Title: Intermediate certs don't work with SNICallback · Issue #2772 · nodejs/node · GitHub
Open Graph Title: Intermediate certs don't work with SNICallback · Issue #2772 · nodejs/node
X Title: Intermediate certs don't work with SNICallback · Issue #2772 · nodejs/node
Description: If I give key, cert and ca via options field to https.createServer the whole key chain is returned on connection (correct behaviour). If I try to do the same via SNICallback it is not possible to set whole key chain. Example code: var ht...
Open Graph Description: If I give key, cert and ca via options field to https.createServer the whole key chain is returned on connection (correct behaviour). If I try to do the same via SNICallback it is not possible to s...
X Description: If I give key, cert and ca via options field to https.createServer the whole key chain is returned on connection (correct behaviour). If I try to do the same via SNICallback it is not possible to s...
Opengraph URL: https://github.com/nodejs/node/issues/2772
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Intermediate certs don't work with SNICallback","articleBody":"If I give key, cert and ca via options field to https.createServer the whole key chain is returned on connection (correct behaviour). If I try to do the same via SNICallback it is not possible to set whole key chain.\n\nExample code:\n\n```\nvar https = require(\"https\");\nvar fs = require(\"fs\");\nvar tls = require(\"tls\");\n\nvar o = {\n key: fs.readFileSync(\"example.com.key\"),\n cert: fs.readFileSync(\"example.com.crt\"),\n ca: fs.readFileSync(\"intermediate.crt\")\n};\n\nvar context = tls.createSecureContext(o);\nvar options = {\n SNICallback: function(servername, cb) {\n return cb(null, context);\n },\n\n ca: o.ca\n};\n\nhttps.createServer(options, function(req, res) {\n res.writeHead(200);\n res.end(\"hello world\\n\");\n}).listen(8000);\n```\n\nNow try to connect via openssl:\n\n```\nopenssl s_client -servername example.com -connect localhost:8000\n```\n\nExpected and real behaviour is `Verify return code: 0 (OK)`.\n\nIf I remove the ca in options map like this\n\n```\nvar options = {\n SNICallback: function(servername, cb) {\n return cb(null, context);\n }\n};\n```\n\nand rerun openssl client the return code is `Verify return code: 21 (unable to verify the first certificate)`which indicates that not the whole key chain is returned.\nThe expected behaviour is `Verify return code: 0 (OK)` as the ca field is given to `tls.createSecureContext`.\n\nThis occures in io.js 3.x and Node.js 4.0.0.\n","author":{"url":"https://github.com/fastner","@type":"Person","name":"fastner"},"datePublished":"2015-09-09T14:36:53.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":8},"url":"https://github.com/2772/node/issues/2772"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:258e31f6-1269-2100-8a93-00c274436de5 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | A3B0:134A7F:165B06D:20A6A8A:6A4E4EC1 |
| html-safe-nonce | 21d99fc31561472594605170e8fbf356ef5b6772067879bc5ee156231f9dbd87 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBM0IwOjEzNEE3RjoxNjVCMDZEOjIwQTZBOEE6NkE0RTRFQzEiLCJ2aXNpdG9yX2lkIjoiMjczNDIzNzE4NzAwNDM3MTg1IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 4c65ad1fa00fb2804be010060e3c17c6fd908199335e385ae1c1f0c4b305df7c |
| hovercard-subject-tag | issue:105610024 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/nodejs/node/2772/issue_layout |
| twitter:image | https://opengraph.githubassets.com/08e9a5df7ab67c3ec9d55826afefae0c46aab16d484384779242197dee6cfdca/nodejs/node/issues/2772 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/08e9a5df7ab67c3ec9d55826afefae0c46aab16d484384779242197dee6cfdca/nodejs/node/issues/2772 |
| og:image:alt | If I give key, cert and ca via options field to https.createServer the whole key chain is returned on connection (correct behaviour). If I try to do the same via SNICallback it is not possible to s... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | fastner |
| hostname | github.com |
| expected-hostname | github.com |
| None | 030096ee0db095447bfe77409d33bfac127ca7128299c58deef27c52eaa1b1f0 |
| turbo-cache-control | no-preview |
| go-import | github.com/nodejs/node git https://github.com/nodejs/node.git |
| octolytics-dimension-user_id | 9950313 |
| octolytics-dimension-user_login | nodejs |
| octolytics-dimension-repository_id | 27193779 |
| octolytics-dimension-repository_nwo | nodejs/node |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 27193779 |
| octolytics-dimension-repository_network_root_nwo | nodejs/node |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | e8506f6d0538364886e3f0153c154c410965e70d |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width