-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https: support rejectUnauthorized for unix sockets #13505
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test needs a common.refreshTmpDir()
.
server.close(); | ||
})); | ||
|
||
server.listen(common.PIPE, common.mustCall(() => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using common.PIPE
requires common.refreshTmpDir()
(unless the test only runs on Windows).
})); | ||
|
||
server.listen(common.PIPE, common.mustCall(() => { | ||
https.request({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Super tiny nit: what do you think about using https.get()
? I like it because it calls request.end()
implicitly.
Added |
This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Fixes: nodejs#13470 PR-URL: nodejs#13505 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Fixes: #13470 PR-URL: #13505 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560)
* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTP** * A regression that broke certain scenarios in which HTTP is used together with the `cluster` module has been fixed. [[`fff8a56d6f`](fff8a56d6f)] [#13578](#13578) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560) PR-URL: #13598
* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTP** * A regression that broke certain scenarios in which HTTP is used together with the `cluster` module has been fixed. [[`fff8a56d6f`](fff8a56d6f)] [#13578](#13578) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560) PR-URL: #13598
* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTP** * A regression that broke certain scenarios in which HTTP is used together with the `cluster` module has been fixed. [[`fff8a56d6f`](fff8a56d6f)] [#13578](#13578) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560) PR-URL: #13598
* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTP** * A regression that broke certain scenarios in which HTTP is used together with the `cluster` module has been fixed. [[`fff8a56d6f`](fff8a56d6f)] [#13578](#13578) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560) PR-URL: #13598
* **Child processes** * `stdout` and `stderr` are now available on the error output of a failed call to the `util.promisify()`ed version of `child_process.exec`. [[`d66d4fc94c`](d66d4fc94c)] [#13388](#13388) * **HTTP** * A regression that broke certain scenarios in which HTTP is used together with the `cluster` module has been fixed. [[`fff8a56d6f`](fff8a56d6f)] [#13578](#13578) * **HTTPS** * The `rejectUnauthorized` option now works properly for unix sockets. [[`c4cbd99d37`](c4cbd99d37)] [#13505](#13505) * **Readline** * A change that broke `npm init` and other code which uses `readline` multiple times on the same input stream is reverted. [[`0df6c0b5f0`](0df6c0b5f0)] [#13560](#13560) PR-URL: #13598
should this land on v6.x? Was this a new feature or a bugfix? |
Its a bug fix, there was a problem with self-signed certs on unix domain sockets (TCP and Unix domain sockets should not have differences in their TLS behaviour).
|
Doesn't cherry pick, I am backporting. |
This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Fixes: nodejs#13470 PR-URL: nodejs#13505 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Backport-PR-URL: #14415 Fixes: #13470 PR-URL: #13505 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Backport-PR-URL: #14415 Fixes: #13470 PR-URL: #13505 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This commit allows self signed certificates to work with unix sockets by forwarding the
rejectUnauthorized
option.Fixes: #13470
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
https