crypto: Improve control of FIPS mode by stefanmb · Pull Request #5181 · nodejs/node
This was referenced
Feb 10, 2016
mhdawson
added
the
semver-major
label
Feb 10, 2016mhdawson pushed a commit that referenced this pull request
Feb 25, 2016
Default to FIPS off even in FIPS builds. Add JS API to check and control FIPS mode. Add command line arguments to force FIPS on/off. Respect OPENSSL_CONF variable and read the config. Add testing for new features. Fixes: #3819 PR-URL: #5181 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
This was referenced
Apr 21, 2016jasnell added a commit that referenced this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell added a commit that referenced this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell added a commit that referenced this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402](#6402).
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell added a commit that referenced this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402](#6402).
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell added a commit that referenced this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402](#6402).
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters