This commit sets the OpenSSL error mark before calling
X509_STORE_load_locations and pops the error mark afterwards.
The motivation for this is that it is possible that
X509_STORE_load_locations can produce errors if the configuration
option --openssl-system-ca-path file does not exist. Later if a
different function is called which calls an OpenSSL function it could
fail because these errors might still be on the OpenSSL error stack.
Currently, all functions that call NewRootCertStore clear the
OpenSSL error queue upon returning, but this was not the case for
example in v12.18.0.
PR-URL: https://github.com/nodejs/node/pull/35514
Fixes: https://github.com/nodejs/node/issues/35456
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
SSLWrap was needlessly defined as a template class, splitting the
TLS implementation over multiple locations. The original idea, I
surmise, was to make it possible to reuse SSLWrap for some other
purpose that never manifest. This squashes them down into a single
TLSWrap class and moves tls_wrap.h/cc into src/crypto.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/35552
Reviewed-By: Alba Mendez <me@alba.sh>
Provide helpers for a) spinning the event loop and
b) setting up and tearing down the objects involved in a single
Node.js instance, as they would typically be used.
The former helper is also usable inside Node.js itself,
for both Worker and main threads.
PR-URL: https://github.com/nodejs/node/pull/35597
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
`net.BlockList` provides an object intended to be used by net APIs to
specify rules for disallowing network activity with specific IP
addresses. This commit adds the basic mechanism but does not add the
specific uses.
PR-URL: https://github.com/nodejs/node/pull/34625
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Bradley Farias <bradley.meck@gmail.com>
Add an ExternalReferenceRegistry class for registering static
external references.
To register the external JS to C++ references created in a binding
(e.g. when a FunctionTemplate is created):
- Add the binding name (same as the id used for `internalBinding()`
and `NODE_MODULE_CONTEXT_AWARE_INTERNAL`) to
`EXTERNAL_REFERENCE_BINDING_LIST` in `src/node_external_reference.h`.
- In the file where the binding is implemented, create a registration
function to register the static C++ references (e.g. the C++
functions in `v8::FunctionCallback` associated with the function
templates), like this:
```c++
void RegisterExternalReferences(
ExternalReferenceRegistry* registry) {
registry->Register(cpp_func_1);
}
```
- At the end of the file where `NODE_MODULE_CONTEXT_AWARE_INTERNAL` is
also usually called, register the registration function with
```
NODE_MODULE_EXTERNAL_REFERENCE(binding_name,
RegisterExternalReferences);
```
PR-URL: https://github.com/nodejs/node/pull/32984
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Consolidate uv_timer_t boilerplate code into a shared utility.
There are several places throughout the code where we use uv_timer_t
internally (inspector, perf, quic), with some code duplication.
This eliminates the duplicated code, ensures that cleanup occurs
correctly, and simplifies use of the timers.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/34186
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Move the promisified timers implementations into a new sub-module
to avoid the need to promisify. The promisified versions now return
the timers/promises versions.
Also adds `ref` option to the promisified versions
```js
const {
setTimeout,
setImmediate
} = require('timers/promises');
setTimeout(10, null, { ref: false })
.then(console.log);
setImmediate(null, { ref: false })
.then(console.log);
```
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/33950
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Extracted from the QUIC PR. This adds a utility used to
deterministically test UDP traffic. It is currently only
used by the experimental QUIC implementation. Separated
out on request to make review easier.
PR-URL: https://github.com/nodejs/node/pull/33380
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Enable JS wrapper objects to be used as transferable or cloneable
objects in `postMessage()` calls, by having them extend a C++-backed
class.
This requires a few internal changes:
- This commit adds the possibility for transferred objects to
read/write JS values at the end of the serialization/deserialization
phases.
- This commit adds the possibility for transferred objects to list
sub-transferables, e.g. typically the public JS wrapper class
would list its C++ handle in there.
- This commit adds usage of `BaseObject` in a few more places, because
now during deserialization weakly held objects can also be involved,
in addition to `MessagePort`s.
PR-URL: https://github.com/nodejs/node/pull/33772
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
This commit adds a configuration option named
openssl-default-cipher-list which takes a colon separated string
specifying ciphers that should be used as the default ciphers instead of
the ones defined in node_constants.
The motivation for this is a use case where Fedora/RHEL would like
to be able to specify a default cipher in the format PROFILE=SYSTEM.
This would enable Fedora/RHEL to have a system wide security level for
all applications.
PR-URL: https://github.com/nodejs/node/pull/33708
Refs: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
This commit adds a configuration time flag named error-on-warn:
$ ./configure --help | grep -A1 error-on-warn
--error-on-warn Turn compiler warnings into errors for node core
sources.
The motivation for this is that CI jobs can use this flag to turn
warnings into errors.
PR-URL: https://github.com/nodejs/node/pull/32685
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
For http2 (and eventually QUIC) we have a struct that is backed
by a v8::BackingStore and exposed to the JavaScript side as an
ArrayBuffer and TypedArray. This is similar to AliasedBuffer
except that it is fronted by a struct on the C++ side.
```c++
struct foo {
uint32_t ex1;
uint32_t ex2;
};
AliasedStruct<foo> foo_;
foo_->ex1 = 1;
foo_->ex2 = 2;
foo_.GetArrayBuffer();
```
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/32778
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
The nghttp2 and nghttp3 (used in the QUIC implementation) share nearly
identical structs for header handling. However, they differ enough that
they need to be handled slightly different in each case. This PR
includes some elements introduced in the QUIC PR separated out to
make them independently reviewable, and updates the http2 implementation
to use the shared utilities.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/32069
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
