/html/doc/cli/npm-uninstall.html
	deps/npm/html/doc/cli/npm-unpublish.html
	deps/npm/html/doc/cli/npm-update.html
	deps/npm/html/doc/cli/npm-version.html
	deps/npm/html/doc/cli/npm-view.html
	deps/npm/html/doc/cli/npm-whoami.html
	deps/npm/html/doc/cli/npm.html
	deps/npm/html/doc/files/npm-folders.html
	deps/npm/html/doc/files/npm-global.html
	deps/npm/html/doc/files/npm-json.html
	deps/npm/html/doc/files/npmrc.html
	deps/npm/html/doc/files/package.json.html
	deps/npm/html/doc/index.html
	deps/npm/html/doc/misc/npm-coding-style.html
	deps/npm/html/doc/misc/npm-config.html
	deps/npm/html/doc/misc/npm-developers.html
	deps/npm/html/doc/misc/npm-disputes.html
	deps/npm/html/doc/misc/npm-faq.html
	deps/npm/html/doc/misc/npm-index.html
	deps/npm/html/doc/misc/npm-registry.html
	deps/npm/html/doc/misc/npm-scripts.html
	deps/npm/html/doc/misc/removing-npm.html
	deps/npm/html/doc/misc/semver.html
	deps/npm/man/man1/npm-README.1
	deps/npm/man/man1/npm-adduser.1
	deps/npm/man/man1/npm-bin.1
	deps/npm/man/man1/npm-bugs.1
	deps/npm/man/man1/npm-build.1
	deps/npm/man/man1/npm-bundle.1
	deps/npm/man/man1/npm-cache.1
	deps/npm/man/man1/npm-completion.1
	deps/npm/man/man1/npm-dedupe.1
	deps/npm/man/man1/npm-deprecate.1
	deps/npm/man/man1/npm-docs.1
	deps/npm/man/man1/npm-edit.1
	deps/npm/man/man1/npm-explore.1
	deps/npm/man/man1/npm-help-search.1
	deps/npm/man/man1/npm-help.1
	deps/npm/man/man1/npm-init.1
	deps/npm/man/man1/npm-install.1
	deps/npm/man/man1/npm-link.1
	deps/npm/man/man1/npm-ls.1
	deps/npm/man/man1/npm-outdated.1
	deps/npm/man/man1/npm-owner.1
	deps/npm/man/man1/npm-pack.1
	deps/npm/man/man1/npm-prefix.1
	deps/npm/man/man1/npm-prune.1
	deps/npm/man/man1/npm-publish.1
	deps/npm/man/man1/npm-rebuild.1
	deps/npm/man/man1/npm-restart.1
	deps/npm/man/man1/npm-rm.1
	deps/npm/man/man1/npm-root.1
	deps/npm/man/man1/npm-run-script.1
	deps/npm/man/man1/npm-search.1
	deps/npm/man/man1/npm-shrinkwrap.1
	deps/npm/man/man1/npm-star.1
	deps/npm/man/man1/npm-stars.1
	deps/npm/man/man1/npm-start.1
	deps/npm/man/man1/npm-stop.1
	deps/npm/man/man1/npm-submodule.1
	deps/npm/man/man1/npm-tag.1
	deps/npm/man/man1/npm-test.1
	deps/npm/man/man1/npm-uninstall.1
	deps/npm/man/man1/npm-unpublish.1
	deps/npm/man/man1/npm-update.1
	deps/npm/man/man1/npm-version.1
	deps/npm/man/man1/npm-view.1
	deps/npm/man/man1/npm-whoami.1
	deps/npm/man/man1/npm.1
	deps/npm/man/man3/npm-bin.3
	deps/npm/man/man3/npm-bugs.3
	deps/npm/man/man3/npm-commands.3
	deps/npm/man/man3/npm-config.3
	deps/npm/man/man3/npm-deprecate.3
	deps/npm/man/man3/npm-docs.3
	deps/npm/man/man3/npm-edit.3
	deps/npm/man/man3/npm-explore.3
	deps/npm/man/man3/npm-help-search.3
	deps/npm/man/man3/npm-init.3
	deps/npm/man/man3/npm-install.3
	deps/npm/man/man3/npm-link.3
	deps/npm/man/man3/npm-load.3
	deps/npm/man/man3/npm-ls.3
	deps/npm/man/man3/npm-outdated.3
	deps/npm/man/man3/npm-owner.3
	deps/npm/man/man3/npm-pack.3
	deps/npm/man/man3/npm-prefix.3
	deps/npm/man/man3/npm-prune.3
	deps/npm/man/man3/npm-publish.3
	deps/npm/man/man3/npm-rebuild.3
	deps/npm/man/man3/npm-restart.3
	deps/npm/man/man3/npm-root.3
	deps/npm/man/man3/npm-run-script.3
	deps/npm/man/man3/npm-search.3
	deps/npm/man/man3/npm-shrinkwrap.3
	deps/npm/man/man3/npm-start.3
	deps/npm/man/man3/npm-stop.3
	deps/npm/man/man3/npm-submodule.3
	deps/npm/man/man3/npm-tag.3
	deps/npm/man/man3/npm-test.3
	deps/npm/man/man3/npm-uninstall.3
	deps/npm/man/man3/npm-unpublish.3
	deps/npm/man/man3/npm-update.3
	deps/npm/man/man3/npm-version.3
	deps/npm/man/man3/npm-view.3
	deps/npm/man/man3/npm-whoami.3
	deps/npm/man/man3/npm.3
	deps/npm/man/man5/npm-folders.5
	deps/npm/man/man5/npm-global.5
	deps/npm/man/man5/npm-json.5
	deps/npm/man/man7/npm-coding-style.7
	deps/npm/man/man7/npm-config.7
	deps/npm/man/man7/npm-developers.7
	deps/npm/man/man7/npm-disputes.7
	deps/npm/man/man7/npm-faq.7
	deps/npm/man/man7/npm-registry.7
	deps/npm/man/man7/npm-scripts.7
	deps/npm/man/man7/removing-npm.7
	deps/npm/man/man7/semver.7
	deps/npm/package.json
	deps/uv/AUTHORS
	deps/uv/ChangeLog
	deps/uv/src/version.c
	deps/uv/test/test-fs.c
	deps/uv/test/test-list.h
	lib/http.js
	lib/tls.js
	src/node_version.h
 2013-07-12 13:26:56 -07:00
Nathan Rajlich
ed5324687e doc: fix bad markdown parsing in list 2013-07-08 11:25:40 -07:00
Ben Noordhuis
30e7d08d93 Merge remote-tracking branch 'origin/v0.10' 
Conflicts:
	lib/buffer.js
	lib/http.js
	src/node.cc
 2013-07-05 02:40:39 +02:00
Fedor Indutny
07fbb43d78 tls: export TLSSocket 2013-07-03 16:15:31 +04:00
Ben Noordhuis
c1bf89df2e doc: tls: ECDH ciphers are not supported 2013-06-27 01:37:39 +02:00
Fedor Indutny
212e9cd8c9 tls: session API returns 2013-06-17 14:00:26 +02:00
isaacs
0a4260c8c0 doc: Correct TLS deprecation notices 2013-06-16 18:56:00 -07:00
Fedor Indutny
af80e7bc6e tls: introduce TLSSocket based on tls_wrap binding 
Split `tls.js` into `_tls_legacy.js`, containing legacy
`createSecurePair` API, and `_tls_wrap.js` containing new code based on
`tls_wrap` binding.

Remove tests that are no longer useful/valid.
 2013-06-16 09:30:15 +02:00
Ben Noordhuis
28659aba37 Merge remote-tracking branch 'origin/v0.10' 
Conflicts:
	deps/uv/ChangeLog
	deps/uv/src/unix/stream.c
	deps/uv/src/version.c
	lib/tls.js
 2013-05-29 23:12:11 +02:00
Daniel G. Taylor
30cb9fec91 tls: Add secureProtocol docs 
Add `secureProtocol` parameter docs to the tls.connect method.
 2013-05-28 21:40:52 +02:00
Ben Noordhuis
d820b64412 tls: add localAddress and localPort properties 
Add localAddress and localPort properties to tls.CleartextStream.
Like remoteAddress and localPort, delegate to the backing net.Socket
object.

Refs #5502.
 2013-05-20 15:18:50 +02:00
Kyle Robinson Young
889fec3cc8 doc: typo fixes 2013-04-01 18:44:02 +02:00
Manav Rathi
d20576165a tls: expose SSL_CTX_set_timeout via tls.createServer 
Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.

This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.
 2013-03-26 01:37:49 +01:00
Ben Noordhuis
cfd0dca9ae crypto: make getCiphers() return non-SSL ciphers 
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.

Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.

Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
 2013-03-25 18:42:07 +01:00
Andy Burke
595b5974d7 Add bytesWritten to tls.CryptoStream 
This adds a proxy for bytesWritten to the tls.CryptoStream.  This
change makes the connection object more similar between HTTP and
HTTPS requests in an effort to avoid confusion.

See issue #4650 for more background information.
 2013-01-24 16:48:49 -08:00
Fedor Indutny
82f1d340c1 tls: make slab buffer's size configurable 
see #4636
 2013-01-24 08:47:07 -08:00
Ben Noordhuis
5b65638124 tls, https: add tls handshake timeout 
Don't allow connections to stall indefinitely if the SSL/TLS handshake does
not complete.

Adds a new tls.Server and https.Server configuration option, handshakeTimeout.

Fixes #4355.
 2012-12-06 17:39:24 +01:00
Nathan Rajlich
4b238b4c2a Merge remote-tracking branch 'origin/v0.8' 
Conflicts:
	AUTHORS
	ChangeLog
	deps/uv/test/runner-win.c
	doc/api/process.markdown
	lib/repl.js
	src/node_crypto.cc
	src/node_version.h
 2012-10-13 16:16:56 -07:00
Ben Noordhuis
0ad005852c https: fix renegotation attack protection 
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js
 2012-10-09 16:38:00 +02:00
Andreas Madsen
be5a8e24c2 doc: consistent use of the callback argument 2012-10-08 22:58:11 +02:00
Ben Noordhuis
35607f3a2d tls, https: validate server certificate by default 
This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.
 2012-09-15 00:19:06 +02:00
Fedor Indutny
8e0c830cd0 tls: async session storage 2012-09-05 02:01:54 +04:00
Ben Noordhuis
badbd1af27 tls: update default cipher list 
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA
to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
in order to mitigate BEAST attacks.

The documentation suggested AES256-SHA but unfortunately that's a CBC cipher
and therefore susceptible to attacks.

Fixes #3900.
 2012-08-21 22:27:13 +02:00
Ben Kelly
c6185c8484 doc: Improve cross-linking in API docs markdown 
Cross-link EventEmitter references in API docs to events.html

Fix broken cross-reference links with wrong anchor names in API docs.
 2012-06-15 09:44:37 -07:00
isaacs
5164ae3838 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
 2012-05-15 11:37:34 -07:00
ssuda
fb7348ae06 crypto: add PKCS12/PFX support 
Fixes #2845.
 2012-05-14 17:12:59 +02:00
Shigeki Ohtsu
0d13142332 tcp: make getsockname() return address family as string 2012-04-16 18:00:47 +02:00
Shigeki Ohtsu
75face6139 doc: fix TLS cipher names 2012-03-23 17:11:13 +01:00
Shigeki Ohtsu
2cf5f040a5 doc: add cleartextStream.getCipher() in tls 2012-03-23 17:09:50 +01:00
isaacs
1d5b6f26fe Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	Makefile
	deps/npm/AUTHORS
	deps/npm/html/api/bin.html
	deps/npm/html/api/bugs.html
	deps/npm/html/api/commands.html
	deps/npm/html/api/config.html
	deps/npm/html/api/deprecate.html
	deps/npm/html/api/docs.html
	deps/npm/html/api/edit.html
	deps/npm/html/api/explore.html
	deps/npm/html/api/help-search.html
	deps/npm/html/api/init.html
	deps/npm/html/api/install.html
	deps/npm/html/api/link.html
	deps/npm/html/api/load.html
	deps/npm/html/api/ls.html
	deps/npm/html/api/npm.html
	deps/npm/html/api/outdated.html
	deps/npm/html/api/owner.html
	deps/npm/html/api/pack.html
	deps/npm/html/api/prefix.html
	deps/npm/html/api/prune.html
	deps/npm/html/api/publish.html
	deps/npm/html/api/rebuild.html
	deps/npm/html/api/restart.html
	deps/npm/html/api/root.html
	deps/npm/html/api/run-script.html
	deps/npm/html/api/search.html
	deps/npm/html/api/shrinkwrap.html
	deps/npm/html/api/start.html
	deps/npm/html/api/stop.html
	deps/npm/html/api/submodule.html
	deps/npm/html/api/tag.html
	deps/npm/html/api/test.html
	deps/npm/html/api/uninstall.html
	deps/npm/html/api/unpublish.html
	deps/npm/html/api/update.html
	deps/npm/html/api/version.html
	deps/npm/html/api/view.html
	deps/npm/html/api/whoami.html
	deps/npm/html/doc/README.html
	deps/npm/html/doc/adduser.html
	deps/npm/html/doc/bin.html
	deps/npm/html/doc/bugs.html
	deps/npm/html/doc/build.html
	deps/npm/html/doc/bundle.html
	deps/npm/html/doc/cache.html
	deps/npm/html/doc/changelog.html
	deps/npm/html/doc/coding-style.html
	deps/npm/html/doc/completion.html
	deps/npm/html/doc/config.html
	deps/npm/html/doc/deprecate.html
	deps/npm/html/doc/developers.html
	deps/npm/html/doc/disputes.html
	deps/npm/html/doc/docs.html
	deps/npm/html/doc/edit.html
	deps/npm/html/doc/explore.html
	deps/npm/html/doc/faq.html
	deps/npm/html/doc/folders.html
	deps/npm/html/doc/help-search.html
	deps/npm/html/doc/help.html
	deps/npm/html/doc/index.html
	deps/npm/html/doc/init.html
	deps/npm/html/doc/install.html
	deps/npm/html/doc/json.html
	deps/npm/html/doc/link.html
	deps/npm/html/doc/list.html
	deps/npm/html/doc/npm.html
	deps/npm/html/doc/outdated.html
	deps/npm/html/doc/owner.html
	deps/npm/html/doc/pack.html
	deps/npm/html/doc/prefix.html
	deps/npm/html/doc/prune.html
	deps/npm/html/doc/publish.html
	deps/npm/html/doc/rebuild.html
	deps/npm/html/doc/registry.html
	deps/npm/html/doc/removing-npm.html
	deps/npm/html/doc/restart.html
	deps/npm/html/doc/root.html
	deps/npm/html/doc/run-script.html
	deps/npm/html/doc/scripts.html
	deps/npm/html/doc/search.html
	deps/npm/html/doc/semver.html
	deps/npm/html/doc/shrinkwrap.html
	deps/npm/html/doc/star.html
	deps/npm/html/doc/start.html
	deps/npm/html/doc/stop.html
	deps/npm/html/doc/submodule.html
	deps/npm/html/doc/tag.html
	deps/npm/html/doc/test.html
	deps/npm/html/doc/uninstall.html
	deps/npm/html/doc/unpublish.html
	deps/npm/html/doc/update.html
	deps/npm/html/doc/version.html
	deps/npm/html/doc/view.html
	deps/npm/html/doc/whoami.html
	deps/npm/lib/install.js
	deps/npm/lib/ls.js
	deps/npm/man/man1/npm.1
	deps/npm/man/man1/shrinkwrap.1
	deps/npm/man/man3/npm.3
	deps/npm/man/man3/shrinkwrap.3
	deps/npm/node_modules/request/main.js
	deps/npm/node_modules/request/package.json
	deps/npm/package.json
	deps/uv/src/unix/core.c
	deps/v8/src/conversions-inl.h
	deps/v8/src/elements.cc
	deps/v8/src/version.cc
	doc/about/index.html
	doc/api/assert.markdown
	doc/api/child_process.markdown
	doc/api/cluster.markdown
	doc/api/crypto.markdown
	doc/api/debugger.markdown
	doc/api/dgram.markdown
	doc/api/dns.markdown
	doc/api/documentation.markdown
	doc/api/events.markdown
	doc/api/fs.markdown
	doc/api/globals.markdown
	doc/api/http.markdown
	doc/api/https.markdown
	doc/api/modules.markdown
	doc/api/net.markdown
	doc/api/os.markdown
	doc/api/path.markdown
	doc/api/process.markdown
	doc/api/querystring.markdown
	doc/api/readline.markdown
	doc/api/stdio.markdown
	doc/api/stream.markdown
	doc/api/timers.markdown
	doc/api/tls.markdown
	doc/api/tty.markdown
	doc/api/url.markdown
	doc/api/util.markdown
	doc/api/vm.markdown
	doc/api/zlib.markdown
	doc/api_assets/style.css
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	src/node_version.h
	tools/doc/html.js
	tools/gyp/test/mac/app-bundle/empty.c
 2012-03-03 23:38:52 -08:00
isaacs
2d44dcc8be doc: Add stability indicators to documentation 2012-03-03 17:03:52 -08:00
isaacs
7bfa5cf284 s/streams/stream/ 2012-02-29 16:04:55 -08:00
isaacs
c0446edcc2 doc refactor: tls 2012-02-29 16:04:54 -08:00
Blake Miner
7343f8e776 tls: add honorCipherOrder option to tls.createServer() 
Documented how to mitigate BEAST attacks.
 2012-02-29 02:16:08 +01:00
isaacs
f9df88c6da s/streams/stream/ 2012-02-27 11:18:10 -08:00
isaacs
c9b35b9923 doc refactor: tls 2012-02-27 11:14:37 -08:00
koichik
2f5e084147 docs: remove duplicate option of tls.connect() 2012-02-25 23:07:30 +09:00
isaacs
31721da4b1 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	AUTHORS
	ChangeLog
	Makefile
	doc/about/index.html
	doc/api/tls.markdown
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	lib/http.js
	lib/tls.js
	src/node_version.h
	src/platform_win32.cc
	test/simple/test-tls-connect-given-socket.js
 2012-02-18 09:46:58 -08:00
Ben Noordhuis
23c4278e06 docs: fix tls markdown 2012-02-17 23:58:42 +01:00
Ben Noordhuis
3415427dbf tls: mitigate session renegotiation attacks 
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
 2012-02-16 18:15:21 +01:00
koichik
ef50bd2e54 docs: removed unnecessary STARTTLS section 2012-02-17 02:10:59 +09:00
koichik
b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
Ben Noordhuis
8a6576f764 Merge remote-tracking branch 'origin/v0.6' 
Conflicts:
	common.gypi
 2012-02-12 16:12:26 +01:00
Ben Noordhuis
38eec57aef docs: document tls/crypto ciphers option 
Hitherto undocumented option that lets the user select the list of ciphers to
use or exclude in a SSL/TLS session.
 2012-02-09 17:16:46 +01:00
Ryan Dahl
8b28d599a7 Merge remote branch 'origin/v0.6' 
Conflicts:
	Makefile
	configure
	src/node_version.h
 2012-01-09 11:20:22 -08:00
koichik
c1a63a9e90 tls: Allow establishing secure connection on the existing socket 
This is necessary to use SSL over HTTP tunnels.

Refs #2259, #2474.
Fixes #2489.
 2012-01-09 02:31:46 +01:00
Maciej Małecki
0321adbcf4 tls doc: update docs to reflect API change 
Refs #1983.
 2012-01-08 11:13:36 +01:00
koichik
57653added docs: small changes. 2012-01-07 06:44:35 +01:00
Ryan Dahl
f7f8af8420 Merge remote branch 'origin/v0.6' 
Conflicts:
	Makefile
	lib/_debugger.js
 2011-12-21 12:17:23 -08:00
koichik
07c27e040e tls: Fix node swallows openssl error on request 
Fixes #2308.
Fixes #2246.
 2011-12-21 19:48:15 +01:00
koichik
f8c335d0ca tls: enable rejectUnauthorized option to client 
Fiexes #2247.
 2011-12-07 22:47:06 +09:00
kyle@dontkry.com
34f34e4411 docs: fix typo 
Fixes #2193.
 2011-11-27 01:45:27 +09:00
koichik
f53d092a2a tls, https: add passphrase option 
Fixes #1925.
 2011-10-31 17:36:43 +09:00
koichik
cbcaeedba9 tls: add address(), remoteAddress/remotePort 
Fixes #758.
Fixes #1055.
 2011-10-27 00:28:16 +09:00
koichik
00aa8935d7 docs: improvement fs, http and https 2011-10-22 23:40:15 +09:00
koichik
cdec7e3ae5 docs: improvement tls example 2011-10-16 16:50:16 +09:00
koichik
86a67f15a0 docs: add example of tls 2011-10-16 01:26:38 +09:00
koichik
68cc173c6d tls: The TLS API is inconsistent with the TCP API 
Add 'secureConnect' event to tls.CleartextStream.

Fixes #1467.
 2011-10-15 19:27:21 +09:00
koichik
19a855382c tls: requestCert unusable with Firefox and Chrome 
Fixes #1516.
 2011-10-15 00:54:46 +09:00
Logan Smyth
bc0a552a84 docs: Fix merge error in tls docs 
Fixes #1648.
 2011-09-05 00:48:35 +09:00
Ryan Dahl
8320af7ef3 Merge remote branch 'origin/v0.4' 
Conflicts:
	doc/api/tls.markdown
 2011-08-17 13:25:44 -07:00
Fedor Indutny
c0d8311f6b small NPN doc fix 
Fixes #1522.
 2011-08-14 02:51:35 +09:00
koichik
d1a2628499 Doc improvements 
related to #1472.
 2011-08-12 02:00:42 +09:00
Fedor Indutny
942f8b5afb Add NPN and SNI documentation. 
Fixes #1420.
Fixes #1426.
 2011-08-10 09:44:35 -07:00
Ben Noordhuis
54bb53bf32 docs: fix typo in tls API docs 2011-08-07 23:30:03 +02:00
Logan Smyth
3056c2ca76 Add documentation for SecurePair and its 'secure' event. 
Fixes #1443.
 2011-08-06 23:31:17 +09:00