diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2019-05-20 11:09:02 +0200 |
|---|---|---|
| committer | Ben Noordhuis <info@bnoordhuis.nl> | 2019-05-20 11:09:02 +0200 |
| commit | f1a3968a01f2d76fff3d1b677aaefc752661c448 (patch) | |
| tree | 3d06e9120f577d7a072045f55a6176606d9819e6 /doc/api/tls.md | |
| parent | cc7e15f850d2b3773b555ae05157ec73ea627154 (diff) | |
| download | android-node-v8-f1a3968a01f2d76fff3d1b677aaefc752661c448.tar.gz android-node-v8-f1a3968a01f2d76fff3d1b677aaefc752661c448.tar.bz2 android-node-v8-f1a3968a01f2d76fff3d1b677aaefc752661c448.zip | |
tls: expose built-in root certificates
Fixes: https://github.com/nodejs/node/issues/25824
PR-URL: https://github.com/nodejs/node/pull/26415
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Diffstat (limited to 'doc/api/tls.md')
| -rw-r--r-- | doc/api/tls.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 23c9b3fb37..d4c795bb3d 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1384,6 +1384,7 @@ changes: provided. For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE". + See also [`tls.rootCertificates`]. * `cert` {string|string[]|Buffer|Buffer[]} Cert chains in PEM format. One cert chain should be provided per private key. Each cert chain should consist of the PEM formatted certificate for a provided private `key`, followed by the @@ -1599,6 +1600,17 @@ TLSv1.2 and below. console.log(tls.getCiphers()); // ['aes128-gcm-sha256', 'aes128-sha', ...] ``` +## tls.rootCertificates +<!-- YAML +added: REPLACEME +--> + +* {string[]} + +An immutable array of strings representing the root certificates (in PEM format) +used for verifying peer certificates. This is the default value of the `ca` +option to [`tls.createSecureContext()`]. + ## tls.DEFAULT_ECDH_CURVE <!-- YAML added: v0.11.13 @@ -1784,6 +1796,7 @@ where `secureSocket` has the same API as `pair.cleartext`. [`tls.createSecurePair()`]: #tls_tls_createsecurepair_context_isserver_requestcert_rejectunauthorized_options [`tls.createServer()`]: #tls_tls_createserver_options_secureconnectionlistener [`tls.getCiphers()`]: #tls_tls_getciphers +[`tls.rootCertificates`]: #tls_tls_rootcertificates [Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites [DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman |