OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
31,647 Commits 30 Branches 683 Tags
df08d527c2083b852d8456b88b39114f30525236
Commit Graph

90 Commits

Author SHA1 Message Date
Matteo Collina
df08d527c2 http: add requestTimeout 
This commits introduces a new http.Server option called requestTimeout
with a default value in milliseconds of 0.

If requestTimeout is set to a positive value, the server will start a new
timer set to expire in requestTimeout milliseconds when a new connection
is established. The timer is also set again if new requests after the
first are received on the socket (this handles pipelining and keep-alive
cases).
The timer is cancelled when:

1. the request body is completely received by the server.
2. the response is completed. This handles the case where the
application responds to the client without consuming the request body.
3. the connection is upgraded, like in the WebSocket case.

If the timer expires, then the server responds with status code 408 and
closes the connection.

CVE-2020-8251

PR-URL: https://github.com/nodejs-private/node-private/pull/208
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Co-Authored-By: Paolo Insogna <paolo@cowtech.it>
Co-Authored-By: Robert Nagy <ronagy@icloud.com>
 2020-09-15 15:39:54 -04:00
sapics
ee3416b055 lib: replace http to https of comment link urls 
PR-URL: https://github.com/nodejs/node/pull/34158
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2020-07-06 07:03:08 -07:00
Brian White
c24b74a7ab lib: improve debuglog() performance 
PR-URL: https://github.com/nodejs/node/pull/32260
Reviewed-By: James M Snell <jasnell@gmail.com>
 2020-05-30 17:24:43 -04:00
Vighnesh Raut
fa946983cc https: prevent options object from being mutated 
Previously, when passing options object to the agent.createConnection
method, the same options object got modified within the method. Now,
any modification will happen on only a copy of the object.

Fixes: https://github.com/nodejs/node/issues/31119

PR-URL: https://github.com/nodejs/node/pull/31151
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2020-01-03 20:09:27 -08:00
Tim Costa
e17403ede3 http,https: increase server headers timeout 
Fixes: https://github.com/nodejs/node/issues/24980
Refs: https://github.com/nodejs/node/commit/eb43bc04b1

PR-URL: https://github.com/nodejs/node/pull/30071
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2019-12-14 08:59:19 -05:00
Michaël Zasso
0646eda4fc lib: flatten access to primordials 
Store all primordials as properties of the primordials object.
Static functions are prefixed by the constructor's name and prototype
methods are prefixed by the constructor's name followed by "Prototype".
For example: primordials.Object.keys becomes primordials.ObjectKeys.

PR-URL: https://github.com/nodejs/node/pull/30610
Refs: https://github.com/nodejs/node/issues/29766
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
 2019-11-25 10:28:15 +01:00
galina.prokofeva
9a4b16f620 https: change var to let in lib/https.js 
Changed a variable declaration.

PR-URL: https://github.com/nodejs/node/pull/30320
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
 2019-11-08 15:27:20 -08:00
Ali Ijaz Sheikh
c30ef3cbd2 http, http2: remove default server timeout 
Timing out and closing the socket after two minutes have elapsed is
surprising and problematic for users. This behavior was specific to
Node.js, and doesn't seem to be common in other language runtimes.

Fixes: https://github.com/nodejs/node/issues/27556

PR-URL: https://github.com/nodejs/node/pull/27558
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2019-05-09 08:54:04 -07:00
Michaël Zasso
908292cf1f lib: enforce the use of Object from primordials 
PR-URL: https://github.com/nodejs/node/pull/27146
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
 2019-04-12 05:38:45 +02:00
dnlup
cd3a9eebca https: remove usage of public require('util') 
Use `require('internal/util/debuglog').debuglog`
and `Object.setPrototypeOf` instead of `require('util').debuglog`
and `require('util').inherits`.

Refs: https://github.com/nodejs/node/issues/26546

PR-URL: https://github.com/nodejs/node/pull/26772
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2019-03-23 18:40:24 +05:30
Sam Roberts
0f8e8f7c6b tls: introduce client 'session' event 
OpenSSL has supported async notification of sessions and tickets since
1.1.0 using SSL_CTX_sess_set_new_cb(), for all versions of TLS. Using
the async API is optional for TLS1.2 and below, but for TLS1.3 it will
be mandatory. Future-proof applications should start to use async
notification immediately. In the future, for TLS1.3, applications that
don't use the async API will silently, but gracefully, fail to resume
sessions and instead do a full handshake.

See: https://wiki.openssl.org/index.php/TLS1.3#Sessions

PR-URL: https://github.com/nodejs/node/pull/25831
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
 2019-02-01 19:06:58 -08:00
Roy Sommer
5774688e26 lib: support overriding http\s.globalAgent 
Overriding `require('http[s]').globalAgent` is now respected by
consequent requests.

In order to achieve that, the following changes were made:

1. Implmentation in `http`: `module.exports.globalAgent` is now defined
through `Object.defineProperty`. Its getter and setter return \ set
`require('_http_agent').globalAgent`.

2. Implementation in `https`: the https `globalAgent` is not the same
as `_http_agent`, and is defined in `https` module itself. Therefore,
the fix here was to simply use `module.exports.globalAgent` to support
mutation.

3. According tests were added for both `http` and `https`, where in
both we create a server, set the default agent to a newly created
instance and make a request to that server. We then assert that the
given instance was actually used by inspecting its sockets property.

Fixes: https://github.com/nodejs/node/issues/23281

PR-URL: https://github.com/nodejs/node/pull/25170
Reviewed-By: James M Snell <jasnell@gmail.com>
 2019-01-08 00:10:36 +01:00
Ruben Bridgewater
d4c91f2814 lib: remove internal util._extends() usage 
This removes all internal calls to the deprecated `_extends()`
function. It is slower than `Object.assign()` and the object spread
notation since V8 6.8 and using the spread notation often also
results in shorter code.

PR-URL: https://github.com/nodejs/node/pull/25105
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
 2018-12-20 13:52:44 +01:00
Ruben Bridgewater
59257543c3 lib: use ES6 class inheritance style 
PR-URL: https://github.com/nodejs/node/pull/24755
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
 2018-12-05 16:55:00 +01:00
Ruben Bridgewater
dcc82b37b6 lib: remove inherits() usage 
This switches all `util.inherits()` calls to use
`Object.setPrototypeOf()` instead. In fact, `util.inherits()` is
mainly a small wrapper around exactly this function while adding
the `_super` property on the object as well.

Refs: #24395

PR-URL: https://github.com/nodejs/node/pull/24755
Refs: https://github.com/nodejs/node/issues/24395
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
 2018-12-05 16:53:58 +01:00
Matteo Collina
ee618a7ab2 http,https: protect against slow headers attack 
CVE-2018-12122

An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.

PR-URL: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2018-11-28 11:36:34 +11:00
Sam Roberts
f512f5ea13 tls: add min/max protocol version options 
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.

PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
 2018-11-22 09:14:58 -08:00
Sam Ruby
19aa41c6fc https: allow url and options to be passed to https.request 
PR-URL: https://github.com/nodejs/node/pull/22003
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2018-07-31 22:53:25 -07:00
Ben Noordhuis
a76f029818 lib,src: remove openssl feature conditionals 
Remove compile-time and run-time conditionals for features that
OpenSSL 1.0.0 and 1.0.1 didn't support: ALPN, OCSP and/or SNI.
They are no longer necessary since our baseline is OpenSSL 1.0.2.

PR-URL: https://github.com/nodejs/node/pull/21094
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2018-06-08 00:53:37 +02:00
ErnestoSalazar
5ebdce277e https: removed extra _http_server require 
PR-URL: https://github.com/nodejs/node/pull/21069
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Kyle Farnung <kfarnung@microsoft.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
 2018-06-05 18:57:39 -07:00
Daiki Arai
67790962da https: defines maxHeadersCount in the constructor 
In Refs, http.Server's maxHeadersCount field was defined in the
constructor to make hidden class stable and so on. Also in https.Server,
we can use maxHeadersCount the same as http via connectionListener. So,
defines it in the constructor and documentation.

Refs: https://github.com/nodejs/node/pull/9116

PR-URL: https://github.com/nodejs/node/pull/20359
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
 2018-05-05 13:57:07 +02:00
Hackzzila
564048dc29 http,https,tls: switch to WHATWG URL parser 
This switches the url parser from `url.parse()` to the WHATWG URL
parser while keeping `url.parse()` as fallback.

Also add tests for invalid url deprecations and correct hostname
checks.

PR-URL: https://github.com/nodejs/node/pull/20270
Fixes: https://github.com/nodejs/node/issues/19468
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
 2018-04-29 17:03:16 +02:00
Ben Noordhuis
5bfbe5ceae tls: drop NPN (next protocol negotiation) support 
NPN has been superseded by ALPN.  Chrome and Firefox removed support for
NPN in 2016 and 2017 respectively to no ill effect.

Fixes: https://github.com/nodejs/node/issues/14602
PR-URL: https://github.com/nodejs/node/pull/19403
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
 2018-03-27 16:22:37 +02:00
Michaël Zasso
1e8d110e64 lib: port errors to new system 
This is a first batch of updates that touches non-underscored modules in
lib.

PR-URL: https://github.com/nodejs/node/pull/19034
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
 2018-03-05 19:51:30 +01:00
Jeff Principe
6007a9cc0e https: add extra options to Agent#getName() 
Adds the remaining options from tls.createSecureContext() to the
string generated by Agent#getName(). This allows https.request() to
accept the options and generate unique sockets appropriately.

PR-URL: https://github.com/nodejs/node/pull/16402
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2018-02-10 14:15:57 +01:00
Peter Marton
a899576c97 http: add options to http.createServer() 
This adds the optional options argument to `http.createServer()`.
It contains two options: the `IncomingMessage` and `ServerReponse`
option.

PR-URL: https://github.com/nodejs/node/pull/15752
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
 2018-02-06 15:40:24 +01:00
joelostrowski
6ee985f311 tls: implement clientCertEngine option 
Add an option 'clientCertEngine' to `tls.createSecureContext()` which gets
wired up to OpenSSL function `SSL_CTX_set_client_cert_engine`. The option
is passed through from `https.request()` as well. This allows using a custom
OpenSSL engine to provide the client certificate.
 2017-11-11 13:35:23 -08:00
Bryan English
5118f31466 https: refactor to use http internals 
Rather than using `http`, use `_http_client`, etc. directly.

Also moving all the exports to the bottom, in line with most of the rest
of the codebase.

PR-URL: https://github.com/nodejs/node/pull/16395
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2017-10-26 15:47:29 -07:00
Weijia Wang
212de3c5ec lib: use destructuring for some constants 
This change is to unify the declaration for constants into using
destructuring on the top-level-module scope, reducing some redundant
code.

PR-URL: https://github.com/nodejs/node/pull/16063
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
 2017-10-16 23:34:32 +02:00
Rami Moshe
4843c2f415 https: convert to using internal/errors 
PR-URL: https://github.com/nodejs/node/pull/15603
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
 2017-09-28 22:53:16 -07:00
XadillaX
c1c226719f https: make opts optional & immutable when create 
`opts` in `createServer` will be immutable that won't change origional
opts value. What's more, it's optional which can make `requestListener`
be the first argument.

PR-URL: https://github.com/nodejs/node/pull/13599
Fixes: https://github.com/nodejs/node/issues/13584
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
 2017-06-14 15:14:34 -04:00
Timur Shemsedinov
0aa7ef5950 http: destroy sockets after keepAliveTimeout 
Implement server.keepAliveTimeout in addition to server.timeout to
prevent temporary socket/memory leaking in keep-alive mode.

PR-URL: https://github.com/nodejs/node/pull/2534
Author: Timur Shemsedinov <timur.shemsedinov@gmail.com>
Author: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
 2017-05-26 19:05:53 +03:00
Brian White
ed365653f6 http,https: avoid instanceof for WHATWG URL 
PR-URL: https://github.com/nodejs/node/pull/12983
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
 2017-05-22 18:07:27 -04:00
cjihrig
9ce2271e81 https: support agent construction without new 
Fixes: https://github.com/nodejs/node/issues/12918
PR-URL: https://github.com/nodejs/node/pull/12927
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
 2017-05-11 15:28:27 -04:00
James M Snell
98e54b0bd4 meta: restore original copyright header 
A prior io.js era commit inappropriately removed the
original copyright statements from the source. This
restores those in any files still remaining from that
edit.

Ref: https://github.com/nodejs/TSC/issues/174
Ref: https://github.com/nodejs/node/pull/10599
PR-URL: https://github.com/nodejs/node/pull/10155

Note: This PR was required, reviewed-by and approved
by the Node.js Foundation Legal Committee and the TSC.
There is no `Approved-By:` meta data.
 2017-03-10 11:23:48 -08:00
Jackson Tian
69674f4d3e lib: remove unnecessary parameter for assertCrypto() 
The `exports` parameter is unnecessary.

PR-URL: https://github.com/nodejs/node/pull/10834
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <sam@strongloop.com>
 2017-01-18 11:13:18 +08:00
Andreas Lind
a469f85653 https: Use secureProtocol in Agent#getName 
Refs: https://github.com/nodejs/node/issues/9324
PR-URL: https://github.com/nodejs/node/pull/9452
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2017-01-10 17:12:30 -08:00
James M Snell
0f62ee6963 url: allow use of URL with http.request and https.request 
PR-URL: https://github.com/nodejs/node/pull/10638
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
 2017-01-09 09:28:11 -08:00
Pedro Lima
1f45d7aa41 https: name anonymous functions in https 
Naming anonymous function in the https module

PR-URL: https://github.com/nodejs/node/pull/9217
Ref: https://github.com/nodejs/node/issues/8913
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
 2016-11-25 13:55:17 -05:00
James M Snell
f429fe1b88 crypto: fail early when loading crypto without openssl 
Fail early in require('crypto'), require('tls'),
require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

PR-URL: https://github.com/nodejs/node/pull/5611
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2016-03-23 10:34:40 -07:00
Jackson Tian
d2b93e55cc lib: reduce usage of self = this 
Remove unnecessary `self = this`.

PR-URL: https://github.com/nodejs/node/pull/5231
Reviewed-By: James M Snell <jasnell@gmail.com>
 2016-03-21 15:48:51 -07:00
Fedor Indutny
165b33fce2 https: evict cached sessions on error 
Instead of using the same session over and over, evict it when the
socket emits error. This could be used as a mitigation of #3692, until
OpenSSL fix will be merged/released.

See: https://github.com/nodejs/node/issues/3692
PR-URL: https://github.com/nodejs/node/pull/4982
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
 2016-02-01 21:52:04 -05:00
Fedor Indutny
5f76b24e5e http: overridable clientError 
Make default `clientError` behavior (close socket immediately)
overridable. With this APIs it is possible to write a custom error
handler, and to send, for example, a 400 HTTP response.

    http.createServer(...).on('clientError', function(err, socket) {
      socket.end('HTTP/1.1 400 Bad Request\r\n\r\n');
      socket.destroy();
    });

Fix: #4543
PR-URL: https://github.com/nodejs/node/pull/4557
Reviewed-By: Brian White <mscdex@mscdex.net>
 2016-01-07 03:39:15 -05:00
Fedor Indutny
3213e5fe6e https: use servername in agent key 
https requests with different SNI values should not be sent over the
same connection, even if the `host` is the same. Server may want to
present different certificate or route the incoming TLS connection
differently, depending on the received servername extension.

Fix: https://github.com/nodejs/node/issues/3940
PR-URL: https://github.com/nodejs/node/pull/4389
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2015-12-22 13:51:12 -05:00
Fedor Indutny
acef181fde https: support disabling session caching 
Zero value of `maxCachedSessions` should disable TLS session caching in
`https.Agent`

PR-URL: https://github.com/nodejs/node/pull/4252
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2015-12-12 12:48:29 -05:00
Sakthipriyan Vairamani
437930c0cc http{s}: don't connect to localhost on invalid URL 
If the URL passed to `http{s}.request` or `http{s}.get` is not properly
parsable by `url.parse`, we fall back to use `localhost` and port 80.
This creates confusing error messages like in this question
http://stackoverflow.com/q/32675907/1903116.

This patch throws an error message, if `url.parse` fails to parse the
URL properly.

Previous Discussion: https://github.com/nodejs/node/pull/2966
PR-URL: https://github.com/nodejs/node/pull/2967

Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2015-10-27 08:47:23 +05:30
Shigeki Ohtsu
802a2e79e1 tls, crypto: add ALPN Support 
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.

PR-URL: https://github.com/nodejs/node/pull/2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2015-10-27 01:31:47 +09:00
Fedor Indutny
2ca5a3db47 https: reuse TLS sessions in Agent 
Fix: #1499
PR-URL: https://github.com/nodejs/io.js/pull/2228
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
 2015-07-27 11:48:36 -07:00
Rod Vagg
702997c1f0 Revert "url: significantly improve the performance of the url module" 
This reverts commit 3fd7fc429c.

It was agreed that this change contained too much potential ecosystem
breakage, particularly around the inability to `delete` properties off a
`Url` object. It may be re-introduced for a later release, along with
better work on ecosystem compatibility.

PR-URL: https://github.com/iojs/io.js/pull/1602
Reviewed-By: Mikeal Rogers <mikeal.rogers@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Forrest L Norvell <forrest@npmjs.com>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Isaac Z. Schlueter <i@izs.me>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
 2015-05-03 20:29:41 -07:00
Petka Antonov
3fd7fc429c url: significantly improve the performance of the url module 
(landed by @rvagg)

PR-URL: https://github.com/iojs/io.js/pull/1561
Reviewed-By: Domenic Denicola <domenic@domenicdenicola.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
 2015-05-01 23:12:52 -07:00