Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extra CA certificates missing from tls.rootCertificates #32074

Closed
ebickle opened this issue Mar 3, 2020 · 0 comments
Closed

Extra CA certificates missing from tls.rootCertificates #32074

ebickle opened this issue Mar 3, 2020 · 0 comments

Comments

@ebickle
Copy link
Contributor

ebickle commented Mar 3, 2020

  • Version: v14.0.0-pre (master)
  • Platform: Windows 10 Version 1903 64-bit (OS Build 18362.657)
  • Subsystem: crypto / tls

What steps will reproduce the bug?

  1. Set NODE_EXTRA_CA_CERTS environment variable to a root certificate file.
  2. Read contents of tls.rootCertificates array.

How often does it reproduce? Is there a required condition?

Reproduces 100% of the time.

What is the expected behavior?

tls.rootCertificates array should contain the root certificate supplied in NODE_EXTRA_CA_CERTS. Documentation for tls.rootCertificates (https://nodejs.org/api/tls.html#tls_tls_rootcertificates) states that it "represents the root certificates used for verifying peer certificates" and that it is the "default value of the ca option to tls.createSecureContext()".

The certificate supplied to NODE_EXTRA_CA_CERTS is used to verify peer certificates and is also used in the default value of the ca option to tls.createSecureContext()'. It's omission from tls.rootCertificates is a defect.

What do you see instead?

Contents of tls.rootCertificates contains only the hard-coded set of node.js root certificates when NODE_EXTRA_CA_CERTS is supplied.
ebickle added a commit to ebickle/node that referenced this issue Mar 3, 2020
@ebickle
src: fix missing extra ca in tls.rootCertificates
7717169 
Fixes tls.rootCertificates missing certificates loaded from NODE_EXTRA_CA_CERTS.

Fixes: nodejs#32074
@ebickle ebickle mentioned this issue Mar 3, 2020
Closed
3 tasks
ebickle added a commit to ebickle/node that referenced this issue Mar 5, 2020
@ebickle
src: fix missing extra ca in tls.rootCertificates
14f3a86 
Fixes tls.rootCertificates missing certificates loaded from NODE_EXTRA_CA_CERTS.

Fixes: nodejs#32074
MylesBorins pushed a commit that referenced this issue Mar 11, 2020
@ebickle @MylesBorins
src: fix missing extra ca in tls.rootCertificates
1fc7c04 
Fixes tls.rootCertificates missing certificates loaded from
NODE_EXTRA_CA_CERTS.

Fixes: #32074

PR-URL: #32075
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this issue Mar 11, 2020
@ebickle @MylesBorins
src: fix missing extra ca in tls.rootCertificates
2248ba7 
Fixes tls.rootCertificates missing certificates loaded from
NODE_EXTRA_CA_CERTS.

Fixes: #32074

PR-URL: #32075
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@AdamMajer AdamMajer mentioned this issue Mar 12, 2020
Closed
ebickle added a commit to ebickle/node that referenced this issue Mar 17, 2020
@ebickle
src: fix missing extra ca in tls.rootCertificates
55a13f8 
Fixes tls.rootCertificates missing certificates loaded from NODE_EXTRA_CA_CERTS.

Fixes: nodejs#32074
@ebickle ebickle mentioned this issue Apr 2, 2020
Closed
3 tasks
targos pushed a commit that referenced this issue Apr 22, 2020
@ebickle @targos
src: fix missing extra ca in tls.rootCertificates
5b2f698 
Fixes tls.rootCertificates missing certificates loaded from
NODE_EXTRA_CA_CERTS.

Fixes: #32074

PR-URL: #32075
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
ebickle added a commit to ebickle/node that referenced this issue May 8, 2020
@ebickle
Revert "src: fix missing extra ca in tls.rootCertificates"
56a430a 
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: nodejs#32229
Refs: nodejs#32074
ebickle added a commit to ebickle/node that referenced this issue May 8, 2020
@ebickle
doc: correct tls.rootCertificates to match implementation
3a65605 
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext.

Fixes: nodejs#32074
Refs: nodejs#32229
BridgeAR pushed a commit to BridgeAR/node that referenced this issue May 23, 2020
@ebickle @BridgeAR
Revert "src: fix missing extra ca in tls.rootCertificates"
442610f 
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: nodejs#32229
Refs: nodejs#32074

PR-URL: nodejs#33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
BridgeAR pushed a commit to BridgeAR/node that referenced this issue May 23, 2020
@ebickle @BridgeAR
doc: correct tls.rootCertificates to match implementation
7a2c67c 
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: nodejs#32074
Refs: nodejs#32229

PR-URL: nodejs#33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jun 18, 2020
@ebickle @codebytere
Revert "src: fix missing extra ca in tls.rootCertificates"
ba178c7 
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jun 18, 2020
@ebickle @codebytere
doc: correct tls.rootCertificates to match implementation
34c26df 
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jun 18, 2020
@ebickle @codebytere
Revert "src: fix missing extra ca in tls.rootCertificates"
3f1c756 
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jun 18, 2020
@ebickle @codebytere
doc: correct tls.rootCertificates to match implementation
7c87fc1 
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jun 30, 2020
@ebickle @codebytere
Revert "src: fix missing extra ca in tls.rootCertificates"
d5aa413 
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jun 30, 2020
@ebickle @codebytere
doc: correct tls.rootCertificates to match implementation
2643b09 
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jul 8, 2020
@ebickle @codebytere
Revert "src: fix missing extra ca in tls.rootCertificates"
e105034 
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this issue Jul 8, 2020
@ebickle @codebytere
doc: correct tls.rootCertificates to match implementation
281d7f7 
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@pimterry pimterry mentioned this issue Jan 31, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

src: fix missing extra ca in tls.rootCertificates ebickle/node
1 participant
@ebickle