Skip to content

Commit

Permalink
doc: fix inconsistent documentation (host vs hostname)
Browse files Browse the repository at this point in the history
Update reference to read `hostname` instead of `host` for consistency.

Also update function signature to use `hostname` rather than `host`

PR-URL: #20933
Refs: #20892
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Anatoli Papirovski <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>

Backport-PR-URL: #21172
  • Loading branch information
davisokoth authored and targos committed Jun 13, 2018
1 parent ba17c9e commit 9f9355d
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 14 deletions.
8 changes: 4 additions & 4 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ added: v0.5.3
`cert`, `ca`, etc).

The `server.addContext()` method adds a secure context that will be used if
the client request's SNI hostname matches the supplied `hostname` (or wildcard).
the client request's SNI name matches the supplied `hostname` (or wildcard).

### server.address()
<!-- YAML
Expand Down Expand Up @@ -796,17 +796,17 @@ and their processing can be delayed due to packet loss or reordering. However,
smaller fragments add extra TLS framing bytes and CPU overhead, which may
decrease overall server throughput.

## tls.checkServerIdentity(host, cert)
## tls.checkServerIdentity(hostname, cert)
<!-- YAML
added: v0.8.4
-->

* `host` {string} The hostname to verify the certificate against
* `hostname` {string} The hostname to verify the certificate against
* `cert` {Object} An object representing the peer's certificate. The returned
object has some properties corresponding to the fields of the certificate.
* Returns: {Error|undefined}

Verifies the certificate `cert` is issued to host `host`.
Verifies the certificate `cert` is issued to `hostname`.

Returns {Error} object, populating it with the reason, host, and cert on
failure. On success, returns {undefined}.
Expand Down
21 changes: 11 additions & 10 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -169,14 +169,14 @@ function check(hostParts, pattern, wildcards) {
return true;
}

exports.checkServerIdentity = function checkServerIdentity(host, cert) {
exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
const subject = cert.subject;
const altNames = cert.subjectaltname;
const dnsNames = [];
const uriNames = [];
const ips = [];

host = '' + host;
hostname = '' + hostname;

if (altNames) {
for (const name of altNames.split(', ')) {
Expand All @@ -194,14 +194,14 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
let valid = false;
let reason = 'Unknown reason';

if (net.isIP(host)) {
valid = ips.includes(canonicalizeIP(host));
if (net.isIP(hostname)) {
valid = ips.includes(canonicalizeIP(hostname));
if (!valid)
reason = `IP: ${host} is not in the cert's list: ${ips.join(', ')}`;
reason = `IP: ${hostname} is not in the cert's list: ${ips.join(', ')}`;
// TODO(bnoordhuis) Also check URI SANs that are IP addresses.
} else if (subject) {
host = unfqdn(host); // Remove trailing dot for error messages.
const hostParts = splitHost(host);
hostname = unfqdn(hostname); // Remove trailing dot for error messages.
const hostParts = splitHost(hostname);
const wildcard = (pattern) => check(hostParts, pattern, true);
const noWildcard = (pattern) => check(hostParts, pattern, false);

Expand All @@ -215,11 +215,12 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
valid = wildcard(cn);

if (!valid)
reason = `Host: ${host}. is not cert's CN: ${cn}`;
reason = `Host: ${hostname}. is not cert's CN: ${cn}`;
} else {
valid = dnsNames.some(wildcard) || uriNames.some(noWildcard);
if (!valid)
reason = `Host: ${host}. is not in the cert's altnames: ${altNames}`;
reason =
`Host: ${hostname}. is not in the cert's altnames: ${altNames}`;
}
} else {
reason = 'Cert is empty';
Expand All @@ -228,7 +229,7 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
if (!valid) {
const err = new ERR_TLS_CERT_ALTNAME_INVALID(reason);
err.reason = reason;
err.host = host;
err.host = hostname;
err.cert = cert;
return err;
}
Expand Down

0 comments on commit 9f9355d

Please sign in to comment.