-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update tls.md #46224
Update tls.md #46224
Conversation
@nodejs/crypto @nodejs/http Putting aside formatting for a moment, is the content of this addition correct? |
Yes, as of version 18.12.1. In brief, I'm writing an FTP service that constructs a new TLS server for the data channel for each client session and believed there was some optimization in creating secureContext once. The documentation error, at least, needs to be fixed. I reviewed source code to confirm. /lib/_tls_wrap.js line 1211 passes the whole tls.Server constructor options object to tls.Server.setSecureContext(). Those options are masticated and passed to tls.createSecureContext() to initialize tls.Server._sharedCreds. It's this property that is passed in secureContext option when constructing tls.Socket, same file line 1096 in function tlsConnectionListener I'm not sure this is the correct or complete resolution. It's surprising that tls.Server options validation does not fail. The client error when connecting to a server constructed with secureContext fails cryptically: "Error: Client network socket disconnected before secure TLS connection was established" |
Totally agree--I had a vague hope the github editor would apply lint, pretty, etal on commit. |
Yeah, no problem there, I'm happy to fix the formatting etc. I just want confirmation from the relevant subsystem maintainers that the information is correct and complete, this is not a bug, etc. |
tls.createServer() and new tls.Server() ignore secureContext option.
Landed in 6ecbd57 |
tls.createServer() and new tls.Server() ignore secureContext option. PR-URL: #46224 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Rich Trott <rtrott@gmail.com>
tls.createServer() and new tls.Server() ignore secureContext option. PR-URL: #46224 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Rich Trott <rtrott@gmail.com>
tls.createServer() and new tls.Server() ignore secureContext option. PR-URL: #46224 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Rich Trott <rtrott@gmail.com>
tls.createServer() and new tls.Server() ignore secureContext option