doc: createServer's key option can be an array #3123
Conversation
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90
thefourtheye
added
tls
|
@thefourtheye perhaps, it may be relevant to mention that the keys should use different algorithms? |
|
@indutny But we don't validate if the keys use different algorithms, right? https://github.com/nodejs/node/blob/v4.1.1/src/node_crypto.cc#L457-L500 |
|
@thefourtheye hm... I'm sure we don't, but OpenSSL may. |
|
@indutny Oh okay then. I included a line to say that the keys should use different algorithms. Should we explicitly give examples of algorithms? |
|
When would one want to use multiple keys? |
|
When you have two certs: ECDSA and RSA. Like I do on https://blog.indutny.com/ |
| PEM format. It can also be an array of keys. The array can either be of | ||
| just keys or if you have different passphrases for the keys, then the | ||
| array elements can be of the form `{pem: key, passphrase: passphrase}` and | ||
| the keys should use different algorithms. (Required) |
There was a problem hiding this comment.
What kind of algorithms is and the keys should use different algorithms referring to?
There was a problem hiding this comment.
ping @thefourtheye: could you clarify? Otherwise LGTM
There was a problem hiding this comment.
@silverwind The examples are ECDSA and RSA. Should we really mention them in the docs?
There was a problem hiding this comment.
My gut thought is to remove that and the keys should use different algorithms altogether.
There was a problem hiding this comment.
@silverwind Hmmm, it was @indutny's suggestion. Let's see what he feels about this.
There was a problem hiding this comment.
Ah, I see. I think your wording is a bit confusing. How about something like this?
`key`: A string or `Buffer` containing the private key of the server in
PEM format. To support multiple keys using different algorithms, an array
can be provided. It can either be a plain array of keys, or an array of
objects in the form of {pem: key, passphrase: passphrase}. (Required)
There was a problem hiding this comment.
@silverwind Ya, it looks better. I updated the PR now. PTAL.
|
Bump! |
|
LGTM |
|
@indutny LGTY? |
|
LGTM |
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: #3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
|
Thanks for the review :-) Landed at 5d5a4c4. @silverwind I tweaked the text a little bit. Instead of |
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: nodejs#3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: #3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
|
Landed in v4.x-staging in db8e2f1 |
The `tls` module's `createServer` and `createSecureContext` accept `key` option and it can be an array of keys as well. This patch explains the format of the entries in that array. Corresponding code: https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90 PR-URL: #3123 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Fedor Indutny <[email protected]>
The
tlsmodule'screateServerandcreateSecureContextacceptkeyoption and it can be an array of keys as well. This patchexplains the format of the entries in that array.
Corresponding code:
https://github.com/nodejs/node/blob/v4.1.1/lib/_tls_common.js#L73-L90
cc @nodejs/crypto