Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit ca39540

Browse filesBrowse files
joyeecheungaduh95
joyeecheung
authored and
aduh95
committed
doc: clarify --use-system-ca support status
Node.js only checks trust settings of additional certificates from the system store. It does not, however, support revocation/distrust of existing certificates. PR-URL: #60340 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent 12e9213 commit ca39540
Copy full SHA for ca39540

File tree

Expand file treeCollapse file tree

1 file changed

+10
-10
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+10
-10
lines changed
Open diff view settings
Collapse file

‎doc/api/cli.md‎

Copy file name to clipboardExpand all lines: doc/api/cli.md
+10-10Lines changed: 10 additions & 10 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -3142,21 +3142,18 @@ On platforms other than Windows and macOS, this loads certificates from the dire
31423142
and file trusted by OpenSSL, similar to `--use-openssl-ca`, with the difference being
31433143
that it caches the certificates after first load.
31443144

3145-
On Windows and macOS, the certificate trust policy is planned to follow
3146-
[Chromium's policy for locally trusted certificates][]:
3145+
On Windows and macOS, the certificate trust policy is similar to
3146+
[Chromium's policy for locally trusted certificates][], but with some differences:
31473147

31483148
On macOS, the following settings are respected:
31493149

31503150
* Default and System Keychains
31513151
* Trust:
31523152
* Any certificate where the “When using this certificate” flag is set to “Always Trust” or
3153-
* Any certificate where the “Secure Sockets Layer (SSL)” flag is set to “Always Trust.”
3154-
* Distrust:
3155-
* Any certificate where the “When using this certificate” flag is set to “Never Trust” or
3156-
* Any certificate where the “Secure Sockets Layer (SSL)” flag is set to “Never Trust.”
3153+
* Any certificate where the “Secure Sockets Layer (SSL)” flag is set to “Always Trust”.
3154+
* The certificate must also be valid, with "X.509 Basic Policy" set to “Always Trust”.
31573155

3158-
On Windows, the following settings are respected (unlike Chromium's policy, distrust
3159-
and intermediate CA are not currently supported):
3156+
On Windows, the following settings are respected:
31603157

31613158
* Local Machine (accessed via `certlm.msc`)
31623159
* Trust:
@@ -3171,8 +3168,11 @@ and intermediate CA are not currently supported):
31713168
* Trusted Root Certification Authorities
31723169
* Enterprise Trust -> Group Policy -> Trusted Root Certification Authorities
31733170

3174-
On Windows and macOS, Node.js would check that the user settings for the certificates
3175-
do not forbid them for TLS server authentication before using them.
3171+
On Windows and macOS, Node.js would check that the user settings for the trusted
3172+
certificates do not forbid them for TLS server authentication before using them.
3173+
3174+
Node.js currently does not support distrust/revocation of certificates
3175+
from another source based on system settings.
31763176

31773177
On other systems, Node.js loads certificates from the default certificate file
31783178
(typically `/etc/ssl/cert.pem`) and default certificate directory (typically

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.