diff options
author | Tobias Nießen <tniessen@tnie.de> | 2022-01-17 18:48:51 +0300 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2022-01-19 21:10:18 +0300 |
commit | 6d666491ce582dd5d8d1d42bf4387c4d670527e2 (patch) | |
tree | a61329d8c3ae86d0bc0e4bb84746b708acee3a51 /doc/api/crypto.md | |
parent | eda54bae16007a391283a8ee0d52bcd6ee311b5c (diff) |
crypto: remove checkIP options argument
None of the supported options have any effect on X509_check_ip_asc.
Refs: https://github.com/openssl/openssl/pull/17536
PR-URL: https://github.com/nodejs/node/pull/41571
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'doc/api/crypto.md')
-rw-r--r-- | doc/api/crypto.md | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 4d9493ac5de..e51148d85a7 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2542,24 +2542,26 @@ does not contain any DNS names. This behavior is consistent with [RFC 2818][] If the `'subject'` option is set to `'never'`, the certificate subject is never considered, even if the certificate contains no subject alternative names. -### `x509.checkIP(ip[, options])` +### `x509.checkIP(ip)` <!-- YAML added: v15.6.0 +changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/41571 + description: The `options` argument has been removed since it had no effect. --> * `ip` {string} -* `options` {Object} - * `subject` {string} `'always'` or `'never'`. **Default:** `'always'`. - * `wildcards` {boolean} **Default:** `true`. - * `partialWildcards` {boolean} **Default:** `true`. - * `multiLabelWildcards` {boolean} **Default:** `false`. - * `singleLabelSubdomains` {boolean} **Default:** `false`. * Returns: {string|undefined} Returns `ip` if the certificate matches, `undefined` if it does not. Checks whether the certificate matches the given IP address (IPv4 or IPv6). +Only [RFC 5280][] `iPAddress` subject alternative names are considered, and they +must match the given `ip` address exactly. Other subject alternative names as +well as the subject field of the certificate are ignored. + ### `x509.checkIssued(otherCert)` <!-- YAML @@ -5976,6 +5978,7 @@ See the [list of SSL OP Flags][] for details. [RFC 4055]: https://www.rfc-editor.org/rfc/rfc4055.txt [RFC 4122]: https://www.rfc-editor.org/rfc/rfc4122.txt [RFC 5208]: https://www.rfc-editor.org/rfc/rfc5208.txt +[RFC 5280]: https://www.rfc-editor.org/rfc/rfc5280.txt [Web Crypto API documentation]: webcrypto.md [`BN_is_prime_ex`]: https://www.openssl.org/docs/man1.1.1/man3/BN_is_prime_ex.html [`Buffer`]: buffer.md |