-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: inconsistency between doc and code for createSecureContext() options in TLSSocket constructor #10538
Comments
Unlike all the other tls APIs, if any secure context configuration is required, the caller is responsible for creating the context. Corrects a doc regression introduced in caa7fa9. Fix nodejs#10538
@jkryl and @nbdd0121 I started to change the code to accept all the options of AFAICT, its impossible to actually use a You two are clearly using this constructor, or you wouldn't have noticed the docs about the secureContext were wrong. Am I off-base in thinking that it is necessary to use undocumented APIs when directly constructing a I'm about to go searching for npmjs.org code that uses this feature to figure out what the actual documented API surface should be, I think secure websockets might be one user, but any pointers are appreciated. |
hi @sam-github, I'm trying to use tls.TLSSocket in this pull request: nodeftpd/nodeftpd#123. It is about upgrading unencrypted socket to TLS socket upon "AUTH TLS" FTP command. Note that because of this bug I have to create the secure context explicitly and then pass it to the constructor. So that extra code should go away when this issue is fixed. |
@jkryl, I'll have to deal with this soon, so I''d love if you (edit: or anyone. :-) ) could make a package that abstracts these API differences away and make it easy to write code in a manner that's future proof both in the sense of a centralized location for upcoming fixes, as well as not relying on people remembering unintuitive things. |
@MylesBorins I marked #10846 for landing on v4 and v6, so that will be easy to write code that works on all LTS releases as well as current. @mk-pmb |
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: nodejs#10538 PR-URL: nodejs#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: nodejs#10538 PR-URL: nodejs#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: nodejs#10538 PR-URL: nodejs#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: nodejs#10538 PR-URL: nodejs#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: nodejs#10538 PR-URL: nodejs#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: #10538 PR-URL: #11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: #10538 PR-URL: #11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: #10538 PR-URL: #11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: #10538 PR-URL: #11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Because of a poorly constructed test, only one of the two test vectors ran. The test also failed to cover the authentication error that occurs when the server's certificate is not trusted. Both issues are fixed. Fix: nodejs/node#10538 PR-URL: nodejs/node#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Add support to new tls.TLSSocket() to create a SecureContext object with all its supported options, in the same way they are supported for all the other APIs that need SecureContext objects. Fix: nodejs/node#10538 PR-URL: nodejs/node#11005 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
In current TLS doc, when documenting options argument of the constructor of TLSSocket, it says
However, in line 351 of _tls_wrap.js,
tls.createSecureContext()
is called without arguments at all. This inconsistency is introduced in caa7fa9. Either the doc or the code must be changed to match.In my opinion I believe that what is described in the doc is sensible, but I believe that a community consensus must be reached to actually decide the correct behavior.
The text was updated successfully, but these errors were encountered: