src: enable X509sToArrayOfStrings to skip errors#61784
src: enable X509sToArrayOfStrings to skip errors#61784StefanStojanovic wants to merge 3 commits intonodejs:mainfrom
Conversation
|
Review requested:
|
nodejs-github-bot
added
c++
StefanStojanovic
force-pushed
the
mefi-cert-fix
branch
from
4801d72 to
88ad793
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #61784 +/- ##
==========================================
- Coverage 89.73% 89.69% -0.04%
==========================================
Files 675 672 -3
Lines 204674 204549 -125
Branches 39330 39274 -56
==========================================
- Hits 183667 183480 -187
- Misses 13283 13383 +100
+ Partials 7724 7686 -38
🚀 New features to boost your workflow:
|
| } | ||
|
|
||
| if (skipped > 0) { | ||
| ProcessEmitWarning( |
There was a problem hiding this comment.
I wonder if we should make this an option to the API instead of unconditionally emitting a warning? So if the user uses tls.getCACertifcate, they can choose warn, ignore, throw (or even get a list of errors on the side) when there's an error in parsing these certificates. For NODE_USE_SYSTEM_CA/--use-system-ca, warn is a sensible behavior.
There was a problem hiding this comment.
I'm open to any suggestions. If you have an exact option/setting in mind, let me know, and I'll adapt the change to work in that way.
Co-authored-by: Anna Henningsen <github@addaleax.net>
Co-authored-by: Anna Henningsen <github@addaleax.net>
4 participants
As suggested in the linked issue, this PR relaxes the X509 to PEM conversion by skipping failures for system certs. If conversion fails, Node.js will try to give info about the failed certs if it can. This new behavior is used only on system certs, since for others, the user has control. AFAIK, there is no way to add a reliable test for this, but if someone has an idea, feel free to share it with me.
Fixes: #61636