Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: new tls.TLSSocket() supports sec ctx options #11005

Merged
merged 2 commits into from
Feb 20, 2017
Merged

tls: new tls.TLSSocket() supports sec ctx options #11005

merged 2 commits into from
Feb 20, 2017

Conversation

sam-github
Copy link
Contributor

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

tls,test

@nodejs-github-bot nodejs-github-bot added tls Issues and PRs related to the tls subsystem. dont-land-on-v7.x labels Jan 25, 2017
@sam-github
Copy link
Contributor Author

This is the non-controversial parts of #10846 PRed seperately.

At least, I assume its not controversial, the changes are straight forward, consistent, and have been requested in #10538

@nodejs/crypto PTAL

@sam-github sam-github mentioned this pull request Jan 25, 2017
Closed
4 tasks
bnoordhuis
bnoordhuis requested changes Jan 26, 2017
View reviewed changes
lib/_tls_wrap.js
@@ -348,7 +348,7 @@ TLSSocket.prototype._wrapHandle = function(wrap) {
// Wrap socket's handle
var context = options.secureContext ||
options.credentials ||
tls.createSecureContext();
tls.createSecureContext(options);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

semver-major?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we always treat new properties in options objects as semver-major? If someone was passing unsupported option values to an API, and then the API started supporting those option values, it would feel major to them, but I don't know if that is our standard. What our API is is under-defined ATM.

test/parallel/test-tls-socket-default-options.js Outdated
const join = require('path').join;
const {
assert, connect, keys, tls
} = require(join(common.fixturesDir, 'tls-connect'))();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a rather oblique way of doing require('assert')... Can you do it the regular way and leave in the common.hasCrypto check as well? It's much more Obviously Correct.

test/parallel/test-tls-socket-default-options.js Outdated
conn.on('end', common.mustCall(() => {
// Server sees nothing wrong with connection, even though the client's
// authentication of the server cert failed.
assert.strictEqual(recv, 'helo');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, is the spelling intentional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Habit from SMTP. I can add another "l".

@sam-github
Copy link
Contributor Author

@bnoordhuis I pushed 570a99a, though I think starting all the tls tests with a half-screen of copy-n-pasted boilerplate distracts from the test itself.

@sam-github sam-github added semver-minor PRs that contain new features and should be released in the next minor version. and removed dont-land-on-v7.x labels Jan 27, 2017
@sam-github
Copy link
Contributor Author

@bnoordhuis PTAL, I made both changes you requested, and @jasnell confirms additional properties are not semver-major.

bnoordhuis
bnoordhuis approved these changes Feb 13, 2017
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a nit and a suggestion.

doc/api/tls.md
will be created by passing the entire `options` object to
`tls.createSecureContext()`. *Note*: In effect, all
[`tls.createSecureContext()`][] options can be provided, but they will be
_completely ignored_ unless the `secureContext` option is missing.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"when the secureContext option is set"? Maybe it's because it's 11 PM but I found it hard to parse.

test/parallel/test-tls-socket-default-options.js

if (!common.hasCrypto) {
common.skip('missing crypto');
return;
process.exit(0);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary change.

@sam-github
Copy link
Contributor Author

ci: https://ci.nodejs.org/job/node-test-pull-request/6511/

@sam-github
Copy link
Contributor Author

git checkout fail: https://ci.nodejs.org/job/node-test-commit-linux-fips/6595/nodes=ubuntu1404-64/console, trying again

ci: https://ci.nodejs.org/job/node-test-pull-request/6512/

@sam-github
test: make tls-socket-default-options tests run
dc885c9 
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@sam-github
tls: new tls.TLSSocket() supports sec ctx options
ea56799 
Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@sam-github sam-github merged commit ea56799 into nodejs:master Feb 20, 2017
@sam-github sam-github deleted the tls-ctor-sec-ctx-options branch February 20, 2017 15:58
sam-github added a commit to sam-github/node that referenced this pull request Feb 20, 2017
@sam-github
test: make tls-socket-default-options tests run
bd947de 
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
sam-github added a commit to sam-github/node that referenced this pull request Feb 20, 2017
@sam-github
tls: new tls.TLSSocket() supports sec ctx options
4e6efc1 
Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
italoacasas pushed a commit to italoacasas/node that referenced this pull request Feb 25, 2017
@sam-github @italoacasas
test: make tls-socket-default-options tests run
ecb3a7e 
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
italoacasas pushed a commit to italoacasas/node that referenced this pull request Feb 25, 2017
@sam-github @italoacasas
tls: new tls.TLSSocket() supports sec ctx options
4e32770 
Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: nodejs#10538
PR-URL: nodejs#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@italoacasas italoacasas mentioned this pull request Feb 25, 2017
Merged
italoacasas added a commit to italoacasas/node that referenced this pull request Feb 28, 2017
@italoacasas
2017-02-28, Version 7.7.0 (Current)
5fd5f19 
Notables changes:
* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[nodejs#11288](nodejs#11288)
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[nodejs#11562](nodejs#11562)
* lib: deprecate node --debug at runtime (Josh Gavant)
[nodejs#11275](nodejs#11275)
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[nodejs#11005](nodejs#11005)
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[nodejs#11236](nodejs#11236)
italoacasas added a commit to italoacasas/node that referenced this pull request Feb 28, 2017
@italoacasas
2017-02-28, Version 7.7.0 (Current)
b32ca4f 
Notables changes:

* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[nodejs#11288](nodejs#11288)
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[nodejs#11562](nodejs#11562)
* lib: deprecate node --debug at runtime (Josh Gavant)
[nodejs#11275](nodejs#11275)
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[nodejs#11005](nodejs#11005)
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[nodejs#11236](nodejs#11236)
* doc: items in the API documentation may now have changelogs (Anna Henningsen)
[nodejs#11489](nodejs#11489)

PR-URL: nodejs#11553
italoacasas added a commit to italoacasas/node that referenced this pull request Mar 1, 2017
@italoacasas
2017-02-28, Version 7.7.0 (Current)
a7ffa8d 
Notables changes:

* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[nodejs#11288](nodejs#11288)
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[nodejs#11562](nodejs#11562)
* lib: deprecate node --debug at runtime (Josh Gavant)
[nodejs#11275](nodejs#11275)
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[nodejs#11005](nodejs#11005)
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[nodejs#11236](nodejs#11236)
* doc: items in the API documentation may now have changelogs (Anna Henningsen)
[nodejs#11489](nodejs#11489)
* crypto: adding support for OPENSSL_CONF again (Sam Roberts)
[nodejs#11006](nodejs#11006)
* src: adding support for trace-event tracing (misterpoe)
[nodejs#11106](nodejs#11106)

PR-URL: nodejs#11553
italoacasas added a commit to italoacasas/node that referenced this pull request Mar 1, 2017
@italoacasas
2017-02-28, Version 7.7.0 (Current)
abc13e5 
Notables changes:

* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[nodejs#11288](nodejs#11288)
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[nodejs#11562](nodejs#11562)
* lib: deprecate node --debug at runtime (Josh Gavant)
[nodejs#11275](nodejs#11275)
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[nodejs#11005](nodejs#11005)
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[nodejs#11236](nodejs#11236)
* doc: items in the API documentation may now have changelogs (Anna Henningsen)
[nodejs#11489](nodejs#11489)
* crypto: adding support for OPENSSL_CONF again (Sam Roberts)
[nodejs#11006](nodejs#11006)
* src: adding support for trace-event tracing (misterpoe)
[nodejs#11106](nodejs#11106)

PR-URL: nodejs#11553
italoacasas added a commit to italoacasas/node that referenced this pull request Mar 1, 2017
@italoacasas
2017-02-28, Version 7.7.0 (Current)
15e7028 
Notables changes:

* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[nodejs#11288](nodejs#11288)
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[nodejs#11562](nodejs#11562)
* lib: deprecate node --debug at runtime (Josh Gavant)
[nodejs#11275](nodejs#11275)
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[nodejs#11005](nodejs#11005)
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[nodejs#11236](nodejs#11236)
* doc: items in the API documentation may now have changelogs (Anna Henningsen)
[nodejs#11489](nodejs#11489)
* crypto: adding support for OPENSSL_CONF again (Sam Roberts)
[nodejs#11006](nodejs#11006)
* src: adding support for trace-event tracing (misterpoe)
[nodejs#11106](nodejs#11106)

PR-URL: nodejs#11553
imyller added a commit to imyller/meta-nodejs that referenced this pull request Mar 2, 2017
@imyller
2017-02-28, Version 7.7.0 (Current)
8257528 
    Notables changes:

    * child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
    [#11288](nodejs/node#11288)
    * http: new functions to access the headers for an outgoing HTTP message (Brian White)
    [#11562](nodejs/node#11562)
    * lib: deprecate node --debug at runtime (Josh Gavant)
    [#11275](nodejs/node#11275)
    * tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
    [#11005](nodejs/node#11005)
    * url: adding URL.prototype.toJSON support (Michaël Zasso)
    [#11236](nodejs/node#11236)
    * doc: items in the API documentation may now have changelogs (Anna Henningsen)
    [#11489](nodejs/node#11489)
    * crypto: adding support for OPENSSL_CONF again (Sam Roberts)
    [#11006](nodejs/node#11006)
    * src: adding support for trace-event tracing (misterpoe)
    [#11106](nodejs/node#11106)

    PR-URL: nodejs/node#11553

Signed-off-by: Ilkka Myller <[email protected]>
@gibfahn gibfahn mentioned this pull request Apr 24, 2017
Closed
31 tasks
MylesBorins pushed a commit that referenced this pull request May 16, 2017
@sam-github @MylesBorins
test: make tls-socket-default-options tests run
3a91159 
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: #10538
PR-URL: #11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2017
@sam-github @MylesBorins
tls: new tls.TLSSocket() supports sec ctx options
f5938ef 
Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: #10538
PR-URL: #11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 18, 2017
@sam-github @MylesBorins
test: make tls-socket-default-options tests run
861fa65 
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: #10538
PR-URL: #11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 18, 2017
@sam-github @MylesBorins
tls: new tls.TLSSocket() supports sec ctx options
7cad561 
Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: #10538
PR-URL: #11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@MylesBorins MylesBorins mentioned this pull request May 23, 2017
Merged
MylesBorins added a commit that referenced this pull request Jun 6, 2017
@MylesBorins
2017-06-06, Version 6.11.0 'Boron' (LTS)
40859e2 
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.

Notable Changes:

* build:
  - support for building mips64el (nanxiongchao)
    #10991
* cluster:
  - disconnect() now returns a reference to the disconnected
    worker. (Sean Villars)
    #10019
* crypto:
  - ability to select cert store at runtime (Adam Majer)
    #8334
  - Use system CAs instead of using bundled ones (Adam Majer)
    #8334
  - The `Decipher` methods `setAuthTag()` and `setAAD` now return
    `this`. (Kirill Fomichev)
    #9398
  - adding support for OPENSSL_CONF again (Sam Roberts)
    #11006
  - make LazyTransform compabile with Streams1 (Matteo Collina)
    #12380
* deps:
  - upgrade libuv to 1.11.0 (cjihrig)
    #11094
  - upgrade libuv to 1.10.2 (cjihrig)
    #10717
  - upgrade libuv to 1.10.1 (cjihrig)
    #9647
  - upgrade libuv to 1.10.0 (cjihrig)
    #9267
* dns:
  - Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
    (Ben Noordhuis)
    #9296
* process:
  - add NODE_NO_WARNINGS environment variable (cjihrig)
    #10842
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    #2982
* src:
  - support "--" after "-e" as end-of-options (John Barboza)
    #10651
* tls:
  - new tls.TLSSocket() supports sec ctx options (Sam Roberts)
    #11005
  - Allow obvious key/passphrase combinations. (Sam Roberts)
    #10294

PR-URL: #13059
MylesBorins added a commit that referenced this pull request Jun 6, 2017
@MylesBorins
2017-06-06, Version 6.11.0 'Boron' (LTS)
4c5cbb7 
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.

Notable Changes:

* build:
  - support for building mips64el (nanxiongchao)
    #10991
* cluster:
  - disconnect() now returns a reference to the disconnected
    worker. (Sean Villars)
    #10019
* crypto:
  - ability to select cert store at runtime (Adam Majer)
    #8334
  - Use system CAs instead of using bundled ones (Adam Majer)
    #8334
  - The `Decipher` methods `setAuthTag()` and `setAAD` now return
    `this`. (Kirill Fomichev)
    #9398
  - adding support for OPENSSL_CONF again (Sam Roberts)
    #11006
  - make LazyTransform compabile with Streams1 (Matteo Collina)
    #12380
* deps:
  - upgrade libuv to 1.11.0 (cjihrig)
    #11094
  - upgrade libuv to 1.10.2 (cjihrig)
    #10717
  - upgrade libuv to 1.10.1 (cjihrig)
    #9647
  - upgrade libuv to 1.10.0 (cjihrig)
    #9267
* dns:
  - Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
    (Ben Noordhuis)
    #9296
* process:
  - add NODE_NO_WARNINGS environment variable (cjihrig)
    #10842
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    #2982
* src:
  - support "--" after "-e" as end-of-options (John Barboza)
    #10651
* tls:
  - new tls.TLSSocket() supports sec ctx options (Sam Roberts)
    #11005
  - Allow obvious key/passphrase combinations. (Sam Roberts)
    #10294

PR-URL: #13059
andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017
@sam-github @andrew749
test: make tls-socket-default-options tests run
e70d959 
Because of a poorly constructed test, only one of the two test vectors
ran.  The test also failed to cover the authentication error that occurs
when the server's certificate is not trusted.

Both issues are fixed.

Fix: nodejs/node#10538
PR-URL: nodejs/node#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017
@sam-github @andrew749
tls: new tls.TLSSocket() supports sec ctx options
359de5c 
Add support to new tls.TLSSocket() to create a SecureContext object with
all its supported options, in the same way they are supported for all
the other APIs that need SecureContext objects.

Fix: nodejs/node#10538
PR-URL: nodejs/node#11005
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017
@MylesBorins @andrew749
2017-06-06, Version 6.11.0 'Boron' (LTS)
e5cdc26 
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.

Notable Changes:

* build:
  - support for building mips64el (nanxiongchao)
    nodejs/node#10991
* cluster:
  - disconnect() now returns a reference to the disconnected
    worker. (Sean Villars)
    nodejs/node#10019
* crypto:
  - ability to select cert store at runtime (Adam Majer)
    nodejs/node#8334
  - Use system CAs instead of using bundled ones (Adam Majer)
    nodejs/node#8334
  - The `Decipher` methods `setAuthTag()` and `setAAD` now return
    `this`. (Kirill Fomichev)
    nodejs/node#9398
  - adding support for OPENSSL_CONF again (Sam Roberts)
    nodejs/node#11006
  - make LazyTransform compabile with Streams1 (Matteo Collina)
    nodejs/node#12380
* deps:
  - upgrade libuv to 1.11.0 (cjihrig)
    nodejs/node#11094
  - upgrade libuv to 1.10.2 (cjihrig)
    nodejs/node#10717
  - upgrade libuv to 1.10.1 (cjihrig)
    nodejs/node#9647
  - upgrade libuv to 1.10.0 (cjihrig)
    nodejs/node#9267
* dns:
  - Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
    (Ben Noordhuis)
    nodejs/node#9296
* process:
  - add NODE_NO_WARNINGS environment variable (cjihrig)
    nodejs/node#10842
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    nodejs/node#2982
* src:
  - support "--" after "-e" as end-of-options (John Barboza)
    nodejs/node#10651
* tls:
  - new tls.TLSSocket() supports sec ctx options (Sam Roberts)
    nodejs/node#11005
  - Allow obvious key/passphrase combinations. (Sam Roberts)
    nodejs/node#10294

PR-URL: nodejs/node#13059
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@bnoordhuis bnoordhuis bnoordhuis approved these changes

Assignees
No one assigned
Labels
semver-minor PRs that contain new features and should be released in the next minor version. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sam-github @bnoordhuis @jasnell @MylesBorins @nodejs-github-bot