Skip to content

Commit

Permalink
doc: fix inconsistent documentation (host vs hostname)
Browse files Browse the repository at this point in the history
Update reference to read `hostname` instead of `host` for consistency.

Also update function signature to use `hostname` rather than `host`

PR-URL: #20933
Refs: #20892
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
davisokoth authored and apapirovski committed Jun 1, 2018
1 parent 8055bdb commit 38c938a
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 15 deletions.
2 changes: 1 addition & 1 deletion doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -1061,7 +1061,7 @@ deprecated and support will be removed in the future.
[`tls.SecureContext`]: tls.html#tls_tls_createsecurecontext_options
[`tls.SecurePair`]: tls.html#tls_class_securepair
[`tls.TLSSocket`]: tls.html#tls_class_tls_tlssocket
[`tls.checkServerIdentity()`]: tls.html#tls_tls_checkserveridentity_host_cert
[`tls.checkServerIdentity()`]: tls.html#tls_tls_checkserveridentity_hostname_cert
[`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_options
[`util._extend()`]: util.html#util_util_extend_target_source
[`util.debug()`]: util.html#util_util_debug_string
Expand Down
8 changes: 4 additions & 4 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ added: v0.5.3
`cert`, `ca`, etc).

The `server.addContext()` method adds a secure context that will be used if
the client request's SNI hostname matches the supplied `hostname` (or wildcard).
the client request's SNI name matches the supplied `hostname` (or wildcard).

### server.address()
<!-- YAML
Expand Down Expand Up @@ -796,17 +796,17 @@ and their processing can be delayed due to packet loss or reordering. However,
smaller fragments add extra TLS framing bytes and CPU overhead, which may
decrease overall server throughput.

## tls.checkServerIdentity(host, cert)
## tls.checkServerIdentity(hostname, cert)
<!-- YAML
added: v0.8.4
-->

* `host` {string} The hostname to verify the certificate against
* `hostname` {string} The hostname to verify the certificate against
* `cert` {Object} An object representing the peer's certificate. The returned
object has some properties corresponding to the fields of the certificate.
* Returns: {Error|undefined}

Verifies the certificate `cert` is issued to host `host`.
Verifies the certificate `cert` is issued to `hostname`.

Returns {Error} object, populating it with the reason, host, and cert on
failure. On success, returns {undefined}.
Expand Down
21 changes: 11 additions & 10 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -161,14 +161,14 @@ function check(hostParts, pattern, wildcards) {
}

let urlWarningEmitted = false;
exports.checkServerIdentity = function checkServerIdentity(host, cert) {
exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
const subject = cert.subject;
const altNames = cert.subjectaltname;
const dnsNames = [];
const uriNames = [];
const ips = [];

host = '' + host;
hostname = '' + hostname;

if (altNames) {
for (const name of altNames.split(', ')) {
Expand Down Expand Up @@ -200,14 +200,14 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
let valid = false;
let reason = 'Unknown reason';

if (net.isIP(host)) {
valid = ips.includes(canonicalizeIP(host));
if (net.isIP(hostname)) {
valid = ips.includes(canonicalizeIP(hostname));
if (!valid)
reason = `IP: ${host} is not in the cert's list: ${ips.join(', ')}`;
reason = `IP: ${hostname} is not in the cert's list: ${ips.join(', ')}`;
// TODO(bnoordhuis) Also check URI SANs that are IP addresses.
} else if (subject) {
host = unfqdn(host); // Remove trailing dot for error messages.
const hostParts = splitHost(host);
hostname = unfqdn(hostname); // Remove trailing dot for error messages.
const hostParts = splitHost(hostname);
const wildcard = (pattern) => check(hostParts, pattern, true);
const noWildcard = (pattern) => check(hostParts, pattern, false);

Expand All @@ -221,11 +221,12 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
valid = wildcard(cn);

if (!valid)
reason = `Host: ${host}. is not cert's CN: ${cn}`;
reason = `Host: ${hostname}. is not cert's CN: ${cn}`;
} else {
valid = dnsNames.some(wildcard) || uriNames.some(noWildcard);
if (!valid)
reason = `Host: ${host}. is not in the cert's altnames: ${altNames}`;
reason =
`Host: ${hostname}. is not in the cert's altnames: ${altNames}`;
}
} else {
reason = 'Cert is empty';
Expand All @@ -234,7 +235,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
if (!valid) {
const err = new ERR_TLS_CERT_ALTNAME_INVALID(reason);
err.reason = reason;
err.host = host;
err.host = hostname;
err.cert = cert;
return err;
}
Expand Down

0 comments on commit 38c938a

Please sign in to comment.