Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node:tls rootCertificates is undefined #25604

Closed
nathanwhit opened this issue Sep 12, 2024 · 3 comments · Fixed by #25707
Closed

node:tls rootCertificates is undefined #25604

nathanwhit opened this issue Sep 12, 2024 · 3 comments · Fixed by #25707
Assignees
@satyarohith
Labels
bug Something isn't working correctly node compat

Comments

@nathanwhit
Copy link
Member

This should be populated lazily on access (node source) with an array of root certificates as strings. They are statically included in the binary: https://github.com/nodejs/node/blob/d7d927844247f30e8288c8b37e9681c6f936c1c3/src/node_root_certs.h#L1

❯ deno eval 'import { rootCertificates } from "node:tls"; console.log(rootCertificates)'
undefined
❯ node --eval "console.log(tls.rootCertificates)"
[
  '-----BEGIN CERTIFICATE-----\n' +
    'MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMC\n' +
    'QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNV\n' +
    'BAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBa\n' +
    'MFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdS\n' +
    'b290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA\n' +
    'A4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtI\n' +
    'K+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCO\n' +
    'XkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n' +
    'snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3\n' +
    'dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DP\n' +
    'AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRg\n' +
    'e2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTF\n' +
    'KDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY7\n' +
    '76BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9\n' +
    'LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr\n' +
    '+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n' +
    'HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n' +
    '-----END CERTIFICATE-----',
// etc
]
@devsnek
Copy link
Member

devsnek commented Sep 12, 2024

corresponds to webpki_roots::TLS_SERVER_ROOTS in deno code.

@nathanwhit nathanwhit added bug Something isn't working correctly node compat labels Sep 12, 2024
@nathanwhit nathanwhit mentioned this issue Sep 12, 2024
Open
@lucacasonato
Copy link
Member

In Node, does this include certs passed through NODE_EXTRA_CA_CERTS?

@devsnek
Copy link
Member

devsnek commented Sep 13, 2024

@lucacasonato no, it is only the mozilla root certs, and documented as such

An immutable array of strings representing the root certificates (in PEM format) from the bundled Mozilla CA store as supplied by the current Node.js version.
The bundled CA store, as supplied by Node.js, is a snapshot of Mozilla CA store that is fixed at release time. It is identical on all supported platforms.

@satyarohith satyarohith self-assigned this Sep 17, 2024
@satyarohith satyarohith mentioned this issue Sep 18, 2024
Closed
@lucacasonato lucacasonato mentioned this issue Sep 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@satyarohith satyarohith

Labels
bug Something isn't working correctly node compat
Projects
None yet
Milestone
No milestone
4 participants
@devsnek @lucacasonato @nathanwhit @satyarohith