Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert tls.rootCertificates implementation and correct documentation #33313

Closed
wants to merge 2 commits into from

Conversation

ebickle
Copy link
Contributor

@ebickle ebickle commented May 8, 2020

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: nodejs#32229
Refs: nodejs#32074
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates used by tls.createSecureContext.

Fixes: nodejs#32074
Refs: nodejs#32229
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels May 8, 2020
@addaleax
Copy link
Member

@nodejs/crypto

@nodejs-github-bot
Copy link
Collaborator

Copy link
Member

@jasnell jasnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but a subsequent PR that adds a new API that returns the current store would be good I think.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented May 23, 2020

@BridgeAR BridgeAR added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 23, 2020
BridgeAR pushed a commit to BridgeAR/node that referenced this pull request May 23, 2020
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: nodejs#32229
Refs: nodejs#32074

PR-URL: nodejs#33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
BridgeAR pushed a commit to BridgeAR/node that referenced this pull request May 23, 2020
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: nodejs#32074
Refs: nodejs#32229

PR-URL: nodejs#33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@BridgeAR
Copy link
Member

Landed in 9cd83c7...7a2c67c 🎉

@BridgeAR BridgeAR closed this May 23, 2020
codebytere pushed a commit that referenced this pull request Jun 18, 2020
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this pull request Jun 18, 2020
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this pull request Jun 18, 2020
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this pull request Jun 18, 2020
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@codebytere codebytere mentioned this pull request Jun 28, 2020
codebytere pushed a commit that referenced this pull request Jun 30, 2020
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this pull request Jun 30, 2020
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this pull request Jul 8, 2020
A fix to tls.rootCertificates to have it correctly return the
process' current root certificates resulted in non-deterministic
behavior when Node.js is configured to use an OpenSSL system or
file-based certificate store.

The safest action is to revert the change and change the specification
for tls.rootCertificates to state that it only returns the bundled
certificates instead of the current ones.

Fixes: #32229
Refs: #32074

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere pushed a commit that referenced this pull request Jul 8, 2020
Update tls.rootCertificates documentation to clarify that it returns
the bundled Node.js root certificates rather than the root certificates
used by tls.createSecureContext.

Fixes: #32074
Refs: #32229

PR-URL: #33313
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@codebytere codebytere mentioned this pull request Jul 13, 2020
@ebickle ebickle deleted the fix/revert-091444a49d branch August 29, 2022 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants