Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls ca: option doesn't support the same formats as openssl -CAfile #24761

Closed
sam-github opened this issue Nov 30, 2018 · 0 comments
Closed

tls ca: option doesn't support the same formats as openssl -CAfile #24761

sam-github opened this issue Nov 30, 2018 · 0 comments
Labels
confirmed-bug Issues with confirmed bugs. tls Issues and PRs related to the tls subsystem.

Comments

@sam-github
Copy link
Contributor

  • Version: all
  • Platform: all
  • Subsystem: tls

OpenSSL supports "BEGIN TRUSTED CERTIFICATE", whereas Node.js silently ignores them. When people fail to authenticate with a ca: file, they often try with other tools (openssl s_client -CAfile ..., curl -cacert ..., ...) to confirm where the CAs are valid. They find they are, but that they don't work with Node.js. Ouch.

Fixed in #24733
@sam-github sam-github added tls Issues and PRs related to the tls subsystem. confirmed-bug Issues with confirmed bugs. labels Nov 30, 2018
sam-github added a commit to sam-github/node that referenced this issue Dec 11, 2018
@sam-github
tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
c9afb3c 
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.

Fixes: nodejs#24761
BethGriggs pushed a commit that referenced this issue Dec 17, 2018
@sam-github @BethGriggs
tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
390e050 
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.

Fixes: #24761

PR-URL: #24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
refack pushed a commit to refack/node that referenced this issue Jan 14, 2019
@sam-github @refack
tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
1178a73 
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.

Fixes: nodejs#24761

PR-URL: nodejs#24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
sam-github added a commit to sam-github/node that referenced this issue Apr 29, 2019
@sam-github
tls: support "BEGIN TRUSTED CERTIFICATE" for ca:
1f65f18 
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.

Fixes: nodejs#24761

PR-URL: nodejs#24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed-bug Issues with confirmed bugs. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sam-github