Merge branch 'v0.10' into merge-review2merge-review2

Reverted caeb6773 for being unable to port the change to deps/v8. The
change will be ported directly in a later commit.

Conflicts:
	ChangeLog
	configure
	doc/api/child_process.markdown
	doc/api/tls.markdown
	doc/api/url.markdown
	lib/assert.js
	lib/child_process.js
	lib/crypto.js
	lib/dgram.js
	lib/http.js
	lib/net.js
	lib/timers.js
	lib/tls.js
	src/node.cc
	src/node.h
	src/node.js
	src/node_crypto.cc
	src/node_version.h
	test/common.js
	test/simple/test-child-process-spawn-typeerror.js
	tools/certdata.txt

1 files changed, 121 insertions, 0 deletions

diff --git a/lib/crypto.js b/lib/crypto.js
index 2f0a00b15..602f0d567 100644
--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -58,6 +58,127 @@ exports._toBuf = toBuf;
 var assert = require('assert');
 var StringDecoder = require('string_decoder').StringDecoder;
 
+var CONTEXT_DEFAULT_OPTIONS = undefined;
+
+function getSecureOptions(secureProtocol, secureOptions) {
+  if (CONTEXT_DEFAULT_OPTIONS === undefined) {
+    CONTEXT_DEFAULT_OPTIONS = 0;
+
+    if (!binding.SSL3_ENABLE)
+      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3;
+
+    if (!binding.SSL2_ENABLE)
+      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2;
+  }
+
+  if (secureOptions === undefined) {
+    if (secureProtocol === undefined ||
+        secureProtocol === 'SSLv23_method' ||
+        secureProtocol === 'SSLv23_server_method' ||
+        secureProtocol === 'SSLv23_client_method') {
+      secureOptions |= CONTEXT_DEFAULT_OPTIONS;
+    }
+  }
+
+  return secureOptions;
+}
+exports._getSecureOptions = getSecureOptions;
+
+
+function Credentials(secureProtocol, flags, context) {
+  if (!(this instanceof Credentials)) {
+    return new Credentials(secureProtocol, flags, context);
+  }
+
+  if (!crypto) {
+    throw new Error('node.js not compiled with openssl crypto support.');
+  }
+
+  if (context) {
+    this.context = context;
+  } else {
+    this.context = new SecureContext();
+
+    if (secureProtocol) {
+      this.context.init(secureProtocol);
+    } else {
+      this.context.init();
+    }
+  }
+
+  flags = getSecureOptions(secureProtocol, flags);
+
+  this.context.setOptions(flags);
+}
+
+exports.Credentials = Credentials;
+
+
+exports.createCredentials = function(options, context) {
+  if (!options) options = {};
+
+  var c = new Credentials(options.secureProtocol,
+                          options.secureOptions,
+                          context);
+
+  if (context) return c;
+
+  if (options.key) {
+    if (options.passphrase) {
+      c.context.setKey(options.key, options.passphrase);
+    } else {
+      c.context.setKey(options.key);
+    }
+  }
+
+  if (options.cert) c.context.setCert(options.cert);
+
+  if (options.ciphers) c.context.setCiphers(options.ciphers);
+
+  if (options.ca) {
+    if (Array.isArray(options.ca)) {
+      for (var i = 0, len = options.ca.length; i < len; i++) {
+        c.context.addCACert(options.ca[i]);
+      }
+    } else {
+      c.context.addCACert(options.ca);
+    }
+  } else {
+    c.context.addRootCerts();
+  }
+
+  if (options.crl) {
+    if (Array.isArray(options.crl)) {
+      for (var i = 0, len = options.crl.length; i < len; i++) {
+        c.context.addCRL(options.crl[i]);
+      }
+    } else {
+      c.context.addCRL(options.crl);
+    }
+  }
+
+  if (options.sessionIdContext) {
+    c.context.setSessionIdContext(options.sessionIdContext);
+  }
+
+  if (options.pfx) {
+    var pfx = options.pfx;
+    var passphrase = options.passphrase;
+
+    pfx = toBuf(pfx);
+    if (passphrase)
+      passphrase = toBuf(passphrase);
+
+    if (passphrase) {
+      c.context.loadPKCS12(pfx, passphrase);
+    } else {
+      c.context.loadPKCS12(pfx);
+    }
+  }
+
+  return c;
+};
+
 
 function LazyTransform(options) {
   this._options = options;