delta/node-new.git/test/parallel/test-https-agent-additional-options.js, branch cleanup-getnodeversion.py github.com: nodejs/node.git test: fix test-https-agent-additional-options 2019-05-25T02:26:46+00:00 Rich Trott rtrott@gmail.com 2019-05-21T23:36:36+00:00 0d2830041a399d5d56f7e0780c982a80570bdde2 test-https-agent-additional-options can occasionally fail if a socket closes before the checks near the end of the test. Modify the test to check the freeSockets pool after each request. PR-URL: https://github.com/nodejs/node/pull/27830 Fixes: https://github.com/nodejs/node/issues/24449 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 
test-https-agent-additional-options can occasionally fail if a socket
closes before the checks near the end of the test. Modify the test to
check the freeSockets pool after each request.

PR-URL: https://github.com/nodejs/node/pull/27830
Fixes: https://github.com/nodejs/node/issues/24449
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
test: refactor test-https-agent-additional-options 2019-05-25T02:26:43+00:00 Rich Trott rtrott@gmail.com 2019-05-21T22:27:32+00:00 0fa5c9f256210d858862e62f63754f216a94e1e9 Move callback to location where it is less confusing. PR-URL: https://github.com/nodejs/node/pull/27830 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 
Move callback to location where it is less confusing.

PR-URL: https://github.com/nodejs/node/pull/27830
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
test: favor arrow functions for anonymous callbacks 2019-05-25T02:26:39+00:00 Rich Trott rtrott@gmail.com 2019-05-21T20:45:13+00:00 d03cff7620f0a62433f36abc252532ab0a79a56c In test-https-agent-additional-options, use arrow functions for anonymous callbacks. Replace a use of `this` with the relevant constant. PR-URL: https://github.com/nodejs/node/pull/27830 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 
In test-https-agent-additional-options, use arrow functions for
anonymous callbacks. Replace a use of `this` with the relevant constant.

PR-URL: https://github.com/nodejs/node/pull/27830
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
test: replace flag with option 2019-05-25T02:26:30+00:00 Rich Trott rtrott@gmail.com 2019-05-21T20:42:45+00:00 3f01710d3ce89518825c7216975d544d6e78afb2 test-https-agent-additional-options is invoked with a command-line flag. However, there is an equivalent option that can be enabled within the code. Do that instead. PR-URL: https://github.com/nodejs/node/pull/27830 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 
test-https-agent-additional-options is invoked with a command-line flag.
However, there is an equivalent option that can be enabled within the
code. Do that instead.

PR-URL: https://github.com/nodejs/node/pull/27830
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
tls: support TLSv1.3 2019-03-20T14:48:25+00:00 Sam Roberts vieuxtech@gmail.com 2018-11-29T01:58:08+00:00 42dbaed4605f44c393a057aad75a31cac1d0e5f5 This introduces TLS1.3 support and makes it the default max protocol, but also supports CLI/NODE_OPTIONS switches to disable it if necessary. TLS1.3 is a major update to the TLS protocol, with many security enhancements. It should be preferred over TLS1.2 whenever possible. TLS1.3 is different enough that even though the OpenSSL APIs are technically API/ABI compatible, that when TLS1.3 is negotiated, the timing of protocol records and of callbacks broke assumptions hard-coded into the 'tls' module. This change introduces no API incompatibilities when TLS1.2 is negotiated. It is the intention that it be backported to current and LTS release lines with the default maximum TLS protocol reset to 'TLSv1.2'. This will allow users of those lines to explicitly enable TLS1.3 if they want. API incompatibilities between TLS1.2 and TLS1.3 are: - Renegotiation is not supported by TLS1.3 protocol, attempts to call `.renegotiate()` will always fail. - Compiling against a system OpenSSL lower than 1.1.1 is no longer supported (OpenSSL-1.1.0 used to be supported with configure flags). - Variations of `conn.write('data'); conn.destroy()` have undefined behaviour according to the streams API. They may or may not send the 'data', and may or may not cause a ERR_STREAM_DESTROYED error to be emitted. This has always been true, but conditions under which the write suceeds is slightly but observably different when TLS1.3 is negotiated vs when TLS1.2 or below is negotiated. - If TLS1.3 is negotiated, and a server calls `conn.end()` in its 'secureConnection' listener without any data being written, the client will not receive session tickets (no 'session' events will be emitted, and `conn.getSession()` will never return a resumable session). - The return value of `conn.getSession()` API may not return a resumable session if called right after the handshake. The effect will be that clients using the legacy `getSession()` API will resume sessions if TLS1.2 is negotiated, but will do full handshakes if TLS1.3 is negotiated. See https://github.com/nodejs/node/pull/25831 for more information. PR-URL: https://github.com/nodejs/node/pull/26209 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 
This introduces TLS1.3 support and makes it the default max protocol,
but also supports CLI/NODE_OPTIONS switches to disable it if necessary.

TLS1.3 is a major update to the TLS protocol, with many security
enhancements. It should be preferred over TLS1.2 whenever possible.

TLS1.3 is different enough that even though the OpenSSL APIs are
technically API/ABI compatible, that when TLS1.3 is negotiated, the
timing of protocol records and of callbacks broke assumptions hard-coded
into the 'tls' module.

This change introduces no API incompatibilities when TLS1.2 is
negotiated. It is the intention that it be backported to current and LTS
release lines with the default maximum TLS protocol reset to 'TLSv1.2'.
This will allow users of those lines to explicitly enable TLS1.3 if they
want.

API incompatibilities between TLS1.2 and TLS1.3 are:

- Renegotiation is not supported by TLS1.3 protocol, attempts to call
`.renegotiate()` will always fail.

- Compiling against a system OpenSSL lower than 1.1.1 is no longer
supported (OpenSSL-1.1.0 used to be supported with configure flags).

- Variations of `conn.write('data'); conn.destroy()` have undefined
behaviour according to the streams API. They may or may not send the
'data', and may or may not cause a ERR_STREAM_DESTROYED error to be
emitted. This has always been true, but conditions under which the write
suceeds is slightly but observably different when TLS1.3 is negotiated
vs when TLS1.2 or below is negotiated.

- If TLS1.3 is negotiated, and a server calls `conn.end()` in its
'secureConnection' listener without any data being written, the client
will not receive session tickets (no 'session' events will be emitted,
and `conn.getSession()` will never return a resumable session).

- The return value of `conn.getSession()` API may not return a resumable
session if called right after the handshake. The effect will be that
clients using the legacy `getSession()` API will resume sessions if
TLS1.2 is negotiated, but will do full handshakes if TLS1.3 is
negotiated.  See https://github.com/nodejs/node/pull/25831 for more
information.

PR-URL: https://github.com/nodejs/node/pull/26209
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
tls: disable TLS v1.0 and v1.1 by default 2018-11-13T15:05:51+00:00 Ben Noordhuis info@bnoordhuis.nl 2018-10-22T09:40:28+00:00 60eca6a5d4fb5d70c4affceb1fbe78f1c1db8354 Refs: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/ PR-URL: https://github.com/nodejs/node/pull/23814 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 
Refs: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

PR-URL: https://github.com/nodejs/node/pull/23814
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
benchmark,doc,lib,src,test,tools: fix typos 2018-10-09T13:53:12+00:00 Brandon Smith brandon93s@gmail.com 2018-10-07T01:09:29+00:00 13340d47fcdbc9fa0eaaeee52d2c09338590a797 PR-URL: https://github.com/nodejs/node/pull/23302 Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> 
PR-URL: https://github.com/nodejs/node/pull/23302
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
https: add extra options to Agent#getName() 2018-02-10T13:15:57+00:00 Jeff Principe princjef@gmail.com 2017-10-17T04:23:29+00:00 6007a9cc0e361d428123e4c0f74024c6cd7815f4 Adds the remaining options from tls.createSecureContext() to the string generated by Agent#getName(). This allows https.request() to accept the options and generate unique sockets appropriately. PR-URL: https://github.com/nodejs/node/pull/16402 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 
Adds the remaining options from tls.createSecureContext() to the
string generated by Agent#getName(). This allows https.request() to
accept the options and generate unique sockets appropriately.

PR-URL: https://github.com/nodejs/node/pull/16402
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>