From 3883f22ad18998e24246358e0d87e68bd9d2b2b0 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Wed, 9 May 2012 23:11:14 +0200 Subject: pipe_wrap: don't assert() on pipe accept errors Pass errors to the onconnection callback. --- src/pipe_wrap.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/pipe_wrap.cc b/src/pipe_wrap.cc index c99fe47397..b062b40f4f 100644 --- a/src/pipe_wrap.cc +++ b/src/pipe_wrap.cc @@ -191,8 +191,8 @@ void PipeWrap::OnConnection(uv_stream_t* handle, int status) { assert(wrap->object_.IsEmpty() == false); if (status != 0) { - // TODO Handle server error (set errno and call onconnection with NULL) - assert(0); + SetErrno(uv_last_error(uv_default_loop())); + MakeCallback(wrap->object_, "onconnection", 0, NULL); return; } -- cgit v1.2.1 From bd907174e8082afd6dd8553940aac09cae3dcfb7 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Mon, 14 May 2012 07:14:18 +0200 Subject: node: delete NODE_CHANNEL_FD from env Prevents accidental inheritance by child processes. If the child process is a node process, it would try to set up a channel with the parent and consequently never quit because the channel kept the event loop alive. Fixes #3240. --- src/node.js | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/node.js b/src/node.js index 9179d8146d..6b46394f57 100644 --- a/src/node.js +++ b/src/node.js @@ -415,6 +415,10 @@ // start parsing data from that stream. if (process.env.NODE_CHANNEL_FD) { assert(parseInt(process.env.NODE_CHANNEL_FD) >= 0); + + // Make sure it's not accidentally inherited by child processes. + delete process.env.NODE_CHANNEL_FD; + var cp = NativeModule.require('child_process'); // Load tcp_wrap to avoid situation where we might immediately receive -- cgit v1.2.1 From fb7348ae060bf9dd4b0521ac2533fc1d66c44d8b Mon Sep 17 00:00:00 2001 From: ssuda Date: Mon, 14 May 2012 01:08:23 +0530 Subject: crypto: add PKCS12/PFX support Fixes #2845. --- src/node_crypto.cc | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/node_crypto.h | 2 ++ 2 files changed, 81 insertions(+) (limited to 'src') diff --git a/src/node_crypto.cc b/src/node_crypto.cc index bf95d79701..b2858f5088 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -43,6 +43,7 @@ # include #endif + #if OPENSSL_VERSION_NUMBER >= 0x10000000L # define OPENSSL_CONST const #else @@ -169,6 +170,7 @@ void SecureContext::Initialize(Handle target) { NODE_SET_PROTOTYPE_METHOD(t, "setSessionIdContext", SecureContext::SetSessionIdContext); NODE_SET_PROTOTYPE_METHOD(t, "close", SecureContext::Close); + NODE_SET_PROTOTYPE_METHOD(t, "loadPKCS12", SecureContext::LoadPKCS12); target->Set(String::NewSymbol("SecureContext"), t->GetFunction()); } @@ -595,6 +597,83 @@ Handle SecureContext::Close(const Arguments& args) { return False(); } +//Takes .pfx or .p12 and password in string or buffer format +Handle SecureContext::LoadPKCS12(const Arguments& args) { + HandleScope scope; + + BIO* in = NULL; + PKCS12* p12 = NULL; + EVP_PKEY* pkey = NULL; + X509* cert = NULL; + STACK_OF(X509)* extraCerts = NULL; + char* pass = NULL; + bool ret = false; + + SecureContext *sc = ObjectWrap::Unwrap(args.Holder()); + + if (args.Length() < 1) { + return ThrowException(Exception::TypeError( + String::New("Bad parameter"))); + } + + in = LoadBIO(args[0]); + if (in == NULL) { + return ThrowException(Exception::Error( + String::New("Unable to load BIO"))); + } + + if (args.Length() >= 2) { + ASSERT_IS_STRING_OR_BUFFER(args[1]); + + int passlen = DecodeBytes(args[1], BINARY); + if (passlen < 0) { + BIO_free(in); + return ThrowException(Exception::TypeError( + String::New("Bad password"))); + } + pass = new char[passlen + 1]; + int pass_written = DecodeWrite(pass, passlen, args[1], BINARY); + + assert(pass_written == passlen); + pass[passlen] = '\0'; + } + + if (d2i_PKCS12_bio(in, &p12) && + PKCS12_parse(p12, pass, &pkey, &cert, &extraCerts) && + SSL_CTX_use_certificate(sc->ctx_, cert) && + SSL_CTX_use_PrivateKey(sc->ctx_, pkey)) + { + // set extra certs + while (X509* x509 = sk_X509_pop(extraCerts)) { + if (!sc->ca_store_) { + sc->ca_store_ = X509_STORE_new(); + SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); + } + + X509_STORE_add_cert(sc->ca_store_, x509); + SSL_CTX_add_client_CA(sc->ctx_, x509); + } + + EVP_PKEY_free(pkey); + X509_free(cert); + sk_X509_free(extraCerts); + + ret = true; + } + + PKCS12_free(p12); + BIO_free(in); + delete[] pass; + + if (!ret) { + unsigned long err = ERR_get_error(); + const char *str = ERR_reason_error_string(err); + return ThrowException(Exception::Error(String::New(str))); + } + + return True(); +} + #ifdef SSL_PRINT_DEBUG # define DEBUG_PRINT(...) fprintf (stderr, __VA_ARGS__) diff --git a/src/node_crypto.h b/src/node_crypto.h index 87a5340147..6fa3de1df2 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -35,6 +35,7 @@ #include #include #include +#include #ifdef OPENSSL_NPN_NEGOTIATED #include @@ -68,6 +69,7 @@ class SecureContext : ObjectWrap { static v8::Handle SetOptions(const v8::Arguments& args); static v8::Handle SetSessionIdContext(const v8::Arguments& args); static v8::Handle Close(const v8::Arguments& args); + static v8::Handle LoadPKCS12(const v8::Arguments& args); SecureContext() : ObjectWrap() { ctx_ = NULL; -- cgit v1.2.1 From 4bc1d395de6abed2cf1e4d0b7b3a1480a21c368f Mon Sep 17 00:00:00 2001 From: isaacs Date: Mon, 14 May 2012 16:12:15 -0700 Subject: 2012.05.15 Version 0.6.18 (stable) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * windows: skip GetFileAttributes call when opening a file (Bert Belder) * crypto: add PKCS12/PFX support (Sambasiva Suda) * #3240: child_process: delete NODE_CHANNEL_FD from env in spawn (Ben Noordhuis) * windows: add test for path.normalize with UNC paths (Bert Belder) * windows: make path.normalize convert all slashes to backslashes (Bert Belder) * fs: Automatically close FSWatcher on error (Bert Belder) * #3258: fs.ReadStream.pause() emits duplicate data event (koichik) * pipe_wrap: don't assert() on pipe accept errors (Ben Noordhuis) * Better exception output for module load and process.nextTick (Felix Geisendörfer) * zlib: fix error reporting (Ben Noordhuis) * http: Don't destroy on timeout (isaacs) * #3231: http: Don't try to emit error on a null'ed req object (isaacs) * #3236: http: Refactor ClientRequest.onSocket (isaacs) --- src/node_version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/node_version.h b/src/node_version.h index 84b1e0e658..1603177023 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_MAJOR_VERSION 0 #define NODE_MINOR_VERSION 6 #define NODE_PATCH_VERSION 18 -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) -- cgit v1.2.1 From f19f980724fa07347a0d0a9d92e48b267555da5d Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 15 May 2012 10:21:57 -0700 Subject: Now working on 0.6.19 --- src/node_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/node_version.h b/src/node_version.h index 1603177023..fd560b6d90 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -28,8 +28,8 @@ #define NODE_MAJOR_VERSION 0 #define NODE_MINOR_VERSION 6 -#define NODE_PATCH_VERSION 18 -#define NODE_VERSION_IS_RELEASE 1 +#define NODE_PATCH_VERSION 19 +#define NODE_VERSION_IS_RELEASE 0 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) -- cgit v1.2.1