tls: multiple PFX support in createSecureContext#14793
tls: multiple PFX support in createSecureContext#14793djphoenix wants to merge 7 commits intonodejs:masterfrom
Conversation
djphoenix
force-pushed
the
tls-multi-pfx
branch
2 times, most recently
from
1d13a0b to
41ca43b
Compare
test/parallel/test-tls-multi-pfx.js
Outdated
There was a problem hiding this comment.
I think we should add a third case for when an object is supplied with an encrypted key and the passphrase from options is used.
There was a problem hiding this comment.
ACK (partially). Maybe add separate case out of "multi-pfx" test?
Trott
added
the
semver-minor
test/parallel/test-tls-multi-pfx.js
Outdated
There was a problem hiding this comment.
The copyright and license header should not be added to new files
djphoenix
force-pushed
the
tls-multi-pfx
branch
from
41ca43b to
581acf9
Compare
lib/_tls_common.js
Outdated
There was a problem hiding this comment.
Also, should this be limited to just Buffer instances? We likely should allow any Uint8Array
test/parallel/test-tls-multi-pfx.js
Outdated
There was a problem hiding this comment.
Please use the new ../common/fixtures stuff... e.g.
const fixtures = require('../common/fixtures');
/*... */
{
buffer: fixtures.readKey('agent1-pfx.pem')
}
test/parallel/test-tls-multi-pfx.js
Outdated
There was a problem hiding this comment.
@jasnell in listen (L24) also? Or not necessary?
test/parallel/test-tls-multi-pfx.js
Outdated
djphoenix
force-pushed
the
tls-multi-pfx
branch
from
78a26e9 to
3465940
Compare
|
Fixed FIPS failure (actually bad fixture). @jasnell another try? |
|
ping? |
|
Hey, sorry @djphoenix ... new CI here! https://ci.nodejs.org/job/node-test-pull-request/9862/ |
lib/_tls_common.js
Outdated
There was a problem hiding this comment.
I am not completely happy with the buffer check here.
I think it would be good to verify that the input is indeed a buffer and that does not happen here.
If the object attribute name would not be buffer it would be easy to distinguish the object from the buffer and you could write something like:
const raw = pfx.buf ? pfx.buf : pfx;
if (!ArrayBuffer.isView(raw))
throw new Error("foobar");
const buf = crypto._toBuf(raw);There was a problem hiding this comment.
Looks as a good proposal. ACK.
doc/api/tls.md
Outdated
There was a problem hiding this comment.
How come string is not supported anymore?
There was a problem hiding this comment.
PKCS12 is very rarely stored in PEM format, by default it's DER-encoded. But I forget about binary strings in JS. Will revert it, ACK.
|
@jasnell CI failures seems like unrelated to changes. |
djphoenix
force-pushed
the
tls-multi-pfx
branch
from
0e32f76 to
d0b000e
Compare
|
cc @shigeki @bnoordhuis PTAL |
Add support for multiple PFX files in tls.createSecureContext. Also added support for object-style PFX pass. Fixes: nodejs#14756
|
Still waiting for @shigeki and @bnoordhuis |
|
Landed in 372dc86 |
|
@BridgeAR it seems like @djphoenix was still waiting for a review from @shigeki and @bnoordhuis. Was there a reason it landed before? |
|
Also fwiw I've landed this on v8.x-staging and it is on track to be released in the next 8.x release. Just wanted to confirm that this should be released before doing so |
@MylesBorins not me, but @indutny tagged them before, so I pinged also. Not blocking for me (and for @BridgeAR also as I see). |
|
@MylesBorins to me it looked like a trivial change that was good to go and there was no response since the review request for a week. And as it did not come from @djphoenix it felt more like a "nice to have" in this case. So I went ahead and landed it. |
|
Sgtm
Thanks for responding. Was just trying to figure out what was going on.
…On Sep 11, 2017 3:46 AM, "Ruben Bridgewater" ***@***.***> wrote:
@MylesBorins <https://github.com/mylesborins> to me it looked like a
trivial change that was good to go and there was no response since the
review request for a week. And as it did not come from @djphoenix
<https://github.com/djphoenix> it felt more like a "nice to have" in this
case. So I went ahead and landed it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#14793 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAecV-fzYkngjHFw1rNLe5Al16O7ZJxyks5shJD-gaJpZM4O1d65>
.
|
|
Release team were -1 on landing on v6.x, if you disagree let us know. |
|
@gibfahn I’m not sure, so let NodeJS team decide. For me it’s enough to have this feature in latest versions. |
10 participants
Fixes: #14756
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
tls