11 files changed, 172 insertions, 18 deletions

diff --git a/lib/_stream_readable.js b/lib/_stream_readable.js
index c69113737..5f280b773 100644
--- a/lib/_stream_readable.js
+++ b/lib/_stream_readable.js
@@ -24,6 +24,7 @@ Readable.ReadableState = ReadableState;
 
 var EE = require('events').EventEmitter;
 var Stream = require('stream');
+var Buffer = require('buffer').Buffer;
 var util = require('util');
 var StringDecoder;
 var debug = util.debuglog('stream');
diff --git a/lib/_stream_writable.js b/lib/_stream_writable.js
index 92984eb08..ce44ff005 100644
--- a/lib/_stream_writable.js
+++ b/lib/_stream_writable.js
@@ -28,6 +28,7 @@ Writable.WritableState = WritableState;
 
 var util = require('util');
 var Stream = require('stream');
+var Buffer = require('buffer').Buffer;
 
 util.inherits(Writable, Stream);
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 4ec92801b..0efc6327b 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -32,6 +32,7 @@ var common = require('_tls_common');
 
 var Timer = process.binding('timer_wrap').Timer;
 var tls_wrap = process.binding('tls_wrap');
+var constants = process.binding('constants');
 
 // Lazy load
 var tls_legacy;
@@ -722,12 +723,16 @@ Server.prototype.setOptions = function(options) {
   if (options.dhparam) this.dhparam = options.dhparam;
   if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
   if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
-  var secureOptions = options.secureOptions || 0;
-  if (options.honorCipherOrder)
-    this.honorCipherOrder = true;
-  else
-    this.honorCipherOrder = false;
-  if (secureOptions) this.secureOptions = secureOptions;
+
+  var secureOptions = crypto._getSecureOptions(options.secureProtocol,
+                                               options.secureOptions);
+
+  if (options.honorCipherOrder) {
+    secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
+  }
+
+  this.secureOptions = secureOptions;
+
   if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this);
   if (options.sessionIdContext) {
     this.sessionIdContext = options.sessionIdContext;
@@ -828,6 +833,9 @@ exports.connect = function(/* [port, host], options, cb */) {
 
   options = util._extend(defaults, options || {});
 
+  options.secureOptions = crypto._getSecureOptions(options.secureProtocol,
+                                                   options.secureOptions);
+
   assert(typeof options.checkServerIdentity === 'function');
 
   var hostname = options.servername ||
diff --git a/lib/child_process.js b/lib/child_process.js
index e18b65435..11a5e9f68 100644
--- a/lib/child_process.js
+++ b/lib/child_process.js
@@ -560,6 +560,8 @@ exports.fork = function(modulePath /*, args, options*/) {
   if (util.isArray(arguments[1])) {
     args = arguments[1];
     options = util._extend({}, arguments[2]);
+  } else if (arguments[1] && typeof arguments[1] !== 'object') {
+    throw new TypeError('Incorrect value of args option');
   } else {
     args = [];
     options = util._extend({}, arguments[1]);
@@ -645,7 +647,7 @@ exports.exec = function(command /*, options, callback */) {
 
 
 exports.execFile = function(file /* args, options, callback */) {
-  var args, callback;
+  var args = [], optionArg, callback;
   var options = {
     encoding: 'utf8',
     timeout: 0,
@@ -655,18 +657,26 @@ exports.execFile = function(file /* args, options, callback */) {
     env: null
   };
 
-  // Parse the parameters.
+  // Parse the optional positional parameters.
+  var pos = 1;
+  if (pos < arguments.length && Array.isArray(arguments[pos])) {
+    args = arguments[pos++];
+  } else if (pos < arguments.length && arguments[pos] == null) {
+    pos++;
+  }
 
-  if (util.isFunction(arguments[arguments.length - 1])) {
-    callback = arguments[arguments.length - 1];
+  if (pos < arguments.length && typeof arguments[pos] === 'object') {
+    options = util._extend(options, arguments[pos++]);
+  } else if (pos < arguments.length && arguments[pos] == null) {
+    pos++;
   }
 
-  if (util.isArray(arguments[1])) {
-    args = arguments[1];
-    options = util._extend(options, arguments[2]);
-  } else {
-    args = [];
-    options = util._extend(options, arguments[1]);
+  if (pos < arguments.length && typeof arguments[pos] === 'function') {
+    callback = arguments[pos++];
+  }
+
+  if (pos === 1 && arguments.length > 1) {
+    throw new TypeError('Incorrect value of args option');
   }
 
   var child = spawn(file, args, {
@@ -970,7 +980,7 @@ function normalizeSpawnArguments(file /*, args, options*/) {
 }
 
 
-var spawn = exports.spawn = function(/*file, args, options*/) {
+var spawn = exports.spawn = function(file /*, args, options*/) {
   var opts = normalizeSpawnArguments.apply(null, arguments);
   var options = opts.options;
   var child = new ChildProcess();
diff --git a/lib/crypto.js b/lib/crypto.js
index 2f0a00b15..602f0d567 100644
--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -58,6 +58,127 @@ exports._toBuf = toBuf;
 var assert = require('assert');
 var StringDecoder = require('string_decoder').StringDecoder;
 
+var CONTEXT_DEFAULT_OPTIONS = undefined;
+
+function getSecureOptions(secureProtocol, secureOptions) {
+  if (CONTEXT_DEFAULT_OPTIONS === undefined) {
+    CONTEXT_DEFAULT_OPTIONS = 0;
+
+    if (!binding.SSL3_ENABLE)
+      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3;
+
+    if (!binding.SSL2_ENABLE)
+      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2;
+  }
+
+  if (secureOptions === undefined) {
+    if (secureProtocol === undefined ||
+        secureProtocol === 'SSLv23_method' ||
+        secureProtocol === 'SSLv23_server_method' ||
+        secureProtocol === 'SSLv23_client_method') {
+      secureOptions |= CONTEXT_DEFAULT_OPTIONS;
+    }
+  }
+
+  return secureOptions;
+}
+exports._getSecureOptions = getSecureOptions;
+
+
+function Credentials(secureProtocol, flags, context) {
+  if (!(this instanceof Credentials)) {
+    return new Credentials(secureProtocol, flags, context);
+  }
+
+  if (!crypto) {
+    throw new Error('node.js not compiled with openssl crypto support.');
+  }
+
+  if (context) {
+    this.context = context;
+  } else {
+    this.context = new SecureContext();
+
+    if (secureProtocol) {
+      this.context.init(secureProtocol);
+    } else {
+      this.context.init();
+    }
+  }
+
+  flags = getSecureOptions(secureProtocol, flags);
+
+  this.context.setOptions(flags);
+}
+
+exports.Credentials = Credentials;
+
+
+exports.createCredentials = function(options, context) {
+  if (!options) options = {};
+
+  var c = new Credentials(options.secureProtocol,
+                          options.secureOptions,
+                          context);
+
+  if (context) return c;
+
+  if (options.key) {
+    if (options.passphrase) {
+      c.context.setKey(options.key, options.passphrase);
+    } else {
+      c.context.setKey(options.key);
+    }
+  }
+
+  if (options.cert) c.context.setCert(options.cert);
+
+  if (options.ciphers) c.context.setCiphers(options.ciphers);
+
+  if (options.ca) {
+    if (Array.isArray(options.ca)) {
+      for (var i = 0, len = options.ca.length; i < len; i++) {
+        c.context.addCACert(options.ca[i]);
+      }
+    } else {
+      c.context.addCACert(options.ca);
+    }
+  } else {
+    c.context.addRootCerts();
+  }
+
+  if (options.crl) {
+    if (Array.isArray(options.crl)) {
+      for (var i = 0, len = options.crl.length; i < len; i++) {
+        c.context.addCRL(options.crl[i]);
+      }
+    } else {
+      c.context.addCRL(options.crl);
+    }
+  }
+
+  if (options.sessionIdContext) {
+    c.context.setSessionIdContext(options.sessionIdContext);
+  }
+
+  if (options.pfx) {
+    var pfx = options.pfx;
+    var passphrase = options.passphrase;
+
+    pfx = toBuf(pfx);
+    if (passphrase)
+      passphrase = toBuf(passphrase);
+
+    if (passphrase) {
+      c.context.loadPKCS12(pfx, passphrase);
+    } else {
+      c.context.loadPKCS12(pfx);
+    }
+  }
+
+  return c;
+};
+
 
 function LazyTransform(options) {
   this._options = options;
diff --git a/lib/dgram.js b/lib/dgram.js
index d1bfa14ca..764892a90 100644
--- a/lib/dgram.js
+++ b/lib/dgram.js
@@ -23,6 +23,7 @@ var assert = require('assert');
 var util = require('util');
 var events = require('events');
 var constants = require('constants');
+var Buffer = require('buffer').Buffer;
 
 var UDP = process.binding('udp_wrap').UDP;
 var SendWrap = process.binding('udp_wrap').SendWrap;
diff --git a/lib/fs.js b/lib/fs.js
index a97ba3aa6..7731f244b 100644
--- a/lib/fs.js
+++ b/lib/fs.js
@@ -31,6 +31,7 @@ var pathModule = require('path');
 var binding = process.binding('fs');
 var constants = process.binding('constants');
 var fs = exports;
+var Buffer = require('buffer').Buffer;
 var Stream = require('stream').Stream;
 var EventEmitter = require('events').EventEmitter;
 var FSReqWrap = binding.FSReqWrap;
diff --git a/lib/net.js b/lib/net.js
index fac78f8c0..ebf6e2748 100644
--- a/lib/net.js
+++ b/lib/net.js
@@ -33,7 +33,7 @@ var PipeConnectWrap = process.binding('pipe_wrap').PipeConnectWrap;
 var ShutdownWrap = process.binding('stream_wrap').ShutdownWrap;
 var WriteWrap = process.binding('stream_wrap').WriteWrap;
 
-
+var Buffer = require('buffer').Buffer;
 var cluster;
 var errnoException = util._errnoException;
 
diff --git a/lib/timers.js b/lib/timers.js
index 68e3e65e9..041fe031c 100644
--- a/lib/timers.js
+++ b/lib/timers.js
@@ -284,6 +284,14 @@ var Timeout = function(after) {
   this._repeat = false;
 };
 
+
+function unrefdHandle() {
+  this.owner._onTimeout();
+  if (!this.owner._repeat)
+    this.owner.close();
+}
+
+
 Timeout.prototype.unref = function() {
   if (!this._handle) {
     var now = Timer.now();
@@ -292,6 +300,7 @@ Timeout.prototype.unref = function() {
     if (delay < 0) delay = 0;
     exports.unenroll(this);
     this._handle = new Timer();
+    this._handle.owner = this;
     this._handle[kOnTimeout] = this._onTimeout;
     this._handle.start(delay, 0);
     this._handle.domain = this.domain;
diff --git a/lib/tls.js b/lib/tls.js
index f772d771d..a00fbb9d7 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -22,6 +22,7 @@
 var net = require('net');
 var url = require('url');
 var util = require('util');
+var Buffer = require('buffer').Buffer;
 
 // Allow {CLIENT_RENEG_LIMIT} client-initiated session renegotiations
 // every {CLIENT_RENEG_WINDOW} seconds. An error event is emitted if more
diff --git a/lib/zlib.js b/lib/zlib.js
index a44e69fe7..f80c9833a 100644
--- a/lib/zlib.js
+++ b/lib/zlib.js
@@ -23,6 +23,7 @@ var Transform = require('_stream_transform');
 
 var binding = process.binding('zlib');
 var util = require('util');
+var Buffer = require('buffer').Buffer;
 var assert = require('assert').ok;
 
 // zlib doesn't provide these, so kludge them in following the same