crypto: change default check(Host|Email) behavior (!41600) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/crypto-x509-check-flag-subject-default into master Jan 19, 2022

This changes the default behavior of the X509Certificate functions checkHost and checkEmail to match the default behavior of OpenSSL's X509_check_host and X509_check_email functions, respectively, which is also what RFC 2818 mandates for HTTPS.

As demonstrated in the modified test case, the new default matches the behavior of checkServerIdentity.

Refs: https://github.com/nodejs/node/pull/36804 Refs: https://github.com/nodejs/node/pull/41569

Admin message

Admin message

crypto: change default check(Host|Email) behavior

Merge request reports