00:00:00  * ircretaryquit (Remote host closed the connection)
00:00:09  * ircretaryjoined
00:04:06  * c4miloquit (Remote host closed the connection)
00:09:10  * mcavagejoined
00:09:44  * paddybyersquit (Quit: paddybyers)
00:10:26  * hzquit
00:11:27  * yunongquit (Ping timeout: 250 seconds)
00:17:52  * skebcio_joined
00:17:53  * yunongjoined
00:18:34  * skebcioquit (Read error: Connection reset by peer)
00:24:05  * kevinsimperjoined
00:29:00  * kevinsimperquit (Ping timeout: 265 seconds)
00:30:31  * yunongquit (Remote host closed the connection)
00:31:10  * yunongjoined
00:31:25  * piscisaureusquit (Ping timeout: 265 seconds)
00:33:08  * zz_karupanerurachanged nick to karupanerura
00:41:24  * Qardquit (Quit: Leaving.)
00:47:38  * rmgquit (Remote host closed the connection)
00:51:26  * kazuponjoined
00:52:05  * benviequit (Ping timeout: 240 seconds)
00:52:52  * rosskquit
01:07:12  * paulfryzelquit (Remote host closed the connection)
01:07:44  * kazuponquit (Max SendQ exceeded)
01:07:52  * paulfryzeljoined
01:07:59  * rmgjoined
01:08:58  * kazuponjoined
01:09:10  * thlorenzjoined
01:09:47  * tumdedumquit (Max SendQ exceeded)
01:10:02  * kazuponquit (Max SendQ exceeded)
01:10:55  * kazuponjoined
01:11:12  * kazuponquit (Max SendQ exceeded)
01:11:47  * kazuponjoined
01:12:14  * paulfryzelquit (Ping timeout: 258 seconds)
01:12:26  * kazuponquit (Max SendQ exceeded)
01:13:26  * kazuponjoined
01:13:36  * tumdedumjoined
01:13:42  * kazuponquit (Max SendQ exceeded)
01:13:55  * tumdedumquit (Max SendQ exceeded)
01:14:02  * bradleymeckquit (Quit: bradleymeck)
01:14:22  * kazuponjoined
01:14:52  * kazuponquit (Max SendQ exceeded)
01:16:01  * dsantiagoquit (Ping timeout: 250 seconds)
01:17:11  * kazuponjoined
01:18:35  * tumdedumjoined
01:24:20  * mcavagequit (Remote host closed the connection)
01:26:59  * dsantiagojoined
01:27:21  * rmgquit (Remote host closed the connection)
01:33:10  * seldo_quit (Remote host closed the connection)
01:33:41  * dap_quit (Quit: Leaving.)
01:38:38  * paulfryzeljoined
01:41:45  * Ralithquit (Ping timeout: 258 seconds)
01:43:25  * mikolalysenkojoined
01:46:43  * porchratquit (Quit: HydraIRC -> http://www.hydrairc.com <- IRC with a difference)
01:58:04  * paulfryzelquit (Read error: Connection reset by peer)
01:58:38  * paulfryzeljoined
02:03:11  * paulfryzelquit (Ping timeout: 252 seconds)
02:16:20  * Ralithjoined
02:20:52  * TooTallNatequit (Quit: Computer has gone to sleep.)
02:24:21  * bradleymeckjoined
02:24:58  * kevinsimperjoined
02:28:13  * rmgjoined
02:29:35  * kevinsimperquit (Ping timeout: 252 seconds)
02:30:17  * bradleymeckquit (Quit: bradleymeck)
02:32:23  * rmgquit (Ping timeout: 245 seconds)
02:32:28  * TooTallNatejoined
02:33:37  * mikolalysenkoquit (Ping timeout: 252 seconds)
02:40:47  * brunklejoined
02:41:52  * brunklepart
02:46:11  * TooTallNatequit (Quit: Computer has gone to sleep.)
02:54:57  * thlorenzquit (Remote host closed the connection)
02:59:34  * paulfryzeljoined
03:03:41  * paulfryzelquit (Ping timeout: 252 seconds)
03:19:49  * paulfryzeljoined
03:21:08  * kazuponquit (Read error: Connection timed out)
03:21:43  * kazuponjoined
03:24:13  * paulfryzelquit (Ping timeout: 252 seconds)
03:35:32  <groundwater>indutny: do you have any bud benchmarks?
03:41:59  * benviejoined
03:43:37  * mikolalysenkojoined
03:48:15  * mikolalysenkoquit (Ping timeout: 258 seconds)
03:49:03  * rmgjoined
03:53:24  * mikolalysenkojoined
03:58:10  * seldo_joined
03:58:13  * brsonquit (Ping timeout: 245 seconds)
04:01:06  * seldoquit (Read error: Connection reset by peer)
04:06:46  * rmgquit (Remote host closed the connection)
04:20:32  * paulfryzeljoined
04:25:05  * paulfryzelquit (Ping timeout: 252 seconds)
04:25:47  * kevinsimperjoined
04:30:09  * kevinsimperquit (Ping timeout: 250 seconds)
04:35:32  * bradleymeckjoined
04:37:19  * rmgjoined
04:44:05  * rmgquit (Ping timeout: 276 seconds)
04:51:58  * m76joined
05:02:13  * benviequit (Ping timeout: 250 seconds)
05:10:49  * Nikolai__joined
05:35:25  * bajtosjoined
05:52:11  * AvianFluquit (Remote host closed the connection)
06:09:49  * Nikolai__quit (Ping timeout: 250 seconds)
06:14:11  * mikealquit (Quit: Leaving.)
06:16:28  * mogillquit (Quit: mogill)
06:19:29  * mikealjoined
06:22:01  * paulfryzeljoined
06:26:27  * paulfryzelquit (Ping timeout: 252 seconds)
06:26:40  * kevinsimperjoined
06:31:30  * kevinsimperquit (Ping timeout: 265 seconds)
06:41:34  * paddybyersjoined
06:45:53  * bradleymeckquit (Quit: bradleymeck)
06:47:08  * janjongboomjoined
06:47:39  * kevinsimperjoined
06:51:29  * mikolalysenkoquit (Ping timeout: 258 seconds)
07:00:53  * mikolalysenkojoined
07:09:53  * kevinsimperquit (Read error: Connection reset by peer)
07:10:49  * kevinsimperjoined
07:22:49  * paulfryzeljoined
07:27:19  * paulfryzelquit (Ping timeout: 252 seconds)
07:40:57  * kazuponquit (Read error: Connection timed out)
07:41:53  * bradleymeckjoined
07:44:02  * petka_joined
07:47:39  * kazuponjoined
07:56:08  * mikolalysenkoquit (Ping timeout: 245 seconds)
07:57:55  <indutny>groundwater: yes, I do have some
07:58:05  <indutny>groundwater: https://blog.indutny.com/8.bud-a-tls-swiss-knife
08:05:35  * kazuponquit (Read error: Connection timed out)
08:10:52  * kazuponjoined
08:23:37  * paulfryzeljoined
08:28:11  * paulfryzelquit (Ping timeout: 252 seconds)
08:47:07  * hzjoined
09:01:35  * kazuponquit (Remote host closed the connection)
09:05:26  * kazuponjoined
09:30:59  * bajtosquit (Quit: bajtos)
09:42:15  * paddybyersquit (Quit: paddybyers)
09:44:14  * paddybyersjoined
09:53:38  * kazuponquit (Remote host closed the connection)
09:54:50  * kazuponjoined
09:58:42  * karupanerurachanged nick to zz_karupanerura
09:59:49  * kevinsimperquit (Remote host closed the connection)
10:25:06  * paulfryzeljoined
10:29:33  * paulfryzelquit (Ping timeout: 252 seconds)
10:34:26  * kevinsimperjoined
10:40:41  * janjongboomquit (Quit: My MacBook has gone to sleep. ZZZzzz…)
11:05:38  * paddybyers_joined
11:05:51  * paddybyersquit (Ping timeout: 252 seconds)
11:05:51  * paddybyers_changed nick to paddybyers
11:25:56  * paulfryzeljoined
11:30:25  * paulfryzelquit (Ping timeout: 252 seconds)
11:56:01  * piscisaureusjoined
12:03:17  * janjongboomjoined
12:15:01  * c4milojoined
12:18:10  * bajtosjoined
12:24:47  * kazuponquit (Remote host closed the connection)
12:26:39  * paulfryzeljoined
12:31:17  * paulfryzelquit (Ping timeout: 252 seconds)
12:31:57  * AvianFlujoined
12:37:34  <indutny>hey hey hey
12:39:38  * janjongboomquit (Quit: My MacBook has gone to sleep. ZZZzzz…)
12:40:43  * AlexisMochaquit (Ping timeout: 245 seconds)
12:42:21  * janjongboomjoined
12:42:54  * AlexisMochajoined
12:43:47  * c4miloquit (Ping timeout: 276 seconds)
12:47:20  * rmgjoined
12:51:49  * rmgquit (Ping timeout: 252 seconds)
12:53:42  * Raynosquit (Remote host closed the connection)
12:56:02  * thlorenzjoined
13:04:56  * thlorenzquit (Ping timeout: 265 seconds)
13:10:15  * Raynosjoined
13:15:29  * thlorenzjoined
13:27:23  * paulfryzeljoined
13:31:47  * paulfryzelquit (Ping timeout: 252 seconds)
13:43:00  * janjongboomquit (Quit: My MacBook has gone to sleep. ZZZzzz…)
13:44:54  * thlorenzquit (Remote host closed the connection)
14:11:38  * paulfryzeljoined
14:15:31  * janjongboomjoined
14:15:52  * thlorenz_joined
14:17:06  * bajtosquit (Quit: bajtos)
14:17:11  * kazuponjoined
14:19:15  <bradleymeck>‘morning
14:20:39  * mcavagejoined
14:23:31  * groundwaterquit (Remote host closed the connection)
14:25:48  <tjfontaine>morning
14:26:18  * mcavagequit (Remote host closed the connection)
14:29:42  * paulfryz_joined
14:29:49  * paulfryzelquit (Read error: Connection reset by peer)
14:31:30  <tjfontaine>indutny: so txt wise
14:33:05  <tjfontaine>indutny: I haven't pushed the change yet, but I'm thinking of making resolveTxt do the 2d arrays, that seems like the best way forward
14:40:04  <tjfontaine>indutny: I don't think we can do anything more for 0.10 other than to stick with the original concatenation method, as that's what people are expecting
14:40:51  * kevinsimperquit (Remote host closed the connection)
14:45:33  * mcavagejoined
14:47:40  * mcavagequit (Remote host closed the connection)
14:56:29  * groundwaterjoined
14:57:09  * kevinsimperjoined
14:57:29  * thlorenz_quit (Read error: Connection reset by peer)
14:57:49  * paulfryz_quit (Remote host closed the connection)
14:57:53  * thlorenzjoined
15:00:23  * mikolalysenkojoined
15:04:51  * mcavagejoined
15:04:52  * mikealquit (Ping timeout: 240 seconds)
15:05:08  * mcavagequit (Read error: Connection reset by peer)
15:05:13  * mikealjoined
15:05:25  * mcavagejoined
15:10:48  * mogilljoined
15:13:08  * paulfryzeljoined
15:14:57  * mikealquit (Quit: Leaving.)
15:19:54  * bradleymeckquit (Quit: bradleymeck)
15:20:25  * mcavagequit (Remote host closed the connection)
15:21:29  * bradleymeckjoined
15:22:05  * mikealjoined
15:32:11  * paulfryzelquit (Remote host closed the connection)
15:37:38  <indutny>morning
15:37:45  <tjfontaine>morn
15:39:13  <indutny>there are two groups of people
15:39:22  <indutny>one expecting mostly the current one
15:39:32  <indutny>and another expecting the almost old one :)
15:40:45  <indutny>anyway
15:41:45  <tjfontaine>:P
15:42:10  <tjfontaine>reading about, and reviewing ocsp
15:43:13  * paulfryzeljoined
15:44:02  <indutny>yeah
15:44:06  <indutny>I need to rework certificate thing
15:44:07  <indutny>basically
15:44:23  <indutny>it may be a good idea to provide an OCSP info here
15:44:24  <tjfontaine>you mean wrapping certificate in a datastructure?
15:44:30  <indutny>yeah
15:44:37  <indutny>I was trying to minimize amount of added code
15:44:43  <indutny>by providing raw values everywhere
15:44:51  <indutny>but it kind of sucks with the certificate
15:44:58  * paddybyersquit (Quit: paddybyers)
15:45:39  <indutny>the problem is that `issuer` may be in a internal cert store
15:46:00  <indutny>tjfontaine: perhaps, just skip this part for now
15:46:09  <indutny>I'll try to figure it out soon
15:49:08  * bajtosjoined
15:50:10  * janjongboomquit (Quit: My MacBook has gone to sleep. ZZZzzz…)
15:52:17  <indutny>tjfontaine: perhaps, reverting the c-ares update is indeed best thing
15:52:20  <indutny>we could do for v0.10
15:52:51  <tjfontaine>yup -- I agree, and we can point them to native-dns which does the 2d array
15:54:12  * rmgjoined
15:56:20  * paulfryzelquit (Read error: Connection reset by peer)
15:56:33  <indutny>tjfontaine: yup
15:56:48  * paulfryzeljoined
15:57:04  <indutny>tjfontaine: do you have any questions about OCSP thing?
15:57:16  <indutny>I have also refined the way the hello is parsed asynchronously
15:57:23  <indutny>and fixed one bug in hello parser
15:57:45  * rendarjoined
15:58:33  <tjfontaine>I am still looking over it -- it feels close to the api I would expect
15:59:26  * paddybyersjoined
16:00:19  <bradleymeck>tj is there a place to put debugging stuff? there is the thread on the mailing list / some things in issues but feel like it should be gathered into one place if you are considering an overhaul
16:01:00  <bradleymeck>tjfontaine: ^ autocomplete fail…
16:03:48  <piscisaureus>What happened to the js-native DNS btw? A long time ago tjfontaine made something for it but it went nowhere?
16:04:10  <tjfontaine>native-dns it's still there, and I just published a new version today
16:04:17  <tjfontaine>the intent is to bring it in after 0.12
16:04:52  <piscisaureus>nice
16:04:54  <tjfontaine>bradleymeck: we can bring it an issue thread, a well described first effort, similar to what you did for module loading
16:05:05  <tjfontaine>maintaining c-ares is just painful
16:05:25  <piscisaureus>yeah also it has pretty significant flaws
16:05:34  <piscisaureus>or rather - inconsistencies that we can't work around
16:05:46  <piscisaureus>does your native DNS do a /etc/hosts lookup too or just pure DNS?
16:05:52  <piscisaureus>(c-ares does /etc/hosts too iirc)
16:05:55  <tjfontaine>it does currently do /etc/hosts
16:06:09  <tjfontaine>well
16:06:25  <tjfontaine>lookup uses hosts, resolve does not
16:06:46  <piscisaureus>resolve does too I think
16:06:54  <tjfontaine>that's awful if so
16:07:01  <piscisaureus>it doesn't work super well though
16:07:12  <piscisaureus>but otherwise it would never be able to resolve localhost for example
16:07:21  <tjfontaine>hmm
16:07:29  <piscisaureus>It certainly does
16:07:44  <piscisaureus>but I think the issue was that it uses DNS servers in a different order than the os
16:08:10  <tjfontaine>node -e 'require("dns").resolve("localhost", console.log.bind())'
16:08:11  <tjfontaine>{ [Error: queryA ENODATA] code: 'ENODATA', errno: 'ENODATA', syscall: 'queryA' }
16:08:11  <piscisaureus>and doesn't support some platform specific lookup paths like apple bonjour and wins
16:08:20  <piscisaureus>C:\Users\Bert Belder>node
16:08:20  <piscisaureus>> dns.resolve('localhost', console.log)
16:08:20  <piscisaureus>{ oncomplete: [Function: onanswer] }
16:08:20  <piscisaureus>> null [ '127.0.0.1' ]
16:08:44  <tjfontaine>can nslookup trace?
16:08:55  <tjfontaine>your upstream resolver may be doing that for you to be nice
16:10:24  <piscisaureus>https://github.com/joyent/node/blob/5fcd6e40385f45bc9091689337a7ab531861ba19/deps/cares/src/ares_gethostbyname.c#L376
16:10:26  <piscisaureus>code is here
16:10:35  <piscisaureus>not sure if dns.resolve hits that code path
16:10:53  <tjfontaine>we don't use that path
16:11:05  <tjfontaine>well
16:11:06  <tjfontaine>hmm
16:11:06  <piscisaureus>ah, okay
16:11:31  <tjfontaine>we wrap that method, we don't seem to use it
16:11:41  <piscisaureus>odd
16:11:55  <piscisaureus>when I wrote cares-wrap I don't recall binding an unused method though
16:12:17  <piscisaureus>what's nice about js-native is also that we have the opportunity to do better caching
16:12:24  <piscisaureus>c-ares is pretty sucky on that end
16:12:43  <mmalecki>piscisaureus: tweet!
16:12:45  <tjfontaine>we use typedef class ReqWrap<uv_getaddrinfo_t> GetAddrInfoReqWrap;
16:12:47  <tjfontaine>for dns.lookup
16:12:50  <piscisaureus>hey mmalecki
16:12:57  <mmalecki>piscisaureus: wanna hang out at voyager's on 4/20?
16:13:01  * mikolalysenkoquit (Ping timeout: 250 seconds)
16:13:12  <mmalecki>piscisaureus: they have wifi and it'd be cool to even work there
16:13:32  * mcavagejoined
16:14:30  <tjfontaine>I have some work done for some caching as well, I would like to enable people to cache, I'm not sure I want node itself to cache
16:14:57  * dap_joined
16:19:51  * Nikolai__joined
16:20:47  * janjongboomjoined
16:22:18  * mikolalysenkojoined
16:22:43  * Qardjoined
16:23:49  <mmalecki>so I feel like this might be a bug in the core, but not sure if there's a reasonable way to fix it without running into edge-cases
16:24:00  <tjfontaine>what's that?
16:24:02  <mmalecki>(originally reported by `3E, but not made into an issue yet)
16:24:37  <mmalecki>so when you close a server and have keep-alive clients, the server will be up as long as those keep-alive clients are connected, thus still accepting requests
16:25:02  * paulfryzelquit (Remote host closed the connection)
16:25:22  <mmalecki>(only on those keep-alive connections, yes)
16:25:24  <tjfontaine>server.listen().close() clients connected in keep-alive are still connected, but you're saying we're still accept()ing?
16:25:29  <tjfontaine>oh you mean
16:25:36  <tjfontaine>new requests are still issued
16:25:40  * paulfryzeljoined
16:25:43  <tjfontaine>ya that's not a bug that's a feature :)
16:25:47  <mmalecki>no, we're not accept()ing anymore. we already accept()ed those sockets
16:25:57  <tjfontaine>right, but they send another `GET /`
16:25:59  <tjfontaine>for instance
16:26:06  <mmalecki>yeah, on the keep-alive connection
16:26:40  <bradleymeck>might be nice to include a way to downgrade off keep-alive for conns, but don’t know how many people would use it
16:26:41  <tjfontaine>I'm not sure there's much we can do aside from proxying an event like serverShutdown
16:27:05  <mmalecki>yeah, and killing all keep-alive connections on .close() is too much
16:28:52  <tjfontaine>we might be able to stash some state such that they could only do at most one more request
16:29:17  <mmalecki>so stash .serverClosing = true on requests
16:29:23  <tjfontaine>and then resp.once('finish', resp.close)
16:29:26  <mmalecki>then on .end of those requests check if that's true
16:29:43  <mmalecki>tjfontaine's is more valid, yeah
16:29:56  * paulfryzelquit (Ping timeout: 258 seconds)
16:31:28  <mmalecki>so do you think that would be valid behavior tjfontaine?
16:31:44  <tjfontaine>I think that's valid behavior
16:31:48  <mmalecki>I mean, checking if there's a request going through those sockets and closing them if there's none sounds race-y
16:31:56  <tjfontaine>I'm just trying to decide if there's something even more crisp
16:33:06  <tjfontaine>it would be slightly interesting to keep track on the socket if there's a request currently in flight
16:33:41  <mmalecki>I *think* we could tell by parser state already
16:34:18  <tjfontaine>we could parser.pause but that would cause an unclean shutdown
16:36:13  <mmalecki>hmm, our parser doesn't seem to export its state
16:36:28  <tjfontaine>so we could iterate and call .destroySoon
16:36:44  <mmalecki>would that wait until ends of requests?
16:36:53  <mmalecki>we still want a request to go through if there's one
16:37:06  <mmalecki>that's the current behavior, at least
16:37:23  <tjfontaine>yes, if socket is still writable and hasn't finished we set a once('finish', destroy)
16:37:41  <mmalecki>oh yeah, that'd work
16:37:55  <mmalecki>can I patch?
16:38:07  <tjfontaine>yes, I think so -- test case please as well?
16:38:17  <mmalecki>sure
16:40:39  <mmalecki>this'll be in about ~12 h tho
16:40:47  * mmaleckineeds to catch up on actual work
16:41:04  <tjfontaine>mmalecki: that's fine -- lemme see if there's a bug already filed for this
16:42:11  * paulfryzeljoined
16:43:11  <tjfontaine>mmalecki: can you file an issue, and describe the proposed solution
16:43:36  <mmalecki>tjfontaine: sure can :)
16:43:44  <tjfontaine>oh wait
16:47:01  <rendar>piscisaureus: what about using GetAddressInfoEx() in windows 7.x and superior?
16:48:05  * TooTallNatejoined
16:49:47  <mmalecki>tjfontaine: waiting :)
16:50:40  * benviejoined
16:55:29  <tjfontaine>haha sorry
16:55:35  <tjfontaine>mmalecki: https://github.com/joyent/node/issues/7011
16:55:53  <tjfontaine>it's the other side of it
16:56:50  * thlorenzquit (Remote host closed the connection)
16:58:38  * janjongboomquit (Quit: My MacBook has gone to sleep. ZZZzzz…)
17:01:16  * dap_1joined
17:01:56  * brsonjoined
17:02:10  * janjongboomjoined
17:02:29  * dap_quit (Ping timeout: 240 seconds)
17:03:48  <mmalecki>tjfontaine: a'ight, thanks
17:03:57  <mmalecki>tjfontaine: I'll open an issue for server then
17:05:22  <tjfontaine>wtf curl
17:05:28  <tjfontaine>Warning: Keep-alive functionality somewhat crippled due to missing support in
17:05:28  <tjfontaine>Warning: your operating system!
17:05:42  <mmalecki>wut? how's this I don't even
17:06:01  <tjfontaine>curl --keepalive-time 60
17:06:03  <tjfontaine>is what i invoked
17:06:42  <mmalecki>that worked for me
17:07:26  <tjfontaine>ok so I was just checking now with telnet and indeed the behavior does still exist :P
17:07:53  <mmalecki>you can just check that with firefox
17:08:03  <tjfontaine>what is this firefox? :P
17:08:10  <mmalecki>or any browser
17:08:12  <mmalecki>haha
17:12:52  * thlorenzjoined
17:13:51  * saghuljoined
17:15:52  * paddybyersquit (Quit: paddybyers)
17:32:25  * mikolalysenkoquit (Ping timeout: 258 seconds)
17:32:34  * mikolalysenkojoined
17:41:37  * seldojoined
17:46:10  * seldoquit (Remote host closed the connection)
17:46:28  * seldojoined
17:49:27  * thlorenzquit (Remote host closed the connection)
17:50:01  * thlorenzjoined
17:52:09  * paddybyersjoined
17:52:55  * seldo_quit
17:53:29  * benviequit (Ping timeout: 265 seconds)
17:53:31  * kazuponquit (Remote host closed the connection)
17:55:08  * thlorenzquit (Ping timeout: 276 seconds)
17:56:47  * thlorenzjoined
18:02:12  * benviejoined
18:10:07  * paulfryzelquit (Remote host closed the connection)
18:10:46  * paulfryzeljoined
18:10:53  * rosskjoined
18:15:13  * paulfryzelquit (Ping timeout: 252 seconds)
18:21:07  * janjongboomquit (Quit: My MacBook has gone to sleep. ZZZzzz…)
18:21:15  * paddybyers_joined
18:21:27  * paddybyersquit (Ping timeout: 252 seconds)
18:21:27  * paddybyers_changed nick to paddybyers
18:25:11  * mikolalysenkoquit (Ping timeout: 250 seconds)
18:30:30  * mikolalysenkojoined
18:31:06  * paulfryzeljoined
18:39:40  * c4milojoined
18:43:57  * dap_1quit (Quit: Leaving.)
18:59:03  * mikolalysenkoquit (Ping timeout: 245 seconds)
19:01:55  * paddybyersquit (Quit: paddybyers)
19:03:49  * bajtosquit (Quit: bajtos)
19:05:09  * paddybyersjoined
19:17:11  * mcavage_joined
19:20:56  * mcavagequit (Ping timeout: 276 seconds)
19:22:57  * c4miloquit (Remote host closed the connection)
19:34:15  <trevnorris>afternoon
19:36:51  <trevnorris>um. i'm not sure how to respond to this first question: https://github.com/joyent/node/issues/7456#issuecomment-40436672
19:43:54  * mcavagejoined
19:44:00  * yunong_joined
19:45:11  <indutny>almost igured out OCSP thing
19:46:35  * yunongquit (Ping timeout: 258 seconds)
19:46:39  * mcavage_quit (Ping timeout: 250 seconds)
19:47:25  <indutny>trevnorris: replied
19:47:53  * dap_joined
19:48:07  * dap_quit (Client Quit)
19:48:26  <trevnorris>indutny: thanks. i think the line about "where do you get the code lines from" almost made me think it was a joke
19:48:54  <indutny>perhaps it is
19:48:57  <indutny>but quite a bad one
19:49:50  * dap_joined
19:51:06  <indutny>tjfontaine: you still there?
20:03:13  <trevnorris>piscisaureus: ping
20:03:22  * prettymuchbryce_joined
20:03:38  * prettymuchbrycequit (Ping timeout: 245 seconds)
20:03:38  * prettymuchbryce_changed nick to prettymuchbryce
20:04:26  <MI6>joyent/node: Vladimir Kurchatkin master * 2c6b424 : events: check if _events is an own property - http://git.io/LEr-aw
20:09:03  <tjfontaine>indutny: here
20:12:36  * paddybyersquit (Quit: paddybyers)
20:27:33  * paddybyersjoined
20:34:48  * TooTallNatequit (Quit: Computer has gone to sleep.)
20:41:08  * saghulquit (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
20:47:33  <tjfontaine>indutny: is ocsp a fixed size result? or arbitrary?
20:47:44  <indutny>ocsp could be arbitrary
20:47:50  <indutny>you mean response, right?
20:47:54  <tjfontaine>yes
20:47:57  <indutny>it could contain extensions
20:48:07  <indutny>and I think the signature could have different size
20:48:15  <indutny>depending on CA's cert size
20:48:30  <tjfontaine>I'm also wondering about something like https://gist.github.com/tjfontaine/10769923
20:50:00  <indutny>nope
20:50:01  <indutny>:)
20:50:06  <indutny>this is possible in user-land
20:50:12  <indutny>I'll do it
20:50:23  <indutny>it is just a matter of implementing plugins for asn1.js
20:50:35  <indutny>I already have some basic grammars for OCSP Response handling
20:50:40  <indutny>now it's time to add OCSP Requests
20:50:44  <indutny>and X509 certificate
20:51:04  <indutny>fuck, this macbook keeps ejecting all of my cds
20:52:19  <indutny>tjfontaine: http://github.com/indutny/asn1.js
20:52:21  <tjfontaine>+ if (self.server.listeners('OCSPRequest').length === 0 ||
20:52:23  <tjfontaine> + !self.server.emit('OCSPRequest',
20:52:31  <indutny>https://github.com/indutny/asn1.js/blob/master/rfc/2560/index.js#L9
20:52:34  <tjfontaine>I don't understand that -- isn't that exactly what emit does?
20:52:37  * prettymuchbrycequit (Quit: prettymuchbryce)
20:52:38  <indutny>it is
20:52:47  <indutny>I just want to avoid calling getCeriticate()
20:52:49  <indutny>and getIssuer()
20:52:51  <tjfontaine>indutny: I know -- I'm kinda wondering why not bring it in? :)
20:53:10  <tjfontaine>but not necessarily for 0.12
20:53:10  <indutny>I could place it on the other side of `if`
20:53:18  <indutny>tjfontaine: because it is incomplete
20:53:21  <indutny>and needs to be updated
20:53:37  <tjfontaine>we could start with openssl bindings
20:53:43  <indutny>no, please no
20:53:47  <indutny>there is no point in it
20:53:53  <indutny>end user will use a module anyway
20:54:18  <indutny>and this is good
20:54:21  * Ralithquit (Ping timeout: 252 seconds)
20:54:22  <indutny>and how it should be
20:54:38  <indutny>if there will be a need in a core functions for it
20:54:41  <indutny>v0.14 will fullfill it
20:55:00  <tjfontaine>I'm not talking for 0.12 anyway -- I'm just thinking -- trying to make sure we have something useful for people
20:55:37  <tjfontaine>and the emit line, why bother doing the listeners check?
20:56:08  <indutny>to avoid unnecessary getCertificate() and getIssuer() calls
20:56:36  <tjfontaine>oh, but those just make buffers in C++?
20:56:48  <indutny>yes
20:56:53  <indutny>and there is no point in it
20:56:59  <indutny>if there is no event listener
20:57:01  <indutny>force pushed fix
20:57:02  <tjfontaine>ya but I'm not sure the difference is measurable
20:57:47  * prettymuchbrycejoined
20:58:11  <indutny>tjfontaine: I think it is
20:58:24  <indutny>it needs to encode X509 cert
20:58:35  <indutny>which isn't really hard, but anyway
20:58:42  <indutny>why not avoid it, if we could
20:59:12  <tjfontaine>why not avoid it until we know it's a problem? but anyway I don't really care about that at the moment it was just something I saw
20:59:26  * octetcloudjoined
21:00:08  <indutny>ok
21:01:14  * paulfryzelquit (Read error: Connection reset by peer)
21:01:44  * paulfryzeljoined
21:05:55  * c4milojoined
21:06:35  * paddybyersquit (Quit: paddybyers)
21:06:35  * paulfryzelquit (Read error: Connection reset by peer)
21:06:49  * paulfryzeljoined
21:07:09  * rmgquit (Remote host closed the connection)
21:08:13  * c4miloquit (Remote host closed the connection)
21:08:50  * piscisaureusquit (Ping timeout: 276 seconds)
21:10:53  <indutny>tjfontaine: going to push update to it
21:11:03  <indutny>will add id-pe-authorityInfoAccess to getPeerCert()
21:11:14  <indutny>this should make it possible to valid OCSP response on client
21:11:25  <tjfontaine>ok -- is SSL_set_tlsext_status_ocsp_resp "async" in the sense that the buffer may not be immediately flushed out?
21:11:42  <indutny>it takes ownership, I think
21:12:12  <indutny>I'm copying data there
21:16:46  * paulfryzelquit (Remote host closed the connection)
21:17:24  * paulfryzeljoined
21:19:05  * paddybyersjoined
21:19:25  * m76quit (Read error: Connection reset by peer)
21:20:21  * brsonquit (Ping timeout: 265 seconds)
21:20:50  * paulfryz_joined
21:21:48  * paulfryzelquit (Ping timeout: 265 seconds)
21:23:13  * Nikolai__quit (Ping timeout: 245 seconds)
21:25:31  * paulfryz_quit (Ping timeout: 252 seconds)
21:31:19  * c4milojoined
21:35:10  * thlorenzquit (Remote host closed the connection)
21:41:01  <indutny>tjfontaine: force pushed
21:41:12  * hzquit
21:41:17  <indutny>added infoAccess property to getPeerCertificate()
21:41:33  <indutny>it should be possible to perform validation of OCSP response using it
21:41:45  <indutny>however
21:41:49  <indutny>there is a slight nuance here
21:41:57  <indutny>the OCSPResponse event is synchronous
21:42:01  <indutny>and requesting OCSP endpoint is not
21:42:16  * janjongboomjoined
21:42:23  <indutny>so, the socket needs to be non-writable for some time until OCSP is checked
21:42:30  <indutny>I wonder if it is possible to do it in user-land
21:42:32  <indutny>without hacks
21:42:45  <indutny>perhaps creating a passthrough stream?
21:43:43  <indutny>basically, OCSPResponse is a signed reply from CA
21:43:52  <indutny>you need to get CA's cert using getPeerCertificate()
21:44:00  <indutny>and verify that the signature of OCSPResponse is valid
21:44:31  * brsonjoined
21:45:17  <indutny>I think it could be wrapped in a module
21:45:25  <indutny>but it still bothers me that the actual handshake will happen
21:45:29  <indutny>not sure if it s a security problem
21:45:30  <indutny>ok
21:45:33  <indutny>ttyl, going to watch movie
21:46:01  * Ralithjoined
21:50:28  * hzjoined
21:51:15  <indutny>tjfontaine: perhaps, we should add callback to it anyway
21:51:24  <indutny>but should not write any data until it is called
21:51:39  * paulfryzeljoined
21:54:16  <tjfontaine>indutny: hm
21:55:40  <tjfontaine>info access are the extensions?
21:57:47  * paulfryzelquit (Ping timeout: 252 seconds)
22:01:14  * saghuljoined
22:01:41  * saghulquit (Client Quit)
22:02:30  * yunongjoined
22:03:38  * c4miloquit (Remote host closed the connection)
22:04:05  * yunong_quit (Ping timeout: 276 seconds)
22:04:07  * c4milojoined
22:05:48  * c4milo_joined
22:09:17  * c4miloquit (Ping timeout: 276 seconds)
22:10:06  * rendarquit
22:11:46  * rmgjoined
22:16:46  * paddybyersquit (Quit: paddybyers)
22:18:46  * hz_joined
22:18:46  * hz_quit (Changing host)
22:18:46  * hz_joined
22:18:51  * hzquit (Disconnected by services)
22:18:52  * hz_changed nick to hz
22:19:26  * hz_joined
22:19:26  * hz_quit (Changing host)
22:19:26  * hz_joined
22:19:31  * hzquit (Disconnected by services)
22:19:32  * hz_changed nick to hz
22:23:47  * dap_quit (Quit: Leaving.)
22:26:21  * paddybyersjoined
22:27:35  * dap_joined
22:31:10  <isaacs>tjfontaine: just pushed a new npm to npm
22:31:15  <isaacs>tjfontaine: about to push to node master
22:31:22  <tjfontaine>isaacs: ok
22:31:35  <tjfontaine>executive summary of changelog?
22:32:01  * c4milo_quit (Remote host closed the connection)
22:34:54  <MI6>joyent/node: isaacs created branch npm-1.4.7 - http://git.io/W8Skag
22:35:02  <isaacs>tjfontaine: See ^
22:35:10  <isaacs>oh... that, um... that also has the url thing
22:36:04  <isaacs>tjfontaine: probably it's fine, though
22:37:11  * dap_quit (Quit: Leaving.)
22:37:24  * yunong_joined
22:38:39  * mcavagequit (Remote host closed the connection)
22:39:57  * yunongquit (Ping timeout: 252 seconds)
22:40:03  * dap_joined
22:49:51  <isaacs>tjfontaine: lgty?
22:50:11  <tjfontaine>do you want to push that url thing?
22:52:00  <indutny>tjfontaine: yes, they are
22:52:08  <indutny>tjfontaine: but they are usually present in every cert
22:52:22  <indutny>and are the only way to obtain issuer's cert if it isn't in a store
22:52:31  <indutny>hm..
22:52:39  <indutny>I think I may try to fetch issuer's cert out of the store, actually
22:52:47  <indutny>in a getPeerCertificate()
22:53:29  <isaacs>tjfontaine: yes, it's clearly a bug, and a security hazard
22:53:46  * bradleymeckquit (Quit: bradleymeck)
22:53:55  * kevinsimperquit
22:54:17  <isaacs>tjfontaine: that is, it's a violation of the contract, in an area of the code that people typically use to prevent XSS and phishing exploits. npmjs.org was vulnerable to this (fixed on our site as well, because defense in depth, but others might not realize that it's not identical to browsers)
22:54:29  <isaacs>but i'll leave that up to you
22:54:38  * paulfryzeljoined
22:56:52  <tjfontaine>what I was trying to asses was if this was something you wanted to include with the npm upgrade
22:57:16  <tjfontaine>vs OOB when we do another rollup
22:59:26  * paulfryzelquit (Ping timeout: 265 seconds)
23:00:23  <isaacs>heh, you said asses
23:00:50  <isaacs>tjfontaine: yeah, if you wanna push that down the road a ways, that's up to you. i'm happy to slice and dice however. but i'd like to see a new npm go out in a new node stable asap.
23:01:08  <isaacs>tjfontaine: because that tends to increase the likelihood that people are not using old crusty garbage.
23:01:14  <isaacs>tjfontaine: which amkes my life a LOT easier
23:02:05  <tjfontaine>patch release are fine for landing, of course so long as you're following the semver stuff :)
23:06:12  * petka_quit (Quit: Connection closed for inactivity)
23:09:45  * mcavagejoined
23:20:06  * AvianFluquit (Remote host closed the connection)
23:26:35  * TooTallNatejoined
23:30:25  * seldoquit (Remote host closed the connection)
23:32:07  * seldojoined
23:33:39  <isaacs>yep
23:33:41  <isaacs>kk, landing
23:39:48  * hzquit
23:41:33  * octetcloudquit (Ping timeout: 245 seconds)
23:42:14  * benviequit (Ping timeout: 276 seconds)
23:42:49  * thlorenzjoined
23:44:27  * paddybyersquit (Quit: paddybyers)
23:46:45  * paddybyersjoined
23:47:54  * bradleymeckjoined
23:48:31  * bradleymeckquit (Client Quit)
23:51:39  * benviejoined
23:56:42  * inolenquit (Quit: Leaving.)
23:57:04  * paulfryzeljoined