Merge remote-tracking branch 'ry/v0.6' into v0.6-merge

Conflicts: ChangeLog deps/uv/include/uv-private/uv-unix.h deps/uv/src/unix/core.c deps/uv/src/unix/sunos.c deps/v8/src/runtime.cc doc/api/crypto.markdown lib/http.js src/node_version.h test/gc/test-http-client-timeout.js wscript
author: isaacs <i@izs.me> 2012-05-15 11:37:34 -0700
committer: isaacs <i@izs.me> 2012-05-15 11:37:34 -0700
commit: 5164ae38380dadce74e8f64d7bd3eaa1935dd101 (patch)
tree: fa29fd7bcac679e69b1e9d7eff299aa38f9288a7 /src
parent: 01103d077bce626a332be998813382d15bed3501 (diff)
parent: f19f980724fa07347a0d0a9d92e48b267555da5d (diff)
download: node-new-5164ae38380dadce74e8f64d7bd3eaa1935dd101.tar.gz
4 files changed, 87 insertions, 2 deletions
diff --git a/src/node.js b/src/node.js
index 5f2dd87bda..ef0301267f 100644
--- a/src/node.js
+++ b/src/node.js
@@ -480,6 +480,10 @@
     // start parsing data from that stream.
     if (process.env.NODE_CHANNEL_FD) {
       assert(parseInt(process.env.NODE_CHANNEL_FD) >= 0);
+
+      // Make sure it's not accidentally inherited by child processes.
+      delete process.env.NODE_CHANNEL_FD;
+
       var cp = NativeModule.require('child_process');
 
       // Load tcp_wrap to avoid situation where we might immediately receive
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 134e58800e..14269d5507 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -43,6 +43,7 @@
 # include <pthread.h>
 #endif
 
+
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 # define OPENSSL_CONST const
 #else
@@ -150,6 +151,7 @@ void SecureContext::Initialize(Handle<Object> target) {
   NODE_SET_PROTOTYPE_METHOD(t, "setSessionIdContext",
                                SecureContext::SetSessionIdContext);
   NODE_SET_PROTOTYPE_METHOD(t, "close", SecureContext::Close);
+  NODE_SET_PROTOTYPE_METHOD(t, "loadPKCS12", SecureContext::LoadPKCS12);
 
   target->Set(String::NewSymbol("SecureContext"), t->GetFunction());
 }
@@ -576,6 +578,83 @@ Handle<Value> SecureContext::Close(const Arguments& args) {
   return False();
 }
 
+//Takes .pfx or .p12 and password in string or buffer format
+Handle<Value> SecureContext::LoadPKCS12(const Arguments& args) {
+  HandleScope scope;
+
+  BIO* in = NULL;
+  PKCS12* p12 = NULL;
+  EVP_PKEY* pkey = NULL;
+  X509* cert = NULL;
+  STACK_OF(X509)* extraCerts = NULL;
+  char* pass = NULL;
+  bool ret = false;
+
+  SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder());
+
+  if (args.Length() < 1) {
+    return ThrowException(Exception::TypeError(
+          String::New("Bad parameter")));
+  }
+
+  in = LoadBIO(args[0]);
+  if (in == NULL) {
+    return ThrowException(Exception::Error(
+          String::New("Unable to load BIO")));
+  }
+
+  if (args.Length() >= 2) {
+    ASSERT_IS_STRING_OR_BUFFER(args[1]);
+
+    int passlen = DecodeBytes(args[1], BINARY);
+    if (passlen < 0) {
+      BIO_free(in);
+      return ThrowException(Exception::TypeError(
+            String::New("Bad password")));
+    }
+    pass = new char[passlen + 1];
+    int pass_written = DecodeWrite(pass, passlen, args[1], BINARY);
+
+    assert(pass_written == passlen);
+    pass[passlen] = '\0';
+  }
+
+  if (d2i_PKCS12_bio(in, &p12) &&
+      PKCS12_parse(p12, pass, &pkey, &cert, &extraCerts) &&
+      SSL_CTX_use_certificate(sc->ctx_, cert) &&
+      SSL_CTX_use_PrivateKey(sc->ctx_, pkey))
+  {
+    // set extra certs
+    while (X509* x509 = sk_X509_pop(extraCerts)) {
+      if (!sc->ca_store_) {
+        sc->ca_store_ = X509_STORE_new();
+        SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
+      }
+
+      X509_STORE_add_cert(sc->ca_store_, x509);
+      SSL_CTX_add_client_CA(sc->ctx_, x509);
+    }
+
+    EVP_PKEY_free(pkey);
+    X509_free(cert);
+    sk_X509_free(extraCerts);
+
+    ret = true;
+  }
+
+  PKCS12_free(p12);
+  BIO_free(in);
+  delete[] pass;
+
+  if (!ret) {
+    unsigned long err = ERR_get_error();
+    const char *str = ERR_reason_error_string(err);
+    return ThrowException(Exception::Error(String::New(str)));
+  }
+
+  return True();
+}
+
 
 #ifdef SSL_PRINT_DEBUG
 # define DEBUG_PRINT(...) fprintf (stderr, __VA_ARGS__)
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 9fcddf0133..1ee23c8a74 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -35,6 +35,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
+#include <openssl/pkcs12.h>
 
 #ifdef OPENSSL_NPN_NEGOTIATED
 #include "node_buffer.h"
@@ -68,6 +69,7 @@ class SecureContext : ObjectWrap {
   static v8::Handle<v8::Value> SetOptions(const v8::Arguments& args);
   static v8::Handle<v8::Value> SetSessionIdContext(const v8::Arguments& args);
   static v8::Handle<v8::Value> Close(const v8::Arguments& args);
+  static v8::Handle<v8::Value> LoadPKCS12(const v8::Arguments& args);
 
   SecureContext() : ObjectWrap() {
     ctx_ = NULL;
diff --git a/src/pipe_wrap.cc b/src/pipe_wrap.cc
index 023a009196..f984d3bb3f 100644
--- a/src/pipe_wrap.cc
+++ b/src/pipe_wrap.cc
@@ -205,8 +205,8 @@ void PipeWrap::OnConnection(uv_stream_t* handle, int status) {
   assert(wrap->object_.IsEmpty() == false);
 
   if (status != 0) {
-    // TODO Handle server error (set errno and call onconnection with NULL)
-    assert(0);
+    SetErrno(uv_last_error(uv_default_loop()));
+    MakeCallback(wrap->object_, "onconnection", 0, NULL);
     return;
   }
author	isaacs <i@izs.me>	2012-05-15 11:37:34 -0700
committer	isaacs <i@izs.me>	2012-05-15 11:37:34 -0700
commit	5164ae38380dadce74e8f64d7bd3eaa1935dd101 (patch)
tree	fa29fd7bcac679e69b1e9d7eff299aa38f9288a7 /src
parent	01103d077bce626a332be998813382d15bed3501 (diff)
parent	f19f980724fa07347a0d0a9d92e48b267555da5d (diff)
download	node-new-5164ae38380dadce74e8f64d7bd3eaa1935dd101.tar.gz