-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls default SNICallback should Check the servername and select the appropriate secure context in Reverse order #34444
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fixes #34110, right? Can you add a Fixes: /~https://github.com/nodejs/node/issues/34110
line to the the commit message, and run make lint-js-fix
to address the linter errors here?
/cc @mkrawczuk |
Fixes: #34110 |
servername should also be case-insensitive. |
Co-authored-by: James M Snell <jasnell@gmail.com>
Co-authored-by: James M Snell <jasnell@gmail.com>
Co-authored-by: James M Snell <jasnell@gmail.com>
Can you add a test? |
I don’t know much about writing tests. Can you ask someone to write tests? |
@masx200 The test cases and features/fixes are usually in the same PR, you can try to write them by referring to an existing test case, the test folder is |
@mkrawczuk we should not use Array.prototype.reverse(),This method will change the original array, which produces unnecessary side effects and will cause a great performance loss. |
Since we are solving the same problem, could you help me write a test for this pull request? |
@masx200 There are linter errors that need fixing. |
This issue/PR was marked as stalled, it will be automatically closed in 30 days. If it should remain open, please leave a comment explaining why it should remain open. |
There is already the same pr to solve this problem |
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passestls default SNICallback should Check the servername and select the appropriate secure context in Reverse order
This is useful on HTTPS servers that need to replace ssl/tls certificates frequently, such as using "let's encrypt". When the certificate needs to be replaced, you don't want to restart the HTTPS server, you just need to replace the certificate and key.
If multiple secure contexts are added to the same domain name, the last one added should take effect