1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: suggest checkHost in checkServerIdentity docs

Browse Source 
Refs: https://github.com/nodejs/node/pull/42470

PR-URL: https://github.com/nodejs/node/pull/42495
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This commit is contained in:
Tobias Nießen 2022-03-29 19:55:41 +02:00 committed by GitHub
parent cff14bcaef
commit 1000eb168a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/api/tls.md
View File

@ -1525,6 +1525,11 @@ Verifies the certificate `cert` is issued to `hostname`.
Returns {Error} object, populating it with `reason`, `host`, and `cert` on
failure. On success, returns {undefined}.
This function is intended to be used in combination with the
`checkServerIdentity` option that can be passed to [`tls.connect()`][] and as
such operates on a [certificate object][]. For other purposes, consider using
[`x509.checkHost()`][] instead.
This function can be overwritten by providing an alternative function as the
`options.checkServerIdentity` option that is passed to `tls.connect()`. The
overwriting function can call `tls.checkServerIdentity()` of course, to augment
@ -2257,6 +2262,7 @@ added: v11.4.0
[`tls.createServer()`]: #tlscreateserveroptions-secureconnectionlistener
[`tls.getCiphers()`]: #tlsgetciphers
[`tls.rootCertificates`]: #tlsrootcertificates
[`x509.checkHost()`]: crypto.md#x509checkhostname-options
[asn1.js]: https://www.npmjs.com/package/asn1.js
[certificate object]: #certificate-object
[cipher list format]: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT