-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: use RFC2253 format in PrintGeneralName #42002
crypto: use RFC2253 format in PrintGeneralName #42002
Conversation
For backward compatibility, node uses X509_NAME_oneline to format X509_NAME entries in PrintGeneralName. However, the format produced by this function is non-standard and its use is discouraged. It also does not handle Unicode names correctly. This change switches to X509_NAME_print_ex with flags that produce an RFC2253-compatible format. Non-ASCII strings are converted to UTF-8 and preserved in the output. Control characters are not escaped by OpenSSL when producing the RFC2253 format because they will be escaped by node in a JSON-compatible manner afterwards.
Review requested:
|
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This needs reviews from @nodejs/tsc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM if CITGM doesn't provide any surprises
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Two exact same CitGM runs, one with 79 failures and one with 91 failures. I don't see anything problematic (but that's no guarantee given all the failures). |
Landed in 563b2ed |
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) fetch (experimental): An experimental fetch API is available on the global scope by default. The implementation is based upon https://undici.nodejs.org/#/, an HTTP/1.1 client written for Node.js by contributors to the project. Through this addition, the following globals are made available: `fetch` , `FormData`, `Headers`, `Request`, `Response`. Disable this API with the `--no-experimental-fetch` command-line flag. Contributed by Michaël Zasso in #41811. HTTP Timeouts: `server.headersTimeout`, which limits the amount of time the parser will wait to receive the complete HTTP headers, is now set to `60000` (60 seconds) by default. `server.requestTimeout`, which sets the timeout value in milliseconds for receiving the entire request from the client, is now set to `300000` (5 minutes) by default. If these timeouts expire, the server responds with status 408 without forwarding the request to the request listener and then closes the connection. Both timeouts must be set to a non-zero value to protect against potential Denial-of-Service attacks in case the server is deployed without a reverse proxy in front. Contributed by Paolo Insogna in #41263. Test Runner module (experimental): The `node:test` module facilitates the creation of JavaScript tests that report results in TAP format. This module is only available under the `node:` scheme. Contributed by Colin Ihrig in #42325. Toolchain and Compiler Upgrades: - Prebuilt binaries for Linux are now built on Red Hat Enterprise Linux (RHEL) 8 and are compatible with Linux distributions based on glibc 2.28 or later, for example, Debian 10, RHEL 8, Ubuntu 20.04. - Prebuilt binaries for macOS now require macOS 10.15 or later. - For AIX the minimum supported architecture has been raised from Power 7 to Power 8. Prebuilt binaries for 32-bit Windows will initially not be available due to issues building the V8 dependency in Node.js. We hope to restore 32-bit Windows binaries for Node.js 18 with a future V8 update. Node.js does not support running on operating systems that are no longer supported by their vendor. For operating systems where their vendor has planned to end support earlier than April 2025, such as Windows 8.1 (January 2023) and Windows Server 2012 R2 (October 2023), support for Node.js 18 will end at the earlier date. Full details about the supported toolchains and compilers are documented in the Node.js `BUILDING.md` file. Contributed by Richard Lau in #42292, #42604 and #42659 , and Michaël Zasso in #42105 and #42666. V8 10.1: The V8 engine is updated to version 10.1, which is part of Chromium 101. Compared to the version included in Node.js 17.9.0, the following new features are included: - The `findLast` and `findLastIndex` array methods. - Improvements to the `Intl.Locale` API. - The `Intl.supportedValuesOf` function. - Improved performance of class fields and private class methods (the initialization of them is now as fast as ordinary property stores). The data format returned by the serialization API (`v8.serialize(value)`) has changed, and cannot be deserialized by earlier versions of Node.js. On the other hand, it is still possible to deserialize the previous format, as the API is backwards-compatible. Contributed by Michaël Zasso in #42657. Web Streams API (experimental): Node.js now exposes the experimental implementation of the Web Streams API on the global scope. This means the following APIs are now globally available: - `ReadableStream`, `ReadableStreamDefaultReader`, `ReadableStreamBYOBReader`, `ReadableStreamBYOBRequest`, `ReadableByteStreamController`, `ReadableStreamDefaultController`, `TransformStream`, `TransformStreamDefaultController`, `WritableStream`, `WritableStreamDefaultWriter`, `WritableStreamDefaultController`, `ByteLengthQueuingStrategy`, `CountQueuingStrategy`, `TextEncoderStream`, `TextDecoderStream`, `CompressionStream`, `DecompressionStream`. Contributed James Snell in #39062, and Antoine du Hamel in #42225. Other Notable Changes: - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - doc: add RafaelGSS to collaborators (RafaelGSS) (#42718) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) Semver-Major Commits: - (SEMVER-MAJOR) assert,util: compare RegExp.lastIndex while using deep equal checks (Ruben Bridgewater) (#41020) - (SEMVER-MAJOR) buffer: refactor `byteLength` to remove outdated optimizations (Rongjian Zhang) (#38545) - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) buffer: graduate Blob from experimental (James M Snell) (#41270) - (SEMVER-MAJOR) build: make x86 Windows support temporarily experimental (Michaël Zasso) (#42666) - (SEMVER-MAJOR) build: bump macOS deployment target to 10.15 (Richard Lau) (#42292) - (SEMVER-MAJOR) build: downgrade Windows 8.1 and server 2012 R2 to experimental (Michaël Zasso) (#42105) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - (SEMVER-MAJOR) cluster: make `kill` to be just `process.kill` (Bar Admoni) (#34312) - (SEMVER-MAJOR) crypto: cleanup validation (Mohammed Keyvanzadeh) (#39841) - (SEMVER-MAJOR) crypto: prettify othername in PrintGeneralName (Tobias Nießen) (#42123) - (SEMVER-MAJOR) crypto: fix X509Certificate toLegacyObject (Tobias Nießen) (#42124) - (SEMVER-MAJOR) crypto: use RFC2253 format in PrintGeneralName (Tobias Nießen) (#42002) - (SEMVER-MAJOR) crypto: change default check(Host|Email) behavior (Tobias Nießen) (#41600) - (SEMVER-MAJOR) deps: V8: cherry-pick semver-major commits from 10.2 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 10.1.124.6 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 9.8.177.9 (Michaël Zasso) (#41610) - (SEMVER-MAJOR) deps: update V8 to 9.7.106.18 (Michaël Zasso) (#40907) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) doc: update minimum glibc requirements for Linux (Richard Lau) (#42659) - (SEMVER-MAJOR) doc: update AIX minimum supported arch (Richard Lau) (#42604) - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) http: refactor headersTimeout and requestTimeout logic (Paolo Insogna) (#41263) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) lib: enable fetch by default (Michaël Zasso) (#41811) - (SEMVER-MAJOR) lib: replace validator and error (Mohammed Keyvanzadeh) (#41678) - (SEMVER-MAJOR) module,repl: support 'node:'-only core modules (Colin Ihrig) (#42325) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: disallow some uses of Object.defineProperty() on process.env (Himself65) (#28006) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) readline: fix question still called after closed (Xuguang Mei) (#42464) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) stream: expose web streams globals, remove runtime experimental warning (Antoine du Hamel) (#42225) - (SEMVER-MAJOR) stream: need to cleanup event listeners if last stream is readable (Xuguang Mei) (#41954) - (SEMVER-MAJOR) stream: revert revert `map` spec compliance (Benjamin Gruenbaum) (#41933) - (SEMVER-MAJOR) stream: throw invalid arg type from End Of Stream (Jithil P Ponnan) (#41766) - (SEMVER-MAJOR) stream: don't emit finish after destroy (Robert Nagy) (#40852) - (SEMVER-MAJOR) stream: add errored and closed props (Robert Nagy) (#40696) - (SEMVER-MAJOR) test: add initial test module (Colin Ihrig) (#42325) - (SEMVER-MAJOR) timers: refactor internal classes to ES2015 syntax (Rabbit) (#37408) - (SEMVER-MAJOR) tls: represent registeredID numerically always (Tobias Nießen) (#41561) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) - (SEMVER-MAJOR) url: throw on NULL in IPv6 hostname (Rich Trott) (#42313) - (SEMVER-MAJOR) v8: make v8.writeHeapSnapshot() error codes consistent (Darshan Sen) (#42577) - (SEMVER-MAJOR) v8: make writeHeapSnapshot throw if fopen fails (Antonio Román) (#41373) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) PR-URL: #42262
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) fetch (experimental): An experimental fetch API is available on the global scope by default. The implementation is based upon https://undici.nodejs.org/#/, an HTTP/1.1 client written for Node.js by contributors to the project. Through this addition, the following globals are made available: `fetch` , `FormData`, `Headers`, `Request`, `Response`. Disable this API with the `--no-experimental-fetch` command-line flag. Contributed by Michaël Zasso in #41811. HTTP Timeouts: `server.headersTimeout`, which limits the amount of time the parser will wait to receive the complete HTTP headers, is now set to `60000` (60 seconds) by default. `server.requestTimeout`, which sets the timeout value in milliseconds for receiving the entire request from the client, is now set to `300000` (5 minutes) by default. If these timeouts expire, the server responds with status 408 without forwarding the request to the request listener and then closes the connection. Both timeouts must be set to a non-zero value to protect against potential Denial-of-Service attacks in case the server is deployed without a reverse proxy in front. Contributed by Paolo Insogna in #41263. Test Runner module (experimental): The `node:test` module facilitates the creation of JavaScript tests that report results in TAP format. This module is only available under the `node:` scheme. Contributed by Colin Ihrig in #42325. Toolchain and Compiler Upgrades: - Prebuilt binaries for Linux are now built on Red Hat Enterprise Linux (RHEL) 8 and are compatible with Linux distributions based on glibc 2.28 or later, for example, Debian 10, RHEL 8, Ubuntu 20.04. - Prebuilt binaries for macOS now require macOS 10.15 or later. - For AIX the minimum supported architecture has been raised from Power 7 to Power 8. Prebuilt binaries for 32-bit Windows will initially not be available due to issues building the V8 dependency in Node.js. We hope to restore 32-bit Windows binaries for Node.js 18 with a future V8 update. Node.js does not support running on operating systems that are no longer supported by their vendor. For operating systems where their vendor has planned to end support earlier than April 2025, such as Windows 8.1 (January 2023) and Windows Server 2012 R2 (October 2023), support for Node.js 18 will end at the earlier date. Full details about the supported toolchains and compilers are documented in the Node.js `BUILDING.md` file. Contributed by Richard Lau in #42292, #42604 and #42659 , and Michaël Zasso in #42105 and #42666. V8 10.1: The V8 engine is updated to version 10.1, which is part of Chromium 101. Compared to the version included in Node.js 17.9.0, the following new features are included: - The `findLast` and `findLastIndex` array methods. - Improvements to the `Intl.Locale` API. - The `Intl.supportedValuesOf` function. - Improved performance of class fields and private class methods (the initialization of them is now as fast as ordinary property stores). The data format returned by the serialization API (`v8.serialize(value)`) has changed, and cannot be deserialized by earlier versions of Node.js. On the other hand, it is still possible to deserialize the previous format, as the API is backwards-compatible. Contributed by Michaël Zasso in #42657. Web Streams API (experimental): Node.js now exposes the experimental implementation of the Web Streams API on the global scope. This means the following APIs are now globally available: - `ReadableStream`, `ReadableStreamDefaultReader`, `ReadableStreamBYOBReader`, `ReadableStreamBYOBRequest`, `ReadableByteStreamController`, `ReadableStreamDefaultController`, `TransformStream`, `TransformStreamDefaultController`, `WritableStream`, `WritableStreamDefaultWriter`, `WritableStreamDefaultController`, `ByteLengthQueuingStrategy`, `CountQueuingStrategy`, `TextEncoderStream`, `TextDecoderStream`, `CompressionStream`, `DecompressionStream`. Contributed James Snell in #39062, and Antoine du Hamel in #42225. Other Notable Changes: - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - doc: add RafaelGSS to collaborators (RafaelGSS) (#42718) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) Semver-Major Commits: - (SEMVER-MAJOR) assert,util: compare RegExp.lastIndex while using deep equal checks (Ruben Bridgewater) (#41020) - (SEMVER-MAJOR) buffer: refactor `byteLength` to remove outdated optimizations (Rongjian Zhang) (#38545) - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (#41270) - (SEMVER-MAJOR) buffer: graduate Blob from experimental (James M Snell) (#41270) - (SEMVER-MAJOR) build: make x86 Windows support temporarily experimental (Michaël Zasso) (#42666) - (SEMVER-MAJOR) build: bump macOS deployment target to 10.15 (Richard Lau) (#42292) - (SEMVER-MAJOR) build: downgrade Windows 8.1 and server 2012 R2 to experimental (Michaël Zasso) (#42105) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (#41305) - (SEMVER-MAJOR) cluster: make `kill` to be just `process.kill` (Bar Admoni) (#34312) - (SEMVER-MAJOR) crypto: cleanup validation (Mohammed Keyvanzadeh) (#39841) - (SEMVER-MAJOR) crypto: prettify othername in PrintGeneralName (Tobias Nießen) (#42123) - (SEMVER-MAJOR) crypto: fix X509Certificate toLegacyObject (Tobias Nießen) (#42124) - (SEMVER-MAJOR) crypto: use RFC2253 format in PrintGeneralName (Tobias Nießen) (#42002) - (SEMVER-MAJOR) crypto: change default check(Host|Email) behavior (Tobias Nießen) (#41600) - (SEMVER-MAJOR) deps: V8: cherry-pick semver-major commits from 10.2 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 10.1.124.6 (Michaël Zasso) (#42657) - (SEMVER-MAJOR) deps: update V8 to 9.8.177.9 (Michaël Zasso) (#41610) - (SEMVER-MAJOR) deps: update V8 to 9.7.106.18 (Michaël Zasso) (#40907) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) doc: update minimum glibc requirements for Linux (Richard Lau) (#42659) - (SEMVER-MAJOR) doc: update AIX minimum supported arch (Richard Lau) (#42604) - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (#42607) - (SEMVER-MAJOR) http: refactor headersTimeout and requestTimeout logic (Paolo Insogna) (#41263) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (#42163) - (SEMVER-MAJOR) lib: enable fetch by default (Michaël Zasso) (#41811) - (SEMVER-MAJOR) lib: replace validator and error (Mohammed Keyvanzadeh) (#41678) - (SEMVER-MAJOR) module,repl: support 'node:'-only core modules (Colin Ihrig) (#42325) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (#41431) - (SEMVER-MAJOR) process: disallow some uses of Object.defineProperty() on process.env (Himself65) (#28006) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (#41896) - (SEMVER-MAJOR) readline: fix question still called after closed (Xuguang Mei) (#42464) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (#40773) - (SEMVER-MAJOR) stream: expose web streams globals, remove runtime experimental warning (Antoine du Hamel) (#42225) - (SEMVER-MAJOR) stream: need to cleanup event listeners if last stream is readable (Xuguang Mei) (#41954) - (SEMVER-MAJOR) stream: revert revert `map` spec compliance (Benjamin Gruenbaum) (#41933) - (SEMVER-MAJOR) stream: throw invalid arg type from End Of Stream (Jithil P Ponnan) (#41766) - (SEMVER-MAJOR) stream: don't emit finish after destroy (Robert Nagy) (#40852) - (SEMVER-MAJOR) stream: add errored and closed props (Robert Nagy) (#40696) - (SEMVER-MAJOR) test: add initial test module (Colin Ihrig) (#42325) - (SEMVER-MAJOR) timers: refactor internal classes to ES2015 syntax (Rabbit) (#37408) - (SEMVER-MAJOR) tls: represent registeredID numerically always (Tobias Nießen) (#41561) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (#41479) - (SEMVER-MAJOR) url: throw on NULL in IPv6 hostname (Rich Trott) (#42313) - (SEMVER-MAJOR) v8: make v8.writeHeapSnapshot() error codes consistent (Darshan Sen) (#42577) - (SEMVER-MAJOR) v8: make writeHeapSnapshot throw if fopen fails (Antonio Román) (#41373) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (#41271) PR-URL: #42262
Notable Changes: Deprecations and Removals: - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (nodejs#42607) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (nodejs#41896) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (nodejs#40773) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (nodejs#41479) fetch (experimental): An experimental fetch API is available on the global scope by default. The implementation is based upon https://undici.nodejs.org/#/, an HTTP/1.1 client written for Node.js by contributors to the project. Through this addition, the following globals are made available: `fetch` , `FormData`, `Headers`, `Request`, `Response`. Disable this API with the `--no-experimental-fetch` command-line flag. Contributed by Michaël Zasso in nodejs#41811. HTTP Timeouts: `server.headersTimeout`, which limits the amount of time the parser will wait to receive the complete HTTP headers, is now set to `60000` (60 seconds) by default. `server.requestTimeout`, which sets the timeout value in milliseconds for receiving the entire request from the client, is now set to `300000` (5 minutes) by default. If these timeouts expire, the server responds with status 408 without forwarding the request to the request listener and then closes the connection. Both timeouts must be set to a non-zero value to protect against potential Denial-of-Service attacks in case the server is deployed without a reverse proxy in front. Contributed by Paolo Insogna in nodejs#41263. Test Runner module (experimental): The `node:test` module facilitates the creation of JavaScript tests that report results in TAP format. This module is only available under the `node:` scheme. Contributed by Colin Ihrig in nodejs#42325. Toolchain and Compiler Upgrades: - Prebuilt binaries for Linux are now built on Red Hat Enterprise Linux (RHEL) 8 and are compatible with Linux distributions based on glibc 2.28 or later, for example, Debian 10, RHEL 8, Ubuntu 20.04. - Prebuilt binaries for macOS now require macOS 10.15 or later. - For AIX the minimum supported architecture has been raised from Power 7 to Power 8. Prebuilt binaries for 32-bit Windows will initially not be available due to issues building the V8 dependency in Node.js. We hope to restore 32-bit Windows binaries for Node.js 18 with a future V8 update. Node.js does not support running on operating systems that are no longer supported by their vendor. For operating systems where their vendor has planned to end support earlier than April 2025, such as Windows 8.1 (January 2023) and Windows Server 2012 R2 (October 2023), support for Node.js 18 will end at the earlier date. Full details about the supported toolchains and compilers are documented in the Node.js `BUILDING.md` file. Contributed by Richard Lau in nodejs#42292, nodejs#42604 and nodejs#42659 , and Michaël Zasso in nodejs#42105 and nodejs#42666. V8 10.1: The V8 engine is updated to version 10.1, which is part of Chromium 101. Compared to the version included in Node.js 17.9.0, the following new features are included: - The `findLast` and `findLastIndex` array methods. - Improvements to the `Intl.Locale` API. - The `Intl.supportedValuesOf` function. - Improved performance of class fields and private class methods (the initialization of them is now as fast as ordinary property stores). The data format returned by the serialization API (`v8.serialize(value)`) has changed, and cannot be deserialized by earlier versions of Node.js. On the other hand, it is still possible to deserialize the previous format, as the API is backwards-compatible. Contributed by Michaël Zasso in nodejs#42657. Web Streams API (experimental): Node.js now exposes the experimental implementation of the Web Streams API on the global scope. This means the following APIs are now globally available: - `ReadableStream`, `ReadableStreamDefaultReader`, `ReadableStreamBYOBReader`, `ReadableStreamBYOBRequest`, `ReadableByteStreamController`, `ReadableStreamDefaultController`, `TransformStream`, `TransformStreamDefaultController`, `WritableStream`, `WritableStreamDefaultWriter`, `WritableStreamDefaultController`, `ByteLengthQueuingStrategy`, `CountQueuingStrategy`, `TextEncoderStream`, `TextDecoderStream`, `CompressionStream`, `DecompressionStream`. Contributed James Snell in nodejs#39062, and Antoine du Hamel in nodejs#42225. Other Notable Changes: - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (nodejs#41270) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (nodejs#41305) - doc: add RafaelGSS to collaborators (RafaelGSS) (nodejs#42718) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (nodejs#42163) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (nodejs#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (nodejs#41271) Semver-Major Commits: - (SEMVER-MAJOR) assert,util: compare RegExp.lastIndex while using deep equal checks (Ruben Bridgewater) (nodejs#41020) - (SEMVER-MAJOR) buffer: refactor `byteLength` to remove outdated optimizations (Rongjian Zhang) (nodejs#38545) - (SEMVER-MAJOR) buffer: expose Blob as a global (James M Snell) (nodejs#41270) - (SEMVER-MAJOR) buffer: graduate Blob from experimental (James M Snell) (nodejs#41270) - (SEMVER-MAJOR) build: make x86 Windows support temporarily experimental (Michaël Zasso) (nodejs#42666) - (SEMVER-MAJOR) build: bump macOS deployment target to 10.15 (Richard Lau) (nodejs#42292) - (SEMVER-MAJOR) build: downgrade Windows 8.1 and server 2012 R2 to experimental (Michaël Zasso) (nodejs#42105) - (SEMVER-MAJOR) child\_process: improve argument validation (Rich Trott) (nodejs#41305) - (SEMVER-MAJOR) cluster: make `kill` to be just `process.kill` (Bar Admoni) (nodejs#34312) - (SEMVER-MAJOR) crypto: cleanup validation (Mohammed Keyvanzadeh) (nodejs#39841) - (SEMVER-MAJOR) crypto: prettify othername in PrintGeneralName (Tobias Nießen) (nodejs#42123) - (SEMVER-MAJOR) crypto: fix X509Certificate toLegacyObject (Tobias Nießen) (nodejs#42124) - (SEMVER-MAJOR) crypto: use RFC2253 format in PrintGeneralName (Tobias Nießen) (nodejs#42002) - (SEMVER-MAJOR) crypto: change default check(Host|Email) behavior (Tobias Nießen) (nodejs#41600) - (SEMVER-MAJOR) deps: V8: cherry-pick semver-major commits from 10.2 (Michaël Zasso) (nodejs#42657) - (SEMVER-MAJOR) deps: update V8 to 10.1.124.6 (Michaël Zasso) (nodejs#42657) - (SEMVER-MAJOR) deps: update V8 to 9.8.177.9 (Michaël Zasso) (nodejs#41610) - (SEMVER-MAJOR) deps: update V8 to 9.7.106.18 (Michaël Zasso) (nodejs#40907) - (SEMVER-MAJOR) dns: remove `dns.lookup` and `dnsPromises.lookup` options type coercion (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) doc: update minimum glibc requirements for Linux (Richard Lau) (nodejs#42659) - (SEMVER-MAJOR) doc: update AIX minimum supported arch (Richard Lau) (nodejs#42604) - (SEMVER-MAJOR) fs: runtime deprecate string coercion in `fs.write`, `fs.writeFileSync` (Livia Medeiros) (nodejs#42607) - (SEMVER-MAJOR) http: refactor headersTimeout and requestTimeout logic (Paolo Insogna) (nodejs#41263) - (SEMVER-MAJOR) http: make TCP noDelay enabled by default (Paolo Insogna) (nodejs#42163) - (SEMVER-MAJOR) lib: enable fetch by default (Michaël Zasso) (nodejs#41811) - (SEMVER-MAJOR) lib: replace validator and error (Mohammed Keyvanzadeh) (nodejs#41678) - (SEMVER-MAJOR) module,repl: support 'node:'-only core modules (Colin Ihrig) (nodejs#42325) - (SEMVER-MAJOR) net: make `server.address()` return an integer for `family` (Antoine du Hamel) (nodejs#41431) - (SEMVER-MAJOR) process: disallow some uses of Object.defineProperty() on process.env (Himself65) (nodejs#28006) - (SEMVER-MAJOR) process: runtime deprecate multipleResolves (Benjamin Gruenbaum) (nodejs#41896) - (SEMVER-MAJOR) readline: fix question still called after closed (Xuguang Mei) (nodejs#42464) - (SEMVER-MAJOR) stream: remove thenable support (Robert Nagy) (nodejs#40773) - (SEMVER-MAJOR) stream: expose web streams globals, remove runtime experimental warning (Antoine du Hamel) (nodejs#42225) - (SEMVER-MAJOR) stream: need to cleanup event listeners if last stream is readable (Xuguang Mei) (nodejs#41954) - (SEMVER-MAJOR) stream: revert revert `map` spec compliance (Benjamin Gruenbaum) (nodejs#41933) - (SEMVER-MAJOR) stream: throw invalid arg type from End Of Stream (Jithil P Ponnan) (nodejs#41766) - (SEMVER-MAJOR) stream: don't emit finish after destroy (Robert Nagy) (nodejs#40852) - (SEMVER-MAJOR) stream: add errored and closed props (Robert Nagy) (nodejs#40696) - (SEMVER-MAJOR) test: add initial test module (Colin Ihrig) (nodejs#42325) - (SEMVER-MAJOR) timers: refactor internal classes to ES2015 syntax (Rabbit) (nodejs#37408) - (SEMVER-MAJOR) tls: represent registeredID numerically always (Tobias Nießen) (nodejs#41561) - (SEMVER-MAJOR) tls: move tls.parseCertString to end-of-life (Tobias Nießen) (nodejs#41479) - (SEMVER-MAJOR) url: throw on NULL in IPv6 hostname (Rich Trott) (nodejs#42313) - (SEMVER-MAJOR) v8: make v8.writeHeapSnapshot() error codes consistent (Darshan Sen) (nodejs#42577) - (SEMVER-MAJOR) v8: make writeHeapSnapshot throw if fopen fails (Antonio Román) (nodejs#41373) - (SEMVER-MAJOR) worker: expose BroadcastChannel as a global (James M Snell) (nodejs#41271) - (SEMVER-MAJOR) worker: graduate BroadcastChannel to supported (James M Snell) (nodejs#41271) PR-URL: nodejs#42262
For backward compatibility, node uses
X509_NAME_oneline
to formatX509_NAME
entries inPrintGeneralName
. However, the format produced by this function is non-standard and its use is discouraged. It also does not handle Unicode names correctly.This change switches to
X509_NAME_print_ex
with flags that produce an RFC2253-compatible format. Non-ASCII strings are converted to UTF-8 and preserved in the output. Control characters are not escaped by OpenSSL when producing the RFC2253 format because they will be escaped by node in a JSON-compatible manner afterwards.Unfortunately, this means that virtually no
X509_NAME
entries will be considered "safe" by node internals (as determined byIsSafeAltName
), and they will almost always be encoded as JSON string literals to prevent incorrect parsing both within node itself and in third-party code.This also resolves a problem with OpenSSL 1.1.1 that previously resulted in ambiguous representations of
DirName
entries. This problem does not exist in OpenSSL 3. Note that, using OpenSSL 1.1.1, it looks like theDirName
contains aCN
entry, which it does not, whereas OpenSSL 3 escapes the/CN
part. With this patch, RFC2253 is used, which is unambiguous regardless of the OpenSSL version.node/test/parallel/test-x509-escaping.js
Lines 81 to 83 in dace5a8
This addresses the following
TODO
s:node/src/crypto/crypto_common.cc
Line 749 in dace5a8
node/test/parallel/test-x509-escaping.js
Line 70 in dace5a8
This partially addresses the following
TODO
:node/src/crypto/crypto_common.cc
Line 721 in dace5a8
Refs: #42001