-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: createServer's key option can be an array #3123
Conversation
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90
@thefourtheye perhaps, it may be relevant to mention that the keys should use different algorithms? |
@indutny But we don't validate if the keys use different algorithms, right? https://github.com/nodejs/node/blob/v4.1.1/src/node_crypto.cc#L457-L500 |
@thefourtheye hm... I'm sure we don't, but OpenSSL may. |
@indutny Oh okay then. I included a line to say that the keys should use different algorithms. Should we explicitly give examples of algorithms? |
When would one want to use multiple keys? |
When you have two certs: ECDSA and RSA. Like I do on https://blog.indutny.com/ |
PEM format. It can also be an array of keys. The array can either be of | ||
just keys or if you have different passphrases for the keys, then the | ||
array elements can be of the form `{pem: key, passphrase: passphrase}` and | ||
the keys should use different algorithms. (Required) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What kind of algorithms is and the keys should use different algorithms
referring to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ping @thefourtheye: could you clarify? Otherwise LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@silverwind The examples are ECDSA and RSA. Should we really mention them in the docs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My gut thought is to remove that and the keys should use different algorithms
altogether.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@silverwind Hmmm, it was @indutny's suggestion. Let's see what he feels about this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I see. I think your wording is a bit confusing. How about something like this?
`key`: A string or `Buffer` containing the private key of the server in
PEM format. To support multiple keys using different algorithms, an array
can be provided. It can either be a plain array of keys, or an array of
objects in the form of {pem: key, passphrase: passphrase}. (Required)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@silverwind Ya, it looks better. I updated the PR now. PTAL.
Bump! |
LGTM |
@indutny LGTY? |
LGTM |
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: #3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
Thanks for the review :-) Landed at 5d5a4c4. @silverwind I tweaked the text a little bit. Instead of |
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: nodejs#3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: #3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
Landed in v4.x-staging in db8e2f1 |
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: #3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
The
tls
module'screateServer
andcreateSecureContext
acceptkey
option and it can be an array of keys as well. This patchexplains the format of the entries in that array.
Corresponding code:
https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90
cc @nodejs/crypto