Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: load NODE_EXTRA_CA_CERTS at startup #23354

Merged
merged 1 commit into from
Oct 20, 2018
Merged

Conversation

oyyd
Copy link
Contributor

@oyyd oyyd commented Oct 9, 2018

NODE_EXTRA_CA_CERTS is not intended to be used to set the paths of extra certificates and this approach to setting is not reliable. This commit makes node load extra certificates at startup rather than on first use.

Fixes: #20434
Refs: #20432

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. tls Issues and PRs related to the tls subsystem. labels Oct 9, 2018
Copy link
Contributor

@sam-github sam-github left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes the env var behave as intended and described. One suggested change.

doc/api/cli.md Outdated
@@ -525,6 +525,10 @@ malformed, but any errors are otherwise ignored.
Note that neither the well known nor extra certificates are used when the `ca`
options property is explicitly specified for a TLS or HTTPS client or server.

`NODE_EXTRA_CA_CERTS` is not intended to be used to set the paths of extra
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find the text confusing here, I'm not sure what is meant by "setting paths". Rather than rewriting though, I suggest removing the entire doc change, both sentences. Its unnecessary, env variables are intended to be set outside node, not by node to configure itself at runtime.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. My explanation here makes the doc even confusing.

@oyyd
Copy link
Contributor Author

oyyd commented Oct 10, 2018

@sam-github @bnoordhuis PTAL

@@ -23,6 +25,15 @@ function parseCertString(s) {
return out;
}

function setupRootCertsFile() {
if (process.env.NODE_EXTRA_CA_CERTS) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One suggestion: I think this can be called unconditionally. certLoadExtraRootCertsFile is a null op if extra_root_certs_file hasn't been set, and it is only set if this env var is present, so this is a non-obvious optimization. I think its a bit fragile, if a CLI flag was introduced to set the extra_root_certs_file, for example, then this code would not execute, and the bug you are fixing would resurface for that use case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another potential footgun: the C++ code does suid root checks (calls SafeGetenv("NODE_EXTRA_CA_CERTS")); process.env does not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have removed the conditional statement as @sam-github suggested. After the removing, we don't use process.env.NODE_EXTRA_CA_CERTS in js land which avoids the potential footgun @bnoordhuis described.

@@ -231,6 +231,8 @@

setupAllowedFlags();

NativeModule.require('internal/tls').setupRootCertsFile();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This breaks ./configure --without-ssl builds. Not the require statement itself but the internalBinding('crypto') statement in the included file, it'll throw an exception.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would making this conditional on Boolean(process.versions.openssl) as test/common/util.js does for hasCrypto be OK, or is there a better way?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have placed this line in if (process.versions.openssl) {.

... or is there a better way?

I think it's ok as lib/internal/util also uses process.versions.openssl to assert crypto:

const noCrypto = !process.versions.openssl;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And a new test has been added to ensure that it won't throw without ssl.

src/node_crypto.cc Outdated Show resolved Hide resolved
@@ -23,6 +25,15 @@ function parseCertString(s) {
return out;
}

function setupRootCertsFile() {
if (process.env.NODE_EXTRA_CA_CERTS) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another potential footgun: the C++ code does suid root checks (calls SafeGetenv("NODE_EXTRA_CA_CERTS")); process.env does not.

Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a semver-major change? It seems like it could be?

@@ -231,6 +231,10 @@

setupAllowedFlags();

if (process.versions.openssl) {
NativeModule.require('internal/tls').setupRootCertsFile();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could just access the binding directly here if you like

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assumed there are codes other than just calling functions from binding before.

Accessing the binding directly is better as it could indicate why if (process.versions.openssl) is necessary to other contributors.

const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
const { certIsRootCertStoreEmpty } = require('internal/tls');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto about accessing the binding directly (again, only if you like)

@oyyd
Copy link
Contributor Author

oyyd commented Oct 11, 2018

@addaleax Yes. This might break something.

@@ -24,5 +24,5 @@ function parseCertString(s) {
}

module.exports = {
parseCertString
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the comma is introduced?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's unintentionally introduced(my personal code style :-)). I'm going to restore this line.

ClearErrorOnReturn clear_error_on_return;
Environment* env = Environment::GetCurrent(args);

if (!root_cert_store && !extra_root_certs_file.empty()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this condition be split into two, like in the current code? If root_cert_store is already created and extra_root_certs_file is not empty, we should still add them, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If root_cert_store is already created and extra_root_certs_file is not empty, we should still add them, right?

No, it seems the original codes won't set root_cert_store again if it's available. Please remind me if I mistake something.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are correct. I misread the code. But I still have one question. As per old code if the root_cert_store is not there yet, a new instance of NewRootCertStore is created and assigned to it. Shouldn't the new code also do the same?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per old code if the root_cert_store is not there yet, a new instance of NewRootCertStore is created and assigned to it.

Yes. One of the reasons is that I use root_cert_store to indicate whether the certs have been loaded in the flowing test.

But I think you are right. I'm going to modify the code and make the new code do the same.

@oyyd
Copy link
Contributor Author

oyyd commented Oct 11, 2018

@thefourtheye PTAL

@addaleax addaleax added the semver-major PRs that contain breaking changes and should be released in the next major version. label Oct 11, 2018
Copy link
Contributor

@thefourtheye thefourtheye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: The newly exposed functions' names sound a little wordy.

const { fork } = require('child_process');

// This test ensures that trying to load extra certs won't throw when
// there is no crypto.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Maybe we can just run this test only when crypto is not there, just to emphasize?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that we don't run tests with --without-ssl build. I would like and change the comment a bit and keep the test.

@oyyd oyyd force-pushed the tls-cert branch 2 times, most recently from 17923f2 to 924e117 Compare October 15, 2018 03:13
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments but mostly LGTM.

ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());

static void IsExtraRootCertsFileLoaded(
const FunctionCallbackInfo<Value>& args) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style nit: 4 space indent (line continuation.)

ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
ClearErrorOnReturn clear_error_on_return;

if (!root_cert_store) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style: root_cert_store == nullptr

(I know older code says !root_cert_store but new code shouldn't.)

@@ -5672,6 +5693,11 @@ void Initialize(Local<Object> target,
env->SetMethodNoSideEffect(target, "certVerifySpkac", VerifySpkac);
env->SetMethodNoSideEffect(target, "certExportPublicKey", ExportPublicKey);
env->SetMethodNoSideEffect(target, "certExportChallenge", ExportChallenge);
env->SetMethodNoSideEffect(target, "certLoadExtraRootCertsFile",
LoadExtraRootCertsFile);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style: can you line up the arguments?

LoadExtraRootCertsFile);
// Exposed for testing purposes only.
env->SetMethodNoSideEffect(target, "certIsExtraRootCertsFileLoaded",
IsExtraRootCertsFileLoaded);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certIsExtra... name is kind of misleading; the other cert... methods are for SPKAC.

@@ -0,0 +1,25 @@
'use strict';
// Flags: --expose-internals
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--expose-internals isn't necessary, is it?

const { fork } = require('child_process');

// This test ensures that trying to load extra certs won't throw even
// though there is no crypto support.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe clarify that this test is written for ./configure --without-ssl builds. (That's right, isn't it?

@oyyd oyyd force-pushed the tls-cert branch 2 times, most recently from 4a8bfbe to bcef787 Compare October 17, 2018 05:41
@oyyd
Copy link
Contributor Author

oyyd commented Oct 17, 2018

@bnoordhuis Thanks for your comments. PTAL.

@@ -231,6 +231,10 @@

setupAllowedFlags();

if (process.versions.openssl) {
internalBinding('crypto').loadExtraRootCertsFile();
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this possibly be injected via bootstrapper.cc instead? Especially since it's only used here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now, it's removed to UseExtraCaCerts.

Copy link
Contributor

@refack refack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some questions, and requests.

@@ -118,6 +118,8 @@ static std::string extra_root_certs_file; // NOLINT(runtime/string)

static X509_STORE* root_cert_store;

static bool extra_root_certs_file_loaded = false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid globals. If this is per environment, it should be a member property of node::Environment. If it's actually a per-process global, IMHO it should be grouped into a struct with root_cert_store and extra_root_certs_file

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grouping root_cert_store will make the code a bit messy. And as the extra_root_certs_file has been removed, I guess it's okay now.

const assert = require('assert');
const { fork } = require('child_process');

// This test ensures that trying to load extra certs won't throw when
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since there is no test IMHO the description should be:

... won't throw even when there is no... Hence we don't test `common.hasCrypto`
                ^^^^

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I guess I made this test too confusing.

return;
}

if (process.env.CHILD_USE_EXTRA_CA_CERTS === 'no') {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO this will be more readable is it was:

if {
} else if {
} else if {
} else {
  assert.fail("Bad child process invocation")
}

Having a if (process.argv[2] !== 'child') guard remove the need to do return in each clause

// This test ensures that trying to load extra certs won't throw when
// there is no crypto support, i.e., built with "./configure --without-ssl".
{
if (process.env.CHILD === 'yes') {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be outside of the scope that start in L9

src/node_crypto.cc Show resolved Hide resolved
return;
}

if (process.env.CHILD_NO_EXTRA_CA_CERTS) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the difference between this and the one before?
IF they can be merged, please do, else please add a comment.

}


static void LoadExtraRootCertsFile(const FunctionCallbackInfo<Value>& args) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a requirement to call this from JS? If not this should be called during Environment::Start, or even in

node/src/node.cc

Lines 2972 to 2975 in cf3f8dd

std::string extra_ca_certs;
if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
crypto::UseExtraCaCerts(extra_ca_certs);
}

https://github.com/nodejs/node/blob/bcef787dce0a380e3ce66936e72c49176de67838/src/node_crypto.cc#L835-L837

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Loading extra ca certs will emit a warning when the certs files are not valid:

ProcessEmitWarning(sc->env(),

And as the Environment and the js runtime(this name maybe not correct) is not setup yet while calling UseExtraCaCerts, we can't move the calling here.

I would like to move LoadExtraRootCertsFile() to bootstrapper.cc as @jasnell suggested, how do you think about it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since IIUC this is sort of a command line error, we do have precident of printing the error directly:

node/src/node.cc

Lines 2434 to 2444 in cf3f8dd

if (!errors.empty()) {
for (auto const& error : errors) {
fprintf(stderr, "%s: %s\n", args->at(0).c_str(), error.c_str());
}
exit(9);
}
if (per_process_opts->print_version) {
printf("%s\n", NODE_VERSION);
exit(0);
}

node/src/node.cc

Lines 354 to 359 in cf3f8dd

void StartTracingAgent() {
if (!trace_enabled_categories.empty()) {
fprintf(stderr, "Node compiled with NODE_USE_V8_PLATFORM=0, "
"so event tracing is not available.\n");
}
}

node/src/node.cc

Lines 382 to 415 in cf3f8dd

void PrintErrorString(const char* format, ...) {
va_list ap;
va_start(ap, format);
#ifdef _WIN32
HANDLE stderr_handle = GetStdHandle(STD_ERROR_HANDLE);
// Check if stderr is something other than a tty/console
if (stderr_handle == INVALID_HANDLE_VALUE ||
stderr_handle == nullptr ||
uv_guess_handle(_fileno(stderr)) != UV_TTY) {
vfprintf(stderr, format, ap);
va_end(ap);
return;
}
// Fill in any placeholders
int n = _vscprintf(format, ap);
std::vector<char> out(n + 1);
vsprintf(out.data(), format, ap);
// Get required wide buffer size
n = MultiByteToWideChar(CP_UTF8, 0, out.data(), -1, nullptr, 0);
std::vector<wchar_t> wbuf(n);
MultiByteToWideChar(CP_UTF8, 0, out.data(), -1, wbuf.data(), n);
// Don't include the null character in the output
CHECK_GT(n, 0);
WriteConsoleW(stderr_handle, wbuf.data(), n - 1, nullptr, nullptr);
#else
vfprintf(stderr, format, ap);
#endif
va_end(ap);
}


Alternatively if you add this to Environment::Start, you could use this to setup the warning:
for example after:

node/src/env.cc

Line 278 in cf3f8dd

SetupProcessObject(this, args, exec_args);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we do have precident of printing the error directly

Then I think moving the calling into the function body of UseExtraCaCerts is better. Let me take a try on my mac(as I remember there is a test to check the warning message.).

@refack
Copy link
Contributor

refack commented Oct 17, 2018

Hello @oyyd, thank you for this fix.
I left some questions, and points that might need changes. I don't have the full context of the review up till now, so if I'm suggesting something that negates a previous comment, sorry.

@oyyd
Copy link
Contributor Author

oyyd commented Oct 18, 2018

Hi @refack, feel free to leave more comments :-). I'm going to check them later.

"Ignoring extra certs from `%s`, "
"load failed: %s\n",
extra_root_certs_file.c_str(),
ERR_error_string(err, nullptr));
} else {
extra_root_certs_file_loaded = true;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we replace this new global boolean with following logic:

  if (!extra_root_certs_file.empty()) {
    ...
    if (err) {
      ...
      extra_root_certs_file = nullptr;
    }
  }
...
  static void IsExtraRootCertsFileLoaded(const FunctionCallbackInfo<Value>& args) {
    return args.GetReturnValue().Set(extra_root_certs_file != nullptr);
  }

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The compiler complained about the extra_root_certs_file != nullptr. (Otherwise, I think it should be a better choice.)

@oyyd
Copy link
Contributor Author

oyyd commented Oct 19, 2018

@refack Thanks. Please take another look.

@richardlau
Copy link
Member

The new test needs to extend env rather than replace it for the child processes otherwise it is clearing LD_LIBRARY_PATH which is why the shared libraries are failing to load.

@refack
Copy link
Contributor

refack commented Oct 20, 2018

The new test needs to extend env rather than replace it for the child processes otherwise it is clearing LD_LIBRARY_PATH which is why the shared libraries are failing to load.

Ohh, that's a common pitfall.

fork(
__filename,
['child'],
{ env: { NODE_EXTRA_CA_CERTS } },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{ env: { NODE_EXTRA_CA_CERTS } },
{env: Object.assign({}, process.env, { NODE_EXTRA_CA_CERTS })},

@refack
Copy link
Contributor

refack commented Oct 20, 2018

@oyyd
Copy link
Contributor Author

oyyd commented Oct 20, 2018

The failed travis ci test is unrelated. Now it's ready.

This commit makes node load extra certificates at startup instead
of first use.

PR-URL: nodejs#23354
Fixes: nodejs#20434
Refs: nodejs#20432
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
@refack refack merged commit 87719d7 into nodejs:master Oct 20, 2018
@BethGriggs BethGriggs mentioned this pull request Mar 26, 2019
BethGriggs added a commit that referenced this pull request Apr 22, 2019
Notable changes:

* assert:
  * improve performance to instantiate errors (Ruben Bridgewater)
    [#26738](#26738)
  * validate required arguments (Ruben Bridgewater)
    [#26641](#26641)
  * adjust loose assertions (Ruben Bridgewater)
    [#25008](#25008)
* async_hooks:
  * remove deprecated emitBefore and emitAfter (Matteo Collina)
    [#26530](#26530)
  * remove promise object from resource (Andreas Madsen)
    [#23443](#23443)
* bootstrap
  * make Buffer and process non-enumerable (Ruben Bridgewater)
    [#24874](#24874)
* buffer:
  * use stricter range checks (Ruben Bridgewater)
    [#27045](#27045)
  * harden SlowBuffer creation (ZYSzys)
    [#26272](#26272)
  * harden validation of buffer allocation size (ZYSzys)
    [#26162](#26162)
  * do proper error propagation in addon methods (Anna Henningsen)
    [#23939](#23939)
* child_process:
  * change the defaults maxBuffer size (kohta ito)
    [#27179](#27179)
  * harden fork arguments validation (ZYSzys)
    [#27039](#27039)
  * use non-infinite maxBuffer defaults (kohta ito)
    [#23027](#23027)
* console:
  * don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky)
    [#26261](#26261)
* crypto:
  * remove legacy native handles (Tobias Nießen)
    [#27011](#27011)
  * decode missing passphrase errors (Tobias Nießen)
    [#25208](#25208)
  * move DEP0113 to End-of-Life (Tobias Nießen)
    [#26249](#26249)
  * remove deprecated crypto.\_toBuf (Tobias Nießen)
    [#25338](#25338)
  * set `DEFAULT\_ENCODING` property to non-enumerable
    (Antoine du Hamel)
    [#23222](#23222)
* deps:
  * silence irrelevant V8 warning (Michaël Zasso)
    [#26685](#26685)
  * update postmortem metadata generation script (cjihrig)
    [#26685](#26685)
  * V8: un-cherry-pick bd019bd (Refael Ackermann)
    [#26685](#26685)
  * V8: cherry-pick 6 commits (Michaël Zasso)
    [#26685](#26685)
  * V8: cherry-pick d82c9af (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick e5f01ba (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick d5f08e4 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 6b09d21 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick f0bb5d2 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 5b0510d (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 91f0cd0 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 392316d (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 2f79d68 (Anna Henningsen)
    [#26685](#26685)
  * sync V8 gypfiles with 7.4 (Ujjwal Sharma)
    [#26685](#26685)
  * update V8 to 7.4.288.13 (Ujjwal Sharma)
    [#26685](#26685)
  * bump minimum icu version to 63 (Ujjwal Sharma)
    [#25852](#25852)
  * silence irrelevant V8 warnings (Michaël Zasso)
    [#25852](#25852)
  * V8: cherry-pick 7803fa6 (Jon Kunkee)
    [#25852](#25852)
  * V8: cherry-pick 58cefed (Jon Kunkee)
    [#25852](#25852)
  * V8: cherry-pick d3308d0 (Michaël Zasso)
    [#25852](#25852)
  * V8: cherry-pick 74571c8 (Michaël Zasso)
    [#25852](#25852)
  * cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen)
    [#25852](#25852)
  * sync V8 gypfiles with 7.3 (Ujjwal Sharma)
    [#25852](#25852)
  * sync V8 gypfiles with 7.2 (Michaël Zasso)
    [#25852](#25852)
  * update V8 to 7.3.492.25 (Michaël Zasso)
    [#25852](#25852)
  * add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu)
    [#19794](#19794)
  * sync V8 gypfiles with 7.1 (Refael Ackermann)
    [#23423](#23423)
  * update V8 to 7.1.302.28 (Michaël Zasso)
    [#23423](#23423)
* doc:
  * update behaviour of fs.writeFile
    (Sakthipriyan Vairamani (thefourtheye))
    [#25080](#25080)
  * add internal functionality details of util.inherits
    (Ruben Bridgewater)
    [#24755](#24755)
* errors:
  * update error name (Ruben Bridgewater)
    [#26738](#26738)
* fs:
  * use proper .destroy() implementation for SyncWriteStream
    (Matteo Collina)
    [#26690](#26690)
  * improve mode validation (Ruben Bridgewater)
    [#26575](#26575)
  * harden validation of start option in createWriteStream (ZYSzys)
    [#25579](#25579)
  * make writeFile consistent with readFile wrt fd
    (Sakthipriyan Vairamani (thefourtheye))
    [#23709](#23709)
* http:
  * validate timeout in ClientRequest() (cjihrig)
    [#26214](#26214)
  * return HTTP 431 on HPE\_HEADER\_OVERFLOW error (Albert Still)
    [#25605](#25605)
  * switch default parser to llhttp (Anna Henningsen)
    [#24870](#24870)
  * change DEP0066 to a runtime deprecation (Morgan Roderick)
    [#24167](#24167)
  * else case is not reachable (szabolcsit)
    [#24176](#24176)
* lib:
  * move DEP0021 to end of life (cjihrig)
    [#27127](#27127)
  * remove Atomics.wake (Gus Caplan)
    [#27033](#27033)
  * validate Error.captureStackTrace() calls (Ruben Bridgewater)
    [#26738](#26738)
  * refactor Error.captureStackTrace() usage (Ruben Bridgewater)
    [#26738](#26738)
  * move DTRACE\_\* probes out of global scope (James M Snell)
    [#26541](#26541)
  * deprecate \_stream\_wrap (Sam Roberts)  [#26245]
  (#26245)
  * don't use `util.inspect()` internals (Ruben Bridgewater)
    [#24971](#24971)
  * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
    [#25690](#25690)
  * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
    [#25690](#25690)
  * move DEP0029 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0028 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0027 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0026 to end of life (cjihrig)
    [#25377](#25377)
  * move DEP0023 to end of life (cjihrig)
    [#25280](#25280)
  * move DEP0006 to end of life (cjihrig)
    [#25279](#25279)
  * remove unintended access to deps/ (Anna Henningsen)
    [#25138](#25138)
  * move DEP0120 to end of life (cjihrig)
    [#24862](#24862)
  * use ES6 class inheritance style (Ruben Bridgewater)
    [#24755](#24755)
  * remove `inherits()` usage (Ruben Bridgewater)
    [#24755](#24755)
* module:
  * remove dead code (Ruben Bridgewater)
    [#26983](#26983)
  * mark DEP0019 as End-of-Life (Ruben Bridgewater)
    [#26973](#26973)
  * throw an error for invalid package.json main entries
    (Ruben Bridgewater)
    [#26823](#26823)
  * don't search in require.resolve.paths (cjihrig)
    [#23683](#23683)
* n-api:
  * remove code from error name (Ruben Bridgewater)
    [#26738](#26738)
* net:
  * do not manipulate potential user code (Ruben Bridgewater)
    [#26751](#26751)
  * emit "write after end" errors in the next tick (Ouyang Yadong)
    [#24457](#24457)
  * deprecate \_setSimultaneousAccepts() undocumented function
    (James M Snell)
    [#23760](#23760)
* net,http2:
  * merge setTimeout code (ZYSzys)
    [#25084](#25084)
* os:
  * implement os.type() using uv\_os\_uname() (cjihrig)
    [#25659](#25659)
* process:
  * global.process, global.Buffer getters (Guy Bedford)
    [#26882](#26882)
  * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
    [#25828](#25828)
  * exit on --debug and --debug-brk after option parsing (Joyee Cheung)
    [#25828](#25828)
  * improve `--redirect-warnings` handling (Ruben Bridgewater)
    [#24965](#24965)
* readline:
  * support TERM=dumb (Vladislav Kaminsky)
    [#26261](#26261)
* repl:
  * add welcome message (gengjiawen)
    [#25947](#25947)
  * fix terminal default setting (Ruben Bridgewater)
    [#26518](#26518)
  * check colors with .getColorDepth() (Vladislav Kaminsky)
    [#26261](#26261)
  * deprecate REPLServer.rli (Ruben Bridgewater)
    [#26260](#26260)
* src:
  * remove unused INT\_MAX constant (Sam Roberts)
    [#27078](#27078)
  * update NODE\_MODULE\_VERSION to 72 (Ujjwal Sharma)
    [#26685](#26685)
  * remove `AddPromiseHook()` (Anna Henningsen)
    [#26574](#26574)
  * update NODE\_MODULE\_VERSION to 71 (Michaël Zasso)
    [#25852](#25852)
  * clean up MultiIsolatePlatform interface (Anna Henningsen)
    [#26384](#26384)
  * properly configure default heap limits (Ali Ijaz Sheikh)
    [#25576](#25576)
  * remove icuDataDir from node config (GauthamBanasandra)
    [#24780](#24780)
  * explicitly allow JS in ReadHostObject (Yang Guo)
    [#23423](#23423)
  * update postmortem constant (cjihrig)
    [#23423](#23423)
  * update NODE\_MODULE\_VERSION to 68 (Michaël Zasso)
    [#23423](#23423)
* tls:
  * support TLSv1.3 (Sam Roberts)
    [#26209](#26209)
  * return correct version from getCipher() (Sam Roberts)
    [#26625](#26625)
  * check arg types of renegotiate() (Sam Roberts)
    [#25876](#25876)
  * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts)
    [#24729](#24729)
  * emit a warning when servername is an IP address (Rodger Combs)
    [#23329](#23329)
  * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
    [#23814](#23814)
  * remove unused arg to createSecureContext() (Sam Roberts)
    [#24241](#24241)
  * deprecate Server.prototype.setOptions() (cjihrig)[
    #23820](#23820)
  * load NODE\_EXTRA\_CA\_CERTS at startup (Ouyang Yadong)
    [#23354](#23354)
* util:
  * change inspect compact and breakLength default (Ruben Bridgewater)
    [#27109](#27109)
  * improve inspect edge cases (Ruben Bridgewater)
    [#27109](#27109)
  * only the first line of the error message (Simon Zünd)
    [#26685](#26685)
  * don't set the prototype of callbackified functions
    (Ruben Bridgewater)
    [#26893](#26893)
  * rename callbackified function (Ruben Bridgewater)
    [#26893](#26893)
  * increase function length when using `callbackify()`
    (Ruben Bridgewater)
    [#26893](#26893)
  * prevent tampering with internals in `inspect()` (Ruben Bridgewater)
    [#26577](#26577)
  * fix proxy inspection (Ruben Bridgewater)
    [#26241](#26241)
  * prevent leaking internal properties (Ruben Bridgewater)
    [#24971](#24971)
  * protect against monkeypatched Object prototype for inspect()
    (Rich Trott)
    [#25953](#25953)
  * treat format arguments equally (Roman Reiss)
    [#23162](#23162)
* win, fs:
  * detect if symlink target is a directory (Bartosz Sosnowski)
    [#23724](#23724)
* zlib:
  * throw TypeError if callback is missing (Anna Henningsen)[
    #24929](#24929)
  * make “bare” constants un-enumerable (Anna Henningsen)
    [#24824](#24824)

PR-URL: #26930
BethGriggs added a commit that referenced this pull request Apr 23, 2019
Notable changes:

* assert:
    * validate required arguments (Ruben Bridgewater)
      [#26641](#26641)
    * adjust loose assertions (Ruben Bridgewater)
      [#25008](#25008)
* async_hooks:
    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
      [#26530](#26530)
    * remove promise object from resource (Andreas Madsen)
      [#23443](#23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
      [#24874](#24874)
* buffer:
    * use stricter range checks (Ruben Bridgewater)
      [#27045](#27045)
    * harden `SlowBuffer` creation (ZYSzys)
      [#26272](#26272)
    * harden validation of buffer allocation size (ZYSzys)
      [#26162](#26162)
    * do proper error propagation in addon methods (Anna Henningsen)
      [#23939](#23939)
* child_process:
    * remove `options.customFds` (cjihrig)
      [#25279](#25279)
    * harden fork arguments validation (ZYSzys)
      [#27039](#27039)
    * use non-infinite `maxBuffer` defaults (kohta ito)
      [#23027](#23027)
* console:
    * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
      [#26261](#26261)
* crypto:
    * remove legacy native handles (Tobias Nießen)
      [#27011](#27011)
    * decode missing passphrase errors (Tobias Nießen)
      [#25208](#25208)
    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
      (Tobias Nießen)
      [#26249](#26249)
    * remove deprecated `crypto._toBuf()` (Tobias Nießen)
      [#25338](#25338)
    * set `DEFAULT\_ENCODING` property to non-enumerable
      (Antoine du Hamel)
      [#23222](#23222)
* deps:
    * update V8 to 7.4.288.13
    (Michaël Zasso, cjihrig, Refael Ackermann)
    (Anna Henningsen, Ujjwal Sharma)
      [#26685](#26685)
    * bump minimum icu version to 63 (Ujjwal Sharma)
      [#25852](#25852)
    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
      [#26327](#26327)
* errors:
    * update error name (Ruben Bridgewater)
      [#26738](#26738)
* fs:
    * use proper .destroy() implementation for SyncWriteStream
      (Matteo Collina)
      [#26690](#26690)
    * improve mode validation (Ruben Bridgewater)
      [#26575](#26575)
    * harden validation of start option in `createWriteStream()`
      (ZYSzys)
      [#25579](#25579)
    * make writeFile consistent with readFile wrt fd
      (Sakthipriyan Vairamani (thefourtheye))
      [#23709](#23709)
* http:
    * validate timeout in `ClientRequest()` (cjihrig)
      [#26214](#26214)
    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
      [#25605](#25605)
    * switch default parser to llhttp (Anna Henningsen)
      [#24870](#24870)
    * Runtime-deprecate `outgoingMessage._headers` and
      `outgoingMessage._headerNames` (Morgan Roderick)
      [#24167](#24167)
* lib:
    * remove `Atomics.wake()` (Gus Caplan)
      [#27033](#27033)
    * move DTRACE\_\* probes out of global scope (James M Snell)
      [#26541](#26541)
    * deprecate `_stream_wrap` (Sam Roberts)
      [#26245](#26245)
    * use ES6 class inheritance style (Ruben Bridgewater)
      [#24755](#24755)
* module:
    * remove unintended access to deps/ (Anna Henningsen)
      [#25138](#25138)
    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](#25690)
    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](#25690)
    * remove dead code (Ruben Bridgewater)
      [#26983](#26983)
    * make `require('.')` never resolve outside the current directory
      (Ruben Bridgewater)
      [#26973](#26973)
    * throw an error for invalid package.json main entries
      (Ruben Bridgewater)
      [#26823](#26823)
    * don't search in `require.resolve.paths` (cjihrig)
      [#23683](#23683)
* net:
    * remove `Server.listenFD()` (cjihrig)
      [#27127](#27127)
    * do not add `.host` and `.port` properties to DNS error
      (Ruben Bridgewater)
      [#26751](#26751)
    * emit "write after end" errors in the next tick (Ouyang Yadong)
      [#24457](#24457)
    * deprecate `_setSimultaneousAccepts()` undocumented function
      (James M Snell)
      [#23760](#23760)
* os:
    * implement `os.type()` using `uv_os_uname()` (cjihrig)
      [#25659](#25659)
    * remove `os.getNetworkInterfaces()` (cjihrig)
      [#25280](#25280)
* process:
    * make global.process, global.Buffer getters (Guy Bedford)
      [#26882](#26882)
    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
      [#25828](#25828)
    * exit on --debug and --debug-brk after option parsing
      (Joyee Cheung)
      [#25828](#25828)
    * improve `--redirect-warnings` handling (Ruben Bridgewater)
      [#24965](#24965)
* readline:
    * support TERM=dumb (Vladislav Kaminsky)
      [#26261](#26261)
* repl:
    * add welcome message (gengjiawen)
      [#25947](#25947)
    * fix terminal default setting (Ruben Bridgewater)
      [#26518](#26518)
    * check colors with `.getColorDepth()` (Vladislav Kaminsky)
      [#26261](#26261)
    * deprecate REPLServer.rli (Ruben Bridgewater)
      [#26260](#26260)
* src:
    * remove unused `INT_MAX` constant (Sam Roberts)
      [#27078](#27078)
    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
      [#26685](#26685)
    * remove `AddPromiseHook()` (Anna Henningsen)
      [#26574](#26574)
    * clean up `MultiIsolatePlatform` interface (Anna Henningsen)
      [#26384](#26384)
    * properly configure default heap limits (Ali Ijaz Sheikh)
      [#25576](#25576)
    * remove `icuDataDir` from node config (GauthamBanasandra)
      [#24780](#24780)
* tls:
    * support TLSv1.3 (Sam Roberts)
      [#26209](#26209)
    * return correct version from `getCipher()` (Sam Roberts)
      [#26625](#26625)
    * check arg types of renegotiate() (Sam Roberts)
      [#25876](#25876)
    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
      [#24729](#24729)
    * emit a warning when servername is an IP address (Rodger Combs)
      [#23329](#23329)
    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
      [#23814](#23814)
    * remove unused arg to createSecureContext() (Sam Roberts)
      [#24241](#24241)
    * deprecate `Server.prototype.setOptions()` (cjihrig)
      [#23820](#23820)
    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
      [#23354](#23354)
* util:
    * remove `util.print()`, `util.puts()`, `util.debug()`
      and `util.error()` (cjihrig)
      [#25377](#25377)
    * change inspect compact and breakLength default
      (Ruben Bridgewater)
      [#27109](#27109)
    * improve inspect edge cases (Ruben Bridgewater)
      [#27109](#27109)
    * only the first line of the error message (Simon Zünd)
      [#26685](#26685)
    * don't set the prototype of callbackified functions
      (Ruben Bridgewater)
      [#26893](#26893)
    * rename callbackified function (Ruben Bridgewater)
      [#26893](#26893)
    * increase function length when using `callbackify()`
      (Ruben Bridgewater)
      [#26893](#26893)
    * prevent tampering with internals in `inspect()`
      (Ruben Bridgewater)
      [#26577](#26577)
    * prevent Proxy traps being triggered by `.inspect()`
      (Ruben Bridgewater)
      [#26241](#26241)
    * prevent leaking internal properties (Ruben Bridgewater)
      [#24971](#24971)
    * protect against monkeypatched Object prototype for inspect()
      (Rich Trott)
      [#25953](#25953)
    * treat format arguments equally (Roman Reiss)
      [#23162](#23162)
* win, fs:
    * detect if symlink target is a directory (Bartosz Sosnowski)
      [#23724](#23724)
* zlib:
    * throw TypeError if callback is missing (Anna Henningsen)
      [#24929](#24929)
    * make “bare” constants un-enumerable (Anna Henningsen)
      [#24824](#24824)

PR-URL: #26930
BethGriggs added a commit that referenced this pull request Apr 23, 2019
Notable changes:

* assert:
    * validate required arguments (Ruben Bridgewater)
      [#26641](#26641)
    * adjust loose assertions (Ruben Bridgewater)
      [#25008](#25008)
* async_hooks:
    * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina)
      [#26530](#26530)
    * remove promise object from resource (Andreas Madsen)
      [#23443](#23443)
* bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater)
      [#24874](#24874)
* buffer:
    * use stricter range checks (Ruben Bridgewater)
      [#27045](#27045)
    * harden `SlowBuffer` creation (ZYSzys)
      [#26272](#26272)
    * harden validation of buffer allocation size (ZYSzys)
      [#26162](#26162)
    * do proper error propagation in addon methods (Anna Henningsen)
      [#23939](#23939)
* child_process:
    * remove `options.customFds` (cjihrig)
      [#25279](#25279)
    * harden fork arguments validation (ZYSzys)
      [#27039](#27039)
    * use non-infinite `maxBuffer` defaults (kohta ito)
      [#23027](#23027)
* console:
    * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky)
      [#26261](#26261)
* crypto:
    * remove legacy native handles (Tobias Nießen)
      [#27011](#27011)
    * decode missing passphrase errors (Tobias Nießen)
      [#25208](#25208)
    * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()`
      (Tobias Nießen)
      [#26249](#26249)
    * remove deprecated `crypto._toBuf()` (Tobias Nießen)
      [#25338](#25338)
    * set `DEFAULT\_ENCODING` property to non-enumerable
      (Antoine du Hamel)
      [#23222](#23222)
* deps:
    * update V8 to 7.4.288.13
    (Michaël Zasso, cjihrig, Refael Ackermann)
    (Anna Henningsen, Ujjwal Sharma)
      [#26685](#26685)
    * bump minimum icu version to 63 (Ujjwal Sharma)
      [#25852](#25852)
    * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu)
      [#26327](#26327)
* errors:
    * update error name (Ruben Bridgewater)
      [#26738](#26738)
* fs:
    * use proper .destroy() implementation for SyncWriteStream
      (Matteo Collina)
      [#26690](#26690)
    * improve mode validation (Ruben Bridgewater)
      [#26575](#26575)
    * harden validation of start option in `createWriteStream()`
      (ZYSzys)
      [#25579](#25579)
    * make writeFile consistent with readFile wrt fd
      (Sakthipriyan Vairamani (thefourtheye))
      [#23709](#23709)
* http:
    * validate timeout in `ClientRequest()` (cjihrig)
      [#26214](#26214)
    * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still)
      [#25605](#25605)
    * switch default parser to llhttp (Anna Henningsen)
      [#24870](#24870)
    * Runtime-deprecate `outgoingMessage._headers` and
      `outgoingMessage._headerNames` (Morgan Roderick)
      [#24167](#24167)
* lib:
    * remove `Atomics.wake()` (Gus Caplan)
      [#27033](#27033)
    * move DTRACE\_\* probes out of global scope (James M Snell)
      [#26541](#26541)
    * deprecate `_stream_wrap` (Sam Roberts)
      [#26245](#26245)
    * use ES6 class inheritance style (Ruben Bridgewater)
      [#24755](#24755)
* module:
    * remove unintended access to deps/ (Anna Henningsen)
      [#25138](#25138)
    * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](#25690)
    * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
      [#25690](#25690)
    * remove dead code (Ruben Bridgewater)
      [#26983](#26983)
    * make `require('.')` never resolve outside the current directory
      (Ruben Bridgewater)
      [#26973](#26973)
    * throw an error for invalid package.json main entries
      (Ruben Bridgewater)
      [#26823](#26823)
    * don't search in `require.resolve.paths` (cjihrig)
      [#23683](#23683)
* net:
    * remove `Server.listenFD()` (cjihrig)
      [#27127](#27127)
    * do not add `.host` and `.port` properties to DNS error
      (Ruben Bridgewater)
      [#26751](#26751)
    * emit "write after end" errors in the next tick (Ouyang Yadong)
      [#24457](#24457)
    * deprecate `_setSimultaneousAccepts()` undocumented function
      (James M Snell)
      [#23760](#23760)
* os:
    * implement `os.type()` using `uv_os_uname()` (cjihrig)
      [#25659](#25659)
    * remove `os.getNetworkInterfaces()` (cjihrig)
      [#25280](#25280)
* process:
    * make global.process, global.Buffer getters (Guy Bedford)
      [#26882](#26882)
    * move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
      [#25828](#25828)
    * exit on --debug and --debug-brk after option parsing
      (Joyee Cheung)
      [#25828](#25828)
    * improve `--redirect-warnings` handling (Ruben Bridgewater)
      [#24965](#24965)
* readline:
    * support TERM=dumb (Vladislav Kaminsky)
      [#26261](#26261)
* repl:
    * add welcome message (gengjiawen)
      [#25947](#25947)
    * fix terminal default setting (Ruben Bridgewater)
      [#26518](#26518)
    * check colors with `.getColorDepth()` (Vladislav Kaminsky)
      [#26261](#26261)
    * deprecate REPLServer.rli (Ruben Bridgewater)
      [#26260](#26260)
* src:
    * remove unused `INT_MAX` constant (Sam Roberts)
      [#27078](#27078)
    * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma)
      [#26685](#26685)
    * remove `AddPromiseHook()` (Anna Henningsen)
      [#26574](#26574)
    * clean up `MultiIsolatePlatform` interface (Anna Henningsen)
      [#26384](#26384)
    * properly configure default heap limits (Ali Ijaz Sheikh)
      [#25576](#25576)
    * remove `icuDataDir` from node config (GauthamBanasandra)
      [#24780](#24780)
* tls:
    * support TLSv1.3 (Sam Roberts)
      [#26209](#26209)
    * return correct version from `getCipher()` (Sam Roberts)
      [#26625](#26625)
    * check arg types of renegotiate() (Sam Roberts)
      [#25876](#25876)
    * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts)
      [#24729](#24729)
    * emit a warning when servername is an IP address (Rodger Combs)
      [#23329](#23329)
    * disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
      [#23814](#23814)
    * remove unused arg to createSecureContext() (Sam Roberts)
      [#24241](#24241)
    * deprecate `Server.prototype.setOptions()` (cjihrig)
      [#23820](#23820)
    * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong)
      [#23354](#23354)
* util:
    * remove `util.print()`, `util.puts()`, `util.debug()`
      and `util.error()` (cjihrig)
      [#25377](#25377)
    * change inspect compact and breakLength default
      (Ruben Bridgewater)
      [#27109](#27109)
    * improve inspect edge cases (Ruben Bridgewater)
      [#27109](#27109)
    * only the first line of the error message (Simon Zünd)
      [#26685](#26685)
    * don't set the prototype of callbackified functions
      (Ruben Bridgewater)
      [#26893](#26893)
    * rename callbackified function (Ruben Bridgewater)
      [#26893](#26893)
    * increase function length when using `callbackify()`
      (Ruben Bridgewater)
      [#26893](#26893)
    * prevent tampering with internals in `inspect()`
      (Ruben Bridgewater)
      [#26577](#26577)
    * prevent Proxy traps being triggered by `.inspect()`
      (Ruben Bridgewater)
      [#26241](#26241)
    * prevent leaking internal properties (Ruben Bridgewater)
      [#24971](#24971)
    * protect against monkeypatched Object prototype for inspect()
      (Rich Trott)
      [#25953](#25953)
    * treat format arguments equally (Roman Reiss)
      [#23162](#23162)
* win, fs:
    * detect if symlink target is a directory (Bartosz Sosnowski)
      [#23724](#23724)
* zlib:
    * throw TypeError if callback is missing (Anna Henningsen)
      [#24929](#24929)
    * make “bare” constants un-enumerable (Anna Henningsen)
      [#24824](#24824)

PR-URL: #26930
ebickle added a commit to ebickle/node that referenced this pull request Sep 5, 2022
Store loaded NODE_EXTRA_CA_CERTS into root_certs_vector, allowing
them to be added to secure contexts when NewRootCertStore() is
called.

When NODE_EXTRA_CA_CERTS is specified, the root certificates
(both bundled and extra) will no longer be preloaded at startup.
This improves Node.js startup time and makes the behavior of
NODE_EXTRA_CA_CERTS consistent with the default behavior when
NODE_EXTRA_CA_CERTS is omitted.

The original reason NODE_EXTRA_CA_CERTS were loaded at startup
(issues nodejs#20432, nodejs#20434) was to prevent the environment variable from
being changed at runtime. This change preserves the runtime consistency
without actually having to load the certs at startup.

Fixes: nodejs#32010
Refs: nodejs#40524
Refs: nodejs#23354
ebickle added a commit to ebickle/node that referenced this pull request Sep 6, 2022
Store loaded NODE_EXTRA_CA_CERTS into root_certs_vector, allowing
them to be added to secure contexts when NewRootCertStore() is
called.

When NODE_EXTRA_CA_CERTS is specified, the root certificates
(both bundled and extra) will no longer be preloaded at startup.
This improves Node.js startup time and makes the behavior of
NODE_EXTRA_CA_CERTS consistent with the default behavior when
NODE_EXTRA_CA_CERTS is omitted.

The original reason NODE_EXTRA_CA_CERTS were loaded at startup
(issues nodejs#20432, nodejs#20434) was to prevent the environment variable from
being changed at runtime. This change preserves the runtime consistency
without actually having to load the certs at startup.

Fixes: nodejs#32010
Refs: nodejs#40524
Refs: nodejs#23354
ebickle added a commit to ebickle/node that referenced this pull request Jul 26, 2024
Store loaded NODE_EXTRA_CA_CERTS into root_certs_vector, allowing
them to be added to secure contexts when NewRootCertStore() is
called.

When NODE_EXTRA_CA_CERTS is specified, the root certificates
(both bundled and extra) will no longer be preloaded at startup.
This improves Node.js startup time and makes the behavior of
NODE_EXTRA_CA_CERTS consistent with the default behavior when
NODE_EXTRA_CA_CERTS is omitted.

The original reason NODE_EXTRA_CA_CERTS were loaded at startup
(issues nodejs#20432, nodejs#20434) was to prevent the environment variable from
being changed at runtime. This change preserves the runtime consistency
without actually having to load the certs at startup.

Fixes: nodejs#32010
Refs: nodejs#40524
Refs: nodejs#23354
pimterry pushed a commit that referenced this pull request Jul 30, 2024
Store loaded NODE_EXTRA_CA_CERTS into root_certs_vector, allowing
them to be added to secure contexts when NewRootCertStore() is
called, rather than losing them when unrelated options are provided.

When NODE_EXTRA_CA_CERTS is specified, the root certificates
(both bundled and extra) will no longer be preloaded at startup.
This improves Node.js startup time and makes the behavior of
NODE_EXTRA_CA_CERTS consistent with the default behavior when
NODE_EXTRA_CA_CERTS is omitted.

The original reason NODE_EXTRA_CA_CERTS were loaded at startup
(issues #20432, #20434) was to prevent the environment variable from
being changed at runtime. This change preserves the runtime consistency
without actually having to load the certs at startup.

Fixes: #32010
Refs: #40524
Refs: #23354
PR-URL: #44529
Reviewed-By: Tim Perry <[email protected]>
targos pushed a commit that referenced this pull request Aug 14, 2024
Store loaded NODE_EXTRA_CA_CERTS into root_certs_vector, allowing
them to be added to secure contexts when NewRootCertStore() is
called, rather than losing them when unrelated options are provided.

When NODE_EXTRA_CA_CERTS is specified, the root certificates
(both bundled and extra) will no longer be preloaded at startup.
This improves Node.js startup time and makes the behavior of
NODE_EXTRA_CA_CERTS consistent with the default behavior when
NODE_EXTRA_CA_CERTS is omitted.

The original reason NODE_EXTRA_CA_CERTS were loaded at startup
(issues #20432, #20434) was to prevent the environment variable from
being changed at runtime. This change preserves the runtime consistency
without actually having to load the certs at startup.

Fixes: #32010
Refs: #40524
Refs: #23354
PR-URL: #44529
Reviewed-By: Tim Perry <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

src: load NODE_EXTRA_CA_CERTS at startup
9 participants