You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, the implementation (https://github.com/nodejs/node/blob/master/lib/_tls_wrap.js#L1083) expects a truthy value returned from the function as the error, and has no try / catch logic to catch an error if thrown, with the result that if the checkServerIdentity function throws an error the whole process will likely exit. Either the docs or the implementation should be corrected to reflect the intended behavior.
The text was updated successfully, but these errors were encountered:
mscdex
added
tls
Issues and PRs related to the tls subsystem.
doc
Issues and PRs related to the documentations.
labels
Feb 20, 2017
Direct use of tls.TLSSocket to start a TLS session over an existing TCP connection was documented.
However, to use this connection securely it is necessary to validate and
authenticate the peer's certificate, and the documented events and
properties are implemented only for TLSSockets returned by
tls.connect(). In order to create secure connections, additional
undocumented APIs must be used, and these APIs are being called right
now by npm modules.
Fix: nodejs#10555Fix: nodejs#11467
The documentation for the
checkServerIdentity
function at https://nodejs.org/api/tls.html#tls_tls_connect_options_callbackstates that the provided function "should throw an error if verification fails. "
However, the implementation (https://github.com/nodejs/node/blob/master/lib/_tls_wrap.js#L1083) expects a truthy value returned from the function as the error, and has no try / catch logic to catch an error if thrown, with the result that if the
checkServerIdentity
function throws an error the whole process will likely exit. Either the docs or the implementation should be corrected to reflect the intended behavior.The text was updated successfully, but these errors were encountered: