From 66c15528be0ae230e961b8cc4c9d20d2dd513f82 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 7 Mar 2022 01:20:36 -0500 Subject: [PATCH 1/2] WIP remove crypto fork --- lib/Connection.js | 179 +++++++++++++--------------------------------- 1 file changed, 49 insertions(+), 130 deletions(-) diff --git a/lib/Connection.js b/lib/Connection.js index 6802255dd..51021423c 100644 --- a/lib/Connection.js +++ b/lib/Connection.js @@ -1,4 +1,3 @@ -var Crypto = require('crypto'); var Events = require('events'); var Net = require('net'); var tls = require('tls'); @@ -271,135 +270,6 @@ Connection.prototype.format = function(sql, values) { return SqlString.format(sql, values, this.config.stringifyObjects, this.config.timezone); }; -if (tls.TLSSocket) { - // 0.11+ environment - Connection.prototype._startTLS = function _startTLS(onSecure) { - var connection = this; - - createSecureContext(this.config, function (err, secureContext) { - if (err) { - onSecure(err); - return; - } - - // "unpipe" - connection._socket.removeAllListeners('data'); - connection._protocol.removeAllListeners('data'); - - // socket <-> encrypted - var rejectUnauthorized = connection.config.ssl.rejectUnauthorized; - var secureEstablished = false; - var secureSocket = new tls.TLSSocket(connection._socket, { - rejectUnauthorized : rejectUnauthorized, - requestCert : true, - secureContext : secureContext, - isServer : false - }); - - // error handler for secure socket - secureSocket.on('_tlsError', function(err) { - if (secureEstablished) { - connection._handleNetworkError(err); - } else { - onSecure(err); - } - }); - - // cleartext <-> protocol - secureSocket.pipe(connection._protocol); - connection._protocol.on('data', function(data) { - secureSocket.write(data); - }); - - secureSocket.on('secure', function() { - secureEstablished = true; - - onSecure(rejectUnauthorized ? this.ssl.verifyError() : null); - }); - - // start TLS communications - secureSocket._start(); - }); - }; -} else { - // pre-0.11 environment - Connection.prototype._startTLS = function _startTLS(onSecure) { - // before TLS: - // _socket <-> _protocol - // after: - // _socket <-> securePair.encrypted <-> securePair.cleartext <-> _protocol - - var connection = this; - var credentials = Crypto.createCredentials({ - ca : this.config.ssl.ca, - cert : this.config.ssl.cert, - ciphers : this.config.ssl.ciphers, - key : this.config.ssl.key, - passphrase : this.config.ssl.passphrase - }); - - var rejectUnauthorized = this.config.ssl.rejectUnauthorized; - var secureEstablished = false; - var securePair = tls.createSecurePair(credentials, false, true, rejectUnauthorized); - - // error handler for secure pair - securePair.on('error', function(err) { - if (secureEstablished) { - connection._handleNetworkError(err); - } else { - onSecure(err); - } - }); - - // "unpipe" - this._socket.removeAllListeners('data'); - this._protocol.removeAllListeners('data'); - - // socket <-> encrypted - securePair.encrypted.pipe(this._socket); - this._socket.on('data', function(data) { - securePair.encrypted.write(data); - }); - - // cleartext <-> protocol - securePair.cleartext.pipe(this._protocol); - this._protocol.on('data', function(data) { - securePair.cleartext.write(data); - }); - - // secure established - securePair.on('secure', function() { - secureEstablished = true; - - if (!rejectUnauthorized) { - onSecure(); - return; - } - - var verifyError = this.ssl.verifyError(); - var err = verifyError; - - // node.js 0.6 support - if (typeof err === 'string') { - err = new Error(verifyError); - err.code = verifyError; - } - - onSecure(err); - }); - - // node.js 0.8 bug - securePair._cycle = securePair.cycle; - securePair.cycle = function cycle() { - if (this.ssl && this.ssl.error) { - this.error(); - } - - return this._cycle.apply(this, arguments); - }; - }; -} - Connection.prototype._handleConnectTimeout = function() { if (this._socket) { this._socket.setTimeout(0); @@ -455,6 +325,55 @@ Connection.prototype._implyConnect = function() { } }; +Connection.prototype._startTLS = function _startTLS(onSecure) { + var connection = this; + + createSecureContext(this.config, function (err, secureContext) { + if (err) { + onSecure(err); + return; + } + + // "unpipe" + connection._socket.removeAllListeners('data'); + connection._protocol.removeAllListeners('data'); + + // socket <-> encrypted + var rejectUnauthorized = connection.config.ssl.rejectUnauthorized; + var secureEstablished = false; + var secureSocket = new tls.TLSSocket(connection._socket, { + rejectUnauthorized : rejectUnauthorized, + requestCert : true, + secureContext : secureContext, + isServer : false + }); + + // error handler for secure socket + secureSocket.on('_tlsError', function(err) { + if (secureEstablished) { + connection._handleNetworkError(err); + } else { + onSecure(err); + } + }); + + // cleartext <-> protocol + secureSocket.pipe(connection._protocol); + connection._protocol.on('data', function(data) { + secureSocket.write(data); + }); + + secureSocket.on('secure', function() { + secureEstablished = true; + + onSecure(rejectUnauthorized ? this.ssl.verifyError() : null); + }); + + // start TLS communications + secureSocket._start(); + }); +}; + function createSecureContext (config, cb) { var context = null; var error = null; From 9df92db7378afed625ee894968e9d47695db9c25 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 7 Mar 2022 01:24:22 -0500 Subject: [PATCH 2/2] WIP Drop support for Node.js < 0.10 --- .github/workflows/ci.yml | 30 +----------------------------- Changes.md | 4 ++++ 2 files changed, 5 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 563170e03..8c09eece7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,13 +6,11 @@ on: jobs: test: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest strategy: fail-fast: false matrix: name: - - Node.js 0.6 - - Node.js 0.8 - Node.js 0.10 - Node.js 0.12 - io.js 1.x @@ -43,16 +41,6 @@ jobs: - MariaDB 10.3 include: - - name: Node.js 0.6 - node-version: "0.6" - docker-mysql-type: mysql - docker-mysql-version: "5.7" - - - name: Node.js 0.8 - node-version: "0.8" - docker-mysql-type: mysql - docker-mysql-version: "5.7" - - name: Node.js 0.10 node-version: "0.10" docker-mysql-type: mysql @@ -199,23 +187,7 @@ jobs: - name: Install Node.js ${{ matrix.node-version }} shell: bash -eo pipefail -l {0} run: | - if [[ "${{ matrix.node-version }}" == 0.6* ]]; then - sudo apt-get install g++-4.8 gcc-4.8 libssl1.0-dev - export CC=/usr/bin/gcc-4.8 - export CXX=/usr/bin/g++-4.8 - fi nvm install --default ${{ matrix.node-version }} - if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then - nvm install --alias=npm 0.10 - nvm use ${{ matrix.node-version }} - if [[ "$(npm -v)" == 1.1.* ]]; then - nvm exec npm npm install -g npm@1.1 - ln -fs "$(which npm)" "$(dirname "$(nvm which npm)")/npm" - else - sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" - fi - npm config set strict-ssl false - fi dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" - name: Configure npm diff --git a/Changes.md b/Changes.md index 0b76d4b47..26695ea70 100644 --- a/Changes.md +++ b/Changes.md @@ -6,6 +6,10 @@ you spot any mistakes. ## HEAD +* Drop support for Node.js < 0.10 + +## HEAD + * Support Node.js 14.x * Support Node.js 15.x * Support Node.js 16.x