Extendable ca certs v4 #9771
Closed
Extendable ca certs v4 #9771
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
c++
MylesBorins
added
blocked
jasnell
approved these changes
Dec 5, 2016
MylesBorins
force-pushed
the
v4.x-staging
branch
from
d860f6e
to
c77ba8c
Compare
sam-github
force-pushed
the
extendable-ca-certs-v4
branch
from
4efeeb5
to
b16d231
Compare
MylesBorins
force-pushed
the
v4.x-staging
branch
from
5dee225
to
4357591
Compare
In most cases, named functions match the variable or property to which they are being assigned. That also seems to be the practice in a series of PRs currently being evaluated that name currently-anonymous functions. This change applies that rule to instances in the code base that don't comply with that practice. This will be enforceable with a lint rule once we upgrade to ESLint 3.8.0. PR-URL: nodejs#9113 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
sam-github
force-pushed
the
extendable-ca-certs-v4
branch
from
b16d231
to
67da738
Compare
The cherry-pick of nodejs#7612 to v4.x (4369055) added in nodejs#9298 wasn't quite correct as it depends on a runtime function %SymbolDescriptiveString that doesn't exist on v4.x. We can use %SymbolDescription instead. Ref: nodejs#7612 Ref: nodejs#9298 PR-URL: nodejs#10732 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This backport does not include the original changes to SLOW_DCHECK as it does not exist in the V8 in node v4.x Original commit message: Filter out stale left-trimmed handles BUG=chromium:620553 LOG=N R=jochen@chromium.org Review-Url: https://codereview.chromium.org/2078403002 Cr-Commit-Position: refs/heads/master@{nodejs#37108} PR-URL: nodejs#10668 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
This backport does not include the changes to `src/heap/scavenger.cc`
as it does not exist in the V8 included in the v4.x stream.
Original commit message:
Filter out stale left-trimmed handles for scavenges
The missing part from
https://codereview.chromium.org/2078403002/
R=jochen@chromium.org
BUG=chromium:621869
LOG=N
Review-Url: https://codereview.chromium.org/2077353004
Cr-Commit-Position: refs/heads/master@{nodejs#37184}
PR-URL: nodejs#10668
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
This commit does not include the changes to `src/heap/scavenger.cc`. These changes would revert the changes that should have come in 086bd5aede, meaning that there is no issue with that change missing in the previous commit. Original commit message: Iterate handles with special left-trim visitor BUG=chromium:620553 LOG=N R=hpayer@chromium.org Review-Url: https://codereview.chromium.org/2102243002 Cr-Commit-Position: refs/heads/master@{nodejs#37366} PR-URL: nodejs#10668 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
PR-URL: nodejs#10668 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Provide means to inspect information about the separate heap spaces via a callable API. This is helpful to analyze memory issues. Fixes: nodejs#2079 PR-URL: nodejs#4463 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds a shell option, to spawn() and spawnSync(). This option allows child processes to be spawned with or without a shell. The option also allows a custom shell to be defined, for compatibility with exec()'s shell option. Fixes: nodejs#1009 PR-URL: nodejs#4598 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
This uses libuv's mkdtemp function to provide a way to create a
temporary folder, using a prefix as the path. The prefix is appended
six random characters. The callback function will receive the name
of the folder that was created.
Usage example:
fs.mkdtemp('/tmp/foo-', function(err, folder) {
console.log(folder);
// Prints: /tmp/foo-Tedi42
});
The fs.mkdtempSync version is also provided. Usage example:
console.log(fs.mkdtemp('/tmp/foo-'));
// Prints: tmp/foo-Tedi42
This pull request also includes the relevant documentation changes
and tests.
PR-URL: nodejs#5333
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
PR-URL: nodejs#9587 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Anna Henningsen <anna@addaleax.net>
- Replace require() vars with const. - Replace assert.equal() with assert.strictEqual(). - Add common.mustCall() to the setTimeout() callback. PR-URL: nodejs#9995 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Asserts that an error should be thrown when an invalid signal is passed to process.kill(). PR-URL: nodejs#10026 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently, there are a number of popups that get displayed when running the tests asking to accept incoming network connections. Rules can be added manually to the socket firewall on Mac OS X but getting this right might not be obvious and quite a lot of time can be wasted trying to get the rules right. This script hopes to simplify things a little so that it can be re-run when needed. The script should be runnable from both the projects root directory and from the tools directory, for example: $ sudo ./tools/macosx-firewall.sh Fixes: nodejs#8911 PR-URL: nodejs#10114 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: nodejs#9864 Refs: nodejs#8683 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
* use common.mustCall() to confirm number of uncaught exceptions * var -> const * specify duration of 1ms for setTimeout() and setInterval() PR-URL: nodejs#10188 Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Backport to v4.x Original commit message: Add process.cpuUsage() method that returns the user and system CPU time usage of the current process PR-URL: nodejs#6157 Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> PR-URL: nodejs#10796 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
cherry-pick 802a2e7 from v6-staging. ALPN is added to tls according to RFC7301, which supersedes NPN. When the server receives both NPN and ALPN extensions from the client, ALPN takes precedence over NPN and the server does not send NPN extension to the client. alpnProtocol in TLSSocket always returns false when no selected protocol exists by ALPN. In https server, http/1.1 token is always set when no options.ALPNProtocols exists. PR-URL: nodejs#2564 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cherry-pick 7eee372 from v6-staging. This fix is to be consistent implementation with ALPN. Tow NPN protocol data in the persistent memebers move to hidden variables in the wrap object. PR-URL: nodejs#2564 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cherry-pick 65030c7 from v6-staging. openssl/openssl@af2db04 changed some ALPN behaviors. The tests when ALPN has no selection should be fixed because openssl was changed NPN callback to be invoked in this case. Fixes: nodejs#6458 PR-URL: nodejs#6550 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
change equal to strictEqual and var to const PR-URL: nodejs#9941 Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
* var -> const, let * assert.equal() -> assert.strictEqual() PR-URL: nodejs#9948 Reviewed-By: Teddy Katz <teddy.katz@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: James M Snell <jasnell@gmail.com>
The second argument to "assert.throws" is usually a validation RegExp or function for the thrown error. However, the function also accepts a string and in this case it is interpreted as a message for the AssertionError and not used for validation. It is common for people to forget this and pass a validation string by mistake. This new rule checks that we never pass a string literal as a second argument to "assert.throws". Additionally, there is an option to enforce the function to be called with at least two arguments. It is currently off because we have many tests that do not comply with this rule. PR-URL: nodejs#10089 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Teddy Katz <teddy.katz@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Extend the assert-throws-arguments custom ESLint rule to also check for the use of template literals as a second argument to assert.throws. PR-URL: nodejs#10301 Ref: nodejs#10282 (comment) Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Italo A. Casas <me@italoacasas.com>
The assert.throws() calls in test-event-emitter-max-listeners.js should include a constructor or RegExp as a second argument. PR-URL: nodejs#9987 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
- Updated assert.equal to assert.strictEqual - Updated 'var' to 'const' - Using template literals PR-URL: nodejs#10036 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Italo A. Casas <me@italoacasas.com>
Requiring a file from a directory that contains an invalid package.json file should throw an error. PR-URL: nodejs#10044 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
* assert.equal() -> assert.strictEqual() * replace template string with a string; no variable substitution or concatenation or anything like that PR-URL: nodejs#9803 Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
We have a tacit rule that for multiline statements, the operator should be placed before the linebreak. This commit commit fixes the few violations of this rule in the code base. This allows us to enable the corresponding ESLint rule. PR-URL: nodejs#10178 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Teddy Katz <teddy.katz@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Adds the `operator-linebreak` rule to our ESLint config. PR-URL: nodejs#10178 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Teddy Katz <teddy.katz@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
const and let instead var assert.strictEqual instead assert.equal PR-URL: nodejs#8668 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
@sam-github I'm seeing a failure here on v4.x using osx 10.10 |
Merged
|
Looking |
sam-github
force-pushed
the
extendable-ca-certs-v4
branch
from
67da738
to
c173bf0
Compare
In closed environments, self-signed or privately signed certificates are commonly used, and rejected by Node.js since their root CAs are not well-known. Allow extending the set of well-known compiled-in CAs via environment, so they can be set as a matter of policy. PR-URL: nodejs#9139 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
|
There was no |
sam-github
force-pushed
the
extendable-ca-certs-v4
branch
from
c173bf0
to
0b2d0eb
Compare
sam-github
commented
Jan 24, 2017
| root_cert_store, | ||
| extra_root_certs_file.c_str()); | ||
| if (err) { | ||
| fprintf(stderr, |
There was a problem hiding this comment.
@nodejs/lts @nodejs/crypto there is no process.emitWarning() in 4.x (why?) so I think the options are print to stderr (recall this should be quite unusual, and its so that you know your ENV var is not being respected, and why), or to silently ignore.
Opinions? I'm OK with either. stderr is more informative, but then, writing to stderr is to be shunned. Not to sure what to do here.
|
@jasnell would it be possible to backport process.emitWarning?
…On Tue, Jan 24, 2017, 1:28 PM Sam Roberts ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In src/node_crypto.cc
<#9771 (review)>:
> @@ -782,6 +816,18 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
BIO_free_all(bp);
X509_free(x509);
}
+
+ if (!extra_root_certs_file.empty()) {
+ unsigned long err = AddCertsFromFile( // NOLINT(runtime/int)
+ root_cert_store,
+ extra_root_certs_file.c_str());
+ if (err) {
+ fprintf(stderr,
@nodejs/lts <https://github.com/orgs/nodejs/teams/lts> @nodejs/crypto
<https://github.com/orgs/nodejs/teams/crypto> there is no
process.emitWarning() in 4.x (why?) so I think the options are print to
stderr (recall this should be quite unusual, and its so that you know your
ENV var is not being respected, and why), or to silently ignore.
Opinions? I'm OK with either. stderr is more informative, but then,
writing to stderr is to be shunned. Not to sure what to do here.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#9771 (review)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAecV5_I2C0C-FokjRggiSkKbdIHuWEeks5rVmz5gaJpZM4K61Jx>
.
|
|
Yeah that's possible. I'll work on that over the next week |
|
/cc @nodejs/lts does anyone have a concern with landing
process.emitWarning? I think this will be a good backport to include
…On Tue, Jan 24, 2017, 1:40 PM James M Snell ***@***.***> wrote:
Yeah that's possible. I'll work on that over the next week
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#9771 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAecV0RmDcp_xuUtsJE0jNwWB-fItu7dks5rVm_jgaJpZM4K61Jx>
.
|
|
OK, I'll rework this again once emitWarning is available. Or you can land now, and once emitWarning is available, I can PR a small change to remove the stderr? Or anything else you suggest. |
|
Thought that I would be able to get to porting emitWarning back to v4 this week, didn't have the time afterall. Have it in my short list of must do items for next week |
|
@nodejs/crypto @jasnell @MylesBorins We don't need to backport emit warning to land this, I can do either what this PR does now ( |
MylesBorins
force-pushed
the
v4.x-staging
branch
from
f5c57c7
to
735119c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #9139 to v4 to resolve conflicts.
Checklist
make -j8 test(UNIX), orvcbuild test nosign(Windows) passesAffected core subsystem(s)
tls,https