-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: expose built-in root certificates #26415
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with the doc comments being addressed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A suggestion about the naming and docs, but otherwise LGTM, thanks.
Thanks for the reviews, feedback incorporated. I also added a regression test (forgot to check it in.) |
@bnoordhuis no comment on calling it |
No strong opinion anyway. :-) I was waiting to see if anyone else commented on that. FWIW, if I had to pick something in all caps, I'd probably opt for |
To be clear, I'm not opionated about the capsiness of the name, they both look like fine names, it's this story that seem strange to me: TLS exposes default values of some of the options as module properties:
and now:
Perhaps I'm unreasonably perturbed by pattern breaks? |
The I suppose making the default CA roots fully overridable by assigning to |
I'd really prefer if we could move away from that DEFAULT_FOO setter pattern on the module as it's just not going to work for the ESM side of things. That's not blocking for this PR but we need to consider an alternative approach at some point here. |
@jasnell That is a bit of a side-track, but what would it have to look like to be esm-ok? @bnoordhuis I see your point about not being able to be used to change the default, so being a bit different from the other DEFAULT_ definitions. I suspect reassignability might come as a feature request, and eventually we'll make it possible. It looks like you set the descriptor so that it will throw if anyone tries to set it, so that's good, nobody can complain that they set it and it didn't do anything. That was good enough for me, YMMV. |
I added one more sanity check to the test: https://ci.nodejs.org/job/node-test-pull-request/21294/ |
@sam-github @jasnell is this ready to land out of your perspective? (I did not check the comments fully) |
Would be good to get some feedback by @jasnell on esm-safety, but given this pattern is used for other top-level vars in Would be good to have some @nodejs/collaborators weigh in on the naming. Its bike shedding, but we'll have to live with the shed for a long time, best be happy with it now. |
Since you're inviting the bike shed discussion: I'd prefer |
Is there consensus on the name? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM I don't care about the names.
If bike shedding, I would also prefer |
I agree with @ronkorving and @Trott that |
Rebased one more time. CI: https://ci.nodejs.org/job/node-test-pull-request/23139/ |
Again because |
Fixes: nodejs#25824 PR-URL: nodejs#26415 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Ron Korving <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Vse Mozhet Byt <[email protected]>
Landed in f1a3968, cheers. |
Fixes: #25824 PR-URL: #26415 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Ron Korving <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Vse Mozhet Byt <[email protected]>
Notable changes: * process: * Log errors using `util.inspect` in case of fatal exceptions (Ruben Bridgewater) #27243 * repl: * Add `process.on('uncaughtException')` support (Ruben Bridgewater) #27151 * stream: * Implemented `Readable.from` async iterator utility (Guy Bedford) #27660 * tls: * Expose built-in root certificates (Ben Noordhuis) #26415 * Support `net.Server` options (Luigi Pinca) #27665 * Expose `keylog` event on TLSSocket (Alba Mendez) #27654 * worker: * Added the ability to unshift messages from the `MessagePort` (Anna Henningsen) #27294
Notable changes: * esm: * Added the `--experimental-wasm-modules` flag to support WebAssembly modules (Myles Borins & Guy Bedford) #27659 * process: * Log errors using `util.inspect` in case of fatal exceptions (Ruben Bridgewater) #27243 * repl: * Add `process.on('uncaughtException')` support (Ruben Bridgewater) #27151 * stream: * Implemented `Readable.from` async iterator utility (Guy Bedford) #27660 * tls: * Expose built-in root certificates (Ben Noordhuis) #26415 * Support `net.Server` options (Luigi Pinca) #27665 * Expose `keylog` event on TLSSocket (Alba Mendez) #27654 * worker: * Added the ability to unshift messages from the `MessagePort` (Anna Henningsen) #27294 PR-URL: #27799
Notable changes: * esm: * Added the `--experimental-wasm-modules` flag to support WebAssembly modules (Myles Borins & Guy Bedford) #27659 * process: * Log errors using `util.inspect` in case of fatal exceptions (Ruben Bridgewater) #27243 * repl: * Add `process.on('uncaughtException')` support (Ruben Bridgewater) #27151 * stream: * Implemented `Readable.from` async iterator utility (Guy Bedford) #27660 * tls: * Expose built-in root certificates (Ben Noordhuis) #26415 * Support `net.Server` options (Luigi Pinca) #27665 * Expose `keylog` event on TLSSocket (Alba Mendez) #27654 * worker: * Added the ability to unshift messages from the `MessagePort` (Anna Henningsen) #27294 PR-URL: #27799
This is a partial backport of commit f1a3968 ("tls: expose built-in root certificates") from the master branch. The original commit adds a new API, this commit just backports the non-visible changes to ease backporting follow-up commits. Refs: nodejs#26415
This is a partial backport of commit f1a3968 ("tls: expose built-in root certificates") from the master branch. The original commit adds a new API, this commit just backports the non-visible changes to ease backporting follow-up commits. PR-URL: #26415 Backport-PR-URL: #29137 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Ron Korving <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Vse Mozhet Byt <[email protected]>
Fixes: #25824