MCPcopy Index your code
hub / github.com/nodejs/node / configSecureContext

Function configSecureContext

lib/internal/tls/secure-context.js:129–360  ·  view source on GitHub ↗
(context, options = kEmptyObject, name = 'options')

Source from the content-addressed store, hash-verified

127}
128
129function configSecureContext(context, options = kEmptyObject, name = 'options') {
130 validateObject(options, name);
131
132 const {
133 allowPartialTrustChain,
134 ca,
135 cert,
136 certificateCompression,
137 ciphers = getDefaultCiphers(),
138 clientCertEngine,
139 crl,
140 dhparam,
141 ecdhCurve = getDefaultEcdhCurve(),
142 key,
143 passphrase,
144 pfx,
145 privateKeyIdentifier,
146 privateKeyEngine,
147 sessionIdContext,
148 sessionTimeout,
149 sigalgs,
150 ticketKeys,
151 } = options;
152
153 // Set the cipher list and cipher suite before anything else because
154 // @SECLEVEL=<n> changes the security level and that affects subsequent
155 // operations.
156 if (ciphers !== undefined && ciphers !== null)
157 validateString(ciphers, `${name}.ciphers`);
158
159 // Work around an OpenSSL API quirk. cipherList is for TLSv1.2 and below,
160 // cipherSuites is for TLSv1.3 (and presumably any later versions). TLSv1.3
161 // cipher suites all have a standard name format beginning with TLS_, so split
162 // the ciphers and pass them to the appropriate API.
163 const {
164 cipherList,
165 cipherSuites,
166 } = processCiphers(ciphers, `${name}.ciphers`);
167
168 if (cipherSuites !== '')
169 context.setCipherSuites(cipherSuites);
170 context.setCiphers(cipherList);
171
172 if (cipherList === '' &&
173 context.getMinProto() < TLS1_3_VERSION &&
174 context.getMaxProto() > TLS1_2_VERSION) {
175 context.setMinProto(TLS1_3_VERSION);
176 }
177
178 // Add CA before the cert to be able to load cert's issuer in C++ code.
179 // NOTE(@jasnell): ca, cert, and key are permitted to be falsy, so do not
180 // change the checks to !== undefined checks.
181 if (ca) {
182 addCACerts(context, ArrayIsArray(ca) ? ca : [ca], `${name}.ca`);
183 } else {
184 context.addRootCerts();
185 }
186

Callers 1

createSecureContextFunction · 0.85

Calls 8

getDefaultCiphersFunction · 0.85
getDefaultEcdhCurveFunction · 0.85
processCiphersFunction · 0.85
addCACertsFunction · 0.85
setCertsFunction · 0.85
setKeyFunction · 0.85
validateKeyOrCertOptionFunction · 0.85
toBufFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…