-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extra CA certificates missing from tls.rootCertificates #32074
Comments
ebickle
added a commit
to ebickle/node
that referenced
this issue
Mar 3, 2020
Fixes tls.rootCertificates missing certificates loaded from NODE_EXTRA_CA_CERTS. Fixes: nodejs#32074
3 tasks
ebickle
added a commit
to ebickle/node
that referenced
this issue
Mar 5, 2020
Fixes tls.rootCertificates missing certificates loaded from NODE_EXTRA_CA_CERTS. Fixes: nodejs#32074
ebickle
added a commit
to ebickle/node
that referenced
this issue
Mar 17, 2020
Fixes tls.rootCertificates missing certificates loaded from NODE_EXTRA_CA_CERTS. Fixes: nodejs#32074
3 tasks
ebickle
added a commit
to ebickle/node
that referenced
this issue
May 8, 2020
A fix to tls.rootCertificates to have it correctly return the process' current root certificates resulted in non-deterministic behavior when Node.js is configured to use an OpenSSL system or file-based certificate store. The safest action is to revert the change and change the specification for tls.rootCertificates to state that it only returns the bundled certificates instead of the current ones. Fixes: nodejs#32229 Refs: nodejs#32074
ebickle
added a commit
to ebickle/node
that referenced
this issue
May 8, 2020
Update tls.rootCertificates documentation to clarify that it returns the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext. Fixes: nodejs#32074 Refs: nodejs#32229
BridgeAR
pushed a commit
to BridgeAR/node
that referenced
this issue
May 23, 2020
A fix to tls.rootCertificates to have it correctly return the process' current root certificates resulted in non-deterministic behavior when Node.js is configured to use an OpenSSL system or file-based certificate store. The safest action is to revert the change and change the specification for tls.rootCertificates to state that it only returns the bundled certificates instead of the current ones. Fixes: nodejs#32229 Refs: nodejs#32074 PR-URL: nodejs#33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
BridgeAR
pushed a commit
to BridgeAR/node
that referenced
this issue
May 23, 2020
Update tls.rootCertificates documentation to clarify that it returns the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext. Fixes: nodejs#32074 Refs: nodejs#32229 PR-URL: nodejs#33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jun 18, 2020
A fix to tls.rootCertificates to have it correctly return the process' current root certificates resulted in non-deterministic behavior when Node.js is configured to use an OpenSSL system or file-based certificate store. The safest action is to revert the change and change the specification for tls.rootCertificates to state that it only returns the bundled certificates instead of the current ones. Fixes: #32229 Refs: #32074 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jun 18, 2020
Update tls.rootCertificates documentation to clarify that it returns the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext. Fixes: #32074 Refs: #32229 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jun 18, 2020
A fix to tls.rootCertificates to have it correctly return the process' current root certificates resulted in non-deterministic behavior when Node.js is configured to use an OpenSSL system or file-based certificate store. The safest action is to revert the change and change the specification for tls.rootCertificates to state that it only returns the bundled certificates instead of the current ones. Fixes: #32229 Refs: #32074 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jun 18, 2020
Update tls.rootCertificates documentation to clarify that it returns the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext. Fixes: #32074 Refs: #32229 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jun 30, 2020
A fix to tls.rootCertificates to have it correctly return the process' current root certificates resulted in non-deterministic behavior when Node.js is configured to use an OpenSSL system or file-based certificate store. The safest action is to revert the change and change the specification for tls.rootCertificates to state that it only returns the bundled certificates instead of the current ones. Fixes: #32229 Refs: #32074 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jun 30, 2020
Update tls.rootCertificates documentation to clarify that it returns the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext. Fixes: #32074 Refs: #32229 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jul 8, 2020
A fix to tls.rootCertificates to have it correctly return the process' current root certificates resulted in non-deterministic behavior when Node.js is configured to use an OpenSSL system or file-based certificate store. The safest action is to revert the change and change the specification for tls.rootCertificates to state that it only returns the bundled certificates instead of the current ones. Fixes: #32229 Refs: #32074 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Jul 8, 2020
Update tls.rootCertificates documentation to clarify that it returns the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext. Fixes: #32074 Refs: #32229 PR-URL: #33313 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What steps will reproduce the bug?
NODE_EXTRA_CA_CERTS
environment variable to a root certificate file.tls.rootCertificates
array.How often does it reproduce? Is there a required condition?
Reproduces 100% of the time.
What is the expected behavior?
tls.rootCertificates
array should contain the root certificate supplied inNODE_EXTRA_CA_CERTS
. Documentation for tls.rootCertificates (https://nodejs.org/api/tls.html#tls_tls_rootcertificates) states that it "represents the root certificates used for verifying peer certificates" and that it is the "default value of the ca option to tls.createSecureContext()".The certificate supplied to
NODE_EXTRA_CA_CERTS
is used to verify peer certificates and is also used in the default value of the ca option totls.createSecureContext()
'. It's omission fromtls.rootCertificates
is a defect.What do you see instead?
Contents of
tls.rootCertificates
contains only the hard-coded set of node.js root certificates whenNODE_EXTRA_CA_CERTS
is supplied.The text was updated successfully, but these errors were encountered: