From 1766dd4f5c84d8aa5dd973c49d1455630957d4e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 27 Mar 2022 17:51:47 +0200 Subject: [PATCH] doc: suggest checkHost in checkServerIdentity docs Refs: https://github.com/nodejs/node/pull/42470 --- doc/api/tls.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/api/tls.md b/doc/api/tls.md index ad0f5d013cc683..65fb7eda4e0dfc 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1525,6 +1525,11 @@ Verifies the certificate `cert` is issued to `hostname`. Returns {Error} object, populating it with `reason`, `host`, and `cert` on failure. On success, returns {undefined}. +This function is intended to be used in combination with the +`checkServerIdentity` option that can be passed to [`tls.connect()`][] and as +such operates on a [certificate object][]. For other purposes, consider using +[`x509.checkHost()`][] instead. + This function can be overwritten by providing an alternative function as the `options.checkServerIdentity` option that is passed to `tls.connect()`. The overwriting function can call `tls.checkServerIdentity()` of course, to augment @@ -2257,6 +2262,7 @@ added: v11.4.0 [`tls.createServer()`]: #tlscreateserveroptions-secureconnectionlistener [`tls.getCiphers()`]: #tlsgetciphers [`tls.rootCertificates`]: #tlsrootcertificates +[`x509.checkHost()`]: crypto.md#x509checkhostname-options [asn1.js]: https://www.npmjs.com/package/asn1.js [certificate object]: #certificate-object [cipher list format]: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT