mirror of
https://github.com/zebrajr/node.git
synced 2026-01-15 12:15:26 +00:00
d9ebc04e9b
Notable changes: assert: * change status of legacy asserts (James M Snell) https://github.com/nodejs/node/pull/38113 buffer: * (SEMVER-MINOR) introduce Blob (James M Snell) https://github.com/nodejs/node/pull/36811 * (SEMVER-MINOR) add base64url encoding option (Filip Skokan) https://github.com/nodejs/node/pull/36952 child_process: * (SEMVER-MINOR) allow `options.cwd` receive a URL (Khaidi Chu) https://github.com/nodejs/node/pull/38862 * (SEMVER-MINOR) add timeout to spawn and fork (Nitzan Uziely) https://github.com/nodejs/node/pull/37256 * (SEMVER-MINOR) allow promisified exec to be cancel (Carlos Fuentes) https://github.com/nodejs/node/pull/34249 * (SEMVER-MINOR) add 'overlapped' stdio flag (Thiago Padilha) https://github.com/nodejs/node/pull/29412 cli: * (SEMVER-MINOR) add -C alias for --conditions flag (Guy Bedford) https://github.com/nodejs/node/pull/38755 * (SEMVER-MINOR) add --node-memory-debug option (Anna Henningsen) https://github.com/nodejs/node/pull/35537 dns: * (SEMVER-MINOR) add "tries" option to Resolve options (Luan Devecchi) https://github.com/nodejs/node/pull/39610 * (SEMVER-MINOR) allow `--dns-result-order` to change default dns verbatim (Ouyang Yadong) https://github.com/nodejs/node/pull/38099 doc: * (SEMVER-MINOR) add missing change to resolver ctor (Luan Devecchi) https://github.com/nodejs/node/pull/39610 * refactor fs docs structure (James M Snell) https://github.com/nodejs/node/pull/37170 errors: * (SEMVER-MINOR) remove experimental from --enable-source-maps (Benjamin Coe) https://github.com/nodejs/node/pull/37362 esm: * deprecate legacy main lookup for modules (Guy Bedford) https://github.com/nodejs/node/pull/36918 fs: * (SEMVER-MINOR) allow empty string for temp directory prefix (Voltrex) https://github.com/nodejs/node/pull/39028 * (SEMVER-MINOR) allow no-params fsPromises fileHandle read (Nitzan Uziely) https://github.com/nodejs/node/pull/38287 * (SEMVER-MINOR) add support for async iterators to `fsPromises.writeFile` (HiroyukiYagihashi) https://github.com/nodejs/node/pull/37490 * improve fsPromises readFile performance (Nitzan Uziely) https://github.com/nodejs/node/pull/37608 * (SEMVER-MINOR) add fsPromises.watch() (James M Snell) https://github.com/nodejs/node/pull/37179 * (SEMVER-MINOR) allow `position` parameter to be a `BigInt` in read and readSync (Darshan Sen) https://github.com/nodejs/node/pull/36190 http2: * (SEMVER-MINOR) add support for sensitive headers (Anna Henningsen) https://github.com/nodejs/node/pull/34145 * (SEMVER-MINOR) allow setting the local window size of a session (Yongsheng Zhang) https://github.com/nodejs/node/pull/35978 inspector: * mark as stable (Gireesh Punathil) https://github.com/nodejs/node/pull/37748 module: * (SEMVER-MINOR) add support for `URL` to `import.meta.resolve` (Antoine du Hamel) https://github.com/nodejs/node/pull/38587 * (SEMVER-MINOR) add support for `node:`‑prefixed `require(…)` calls (ExE Boss) https://github.com/nodejs/node/pull/37246 net: * (SEMVER-MINOR) introduce net.BlockList (James M Snell) https://github.com/nodejs/node/pull/34625 node-api: * (SEMVER-MINOR) allow retrieval of add-on file name (Gabriel Schulhof) https://github.com/nodejs/node/pull/37195 os: * (SEMVER-MINOR) add os.devNull (Luigi Pinca) https://github.com/nodejs/node/pull/38569 perf_hooks: * (SEMVER-MINOR) introduce createHistogram (James M Snell) https://github.com/nodejs/node/pull/37155 process: * (SEMVER-MINOR) add api to enable source-maps programmatically (legendecas) https://github.com/nodejs/node/pull/39085 * (SEMVER-MINOR) add `'worker'` event (James M Snell) https://github.com/nodejs/node/pull/38659 * (SEMVER-MINOR) add direct access to rss without iterating pages (Adrien Maret) https://github.com/nodejs/node/pull/34291 readline: * (SEMVER-MINOR) add AbortSignal support to interface (Nitzan Uziely) https://github.com/nodejs/node/pull/37932 * (SEMVER-MINOR) add support for the AbortController to the question method (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33676 * (SEMVER-MINOR) add history event and option to set initial history (Mattias Runge-Broberg) https://github.com/nodejs/node/pull/33662 repl: * (SEMVER-MINOR) add auto‑completion for `node:`‑prefixed `require(…)` calls (ExE Boss) https://github.com/nodejs/node/pull/37246 src: * (SEMVER-MINOR) call overload ctor from the original ctor (Darshan Sen) https://github.com/nodejs/node/pull/39768 * (SEMVER-MINOR) add a constructor overload for CallbackScope (Darshan Sen) https://github.com/nodejs/node/pull/39768 * (SEMVER-MINOR) allow to negate boolean CLI flags (Michaël Zasso) https://github.com/nodejs/node/pull/39023 * (SEMVER-MINOR) add --heapsnapshot-near-heap-limit option (Joyee Cheung) https://github.com/nodejs/node/pull/33010 * (SEMVER-MINOR) add way to get IsolateData and allocator from Environment (Anna Henningsen) https://github.com/nodejs/node/pull/36441 * (SEMVER-MINOR) allow preventing SetPrepareStackTraceCallback (Shelley Vohr) https://github.com/nodejs/node/pull/36447 * (SEMVER-MINOR) add maybe versions of EmitExit and EmitBeforeExit (Anna Henningsen) https://github.com/nodejs/node/pull/35486 stream: * (SEMVER-MINOR) add readableDidRead if has been read from (Robert Nagy) https://github.com/nodejs/node/pull/39589 * (SEMVER-MINOR) pipeline accept Buffer as a valid first argument (Nitzan Uziely) https://github.com/nodejs/node/pull/37739 tls: * (SEMVER-MINOR) allow reading data into a static buffer (Andrey Pechkurov) https://github.com/nodejs/node/pull/35753 tools: * (SEMVER-MINOR) add `Worker` to type-parser (James M Snell) https://github.com/nodejs/node/pull/38659 url: * (SEMVER-MINOR) expose urlToHttpOptions utility (Yongsheng Zhang) https://github.com/nodejs/node/pull/35960 util: * (SEMVER-MINOR) expose toUSVString (Robert Nagy) https://github.com/nodejs/node/pull/39814 v8: * (SEMVER-MINOR) implement v8.stopCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807 * (SEMVER-MINOR) implement v8.takeCoverage() (Joyee Cheung) https://github.com/nodejs/node/pull/33807 worker: * (SEMVER-MINOR) add setEnvironmentData/getEnvironmentData (James M Snell) https://github.com/nodejs/node/pull/37486 PR-URL: https://github.com/nodejs/node/pull/39990
14 KiB
14 KiB
HTTPS
Stability: 2 - Stable
HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a separate module.
Class: https.Agent
An Agent object for HTTPS similar to http.Agent. See
https.request() for more information.
new Agent([options])
options{Object} Set of configurable options to set on the agent. Can have the same fields as forhttp.Agent(options), and-
maxCachedSessions{number} maximum number of TLS cached sessions. Use0to disable TLS session caching. Default:100. -
servername{string} the value of Server Name Indication extension to be sent to the server. Use empty string''to disable sending the extension. Default: host name of the target server, unless the target server is specified using an IP address, in which case the default is''(no extension).See
Session Resumptionfor information about TLS session reuse.
-
Event: 'keylog'
line{Buffer} Line of ASCII text, in NSSSSLKEYLOGFILEformat.tlsSocket{tls.TLSSocket} Thetls.TLSSocketinstance on which it was generated.
The keylog event is emitted when key material is generated or received by a
connection managed by this agent (typically before handshake has completed, but
not necessarily). This keying material can be stored for debugging, as it
allows captured TLS traffic to be decrypted. It may be emitted multiple times
for each socket.
A typical use case is to append received lines to a common text file, which is later used by software (such as Wireshark) to decrypt the traffic:
// ...
https.globalAgent.on('keylog', (line, tlsSocket) => {
fs.appendFileSync('/tmp/ssl-keys.log', line, { mode: 0o600 });
});
Class: https.Server
- Extends: {tls.Server}
See http.Server for more information.
server.close([callback])
callback{Function}- Returns: {https.Server}
See server.close() from the HTTP module for details.
server.headersTimeout
- {number} Default:
60000
See http.Server#headersTimeout.
server.listen()
Starts the HTTPS server listening for encrypted connections.
This method is identical to server.listen() from net.Server.
server.maxHeadersCount
- {number} Default:
2000
See http.Server#maxHeadersCount.
server.requestTimeout
- {number} Default:
0
See http.Server#requestTimeout.
server.setTimeout([msecs][, callback])
msecs{number} Default:120000(2 minutes)callback{Function}- Returns: {https.Server}
server.timeout
- {number} Default: 0 (no timeout)
See http.Server#timeout.
server.keepAliveTimeout
- {number} Default:
5000(5 seconds)
See http.Server#keepAliveTimeout.
https.createServer([options][, requestListener])
options{Object} Acceptsoptionsfromtls.createServer(),tls.createSecureContext()andhttp.createServer().requestListener{Function} A listener to be added to the'request'event.- Returns: {https.Server}
// curl -k https://localhost:8000/
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
Or
const https = require('https');
const fs = require('fs');
const options = {
pfx: fs.readFileSync('test/fixtures/test_cert.pfx'),
passphrase: 'sample'
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
https.get(options[, callback])
https.get(url[, options][, callback])
url{string | URL}options{Object | string | URL} Accepts the sameoptionsashttps.request(), with themethodalways set toGET.callback{Function}
Like http.get() but for HTTPS.
options can be an object, a string, or a URL object. If options is a
string, it is automatically parsed with new URL(). If it is a URL
object, it will be automatically converted to an ordinary options object.
const https = require('https');
https.get('https://encrypted.google.com/', (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
}).on('error', (e) => {
console.error(e);
});
https.globalAgent
Global instance of https.Agent for all HTTPS client requests.
https.request(options[, callback])
https.request(url[, options][, callback])
url{string | URL}options{Object | string | URL} Accepts alloptionsfromhttp.request(), with some differences in default values:protocolDefault:'https:'portDefault:443agentDefault:https.globalAgent
callback{Function}- Returns: {http.ClientRequest}
Makes a request to a secure web server.
The following additional options from tls.connect() are also accepted:
ca, cert, ciphers, clientCertEngine, crl, dhparam, ecdhCurve,
honorCipherOrder, key, passphrase, pfx, rejectUnauthorized,
secureOptions, secureProtocol, servername, sessionIdContext,
highWaterMark.
options can be an object, a string, or a URL object. If options is a
string, it is automatically parsed with new URL(). If it is a URL
object, it will be automatically converted to an ordinary options object.
https.request() returns an instance of the http.ClientRequest
class. The ClientRequest instance is a writable stream. If one needs to
upload a file with a POST request, then write to the ClientRequest object.
const https = require('https');
const options = {
hostname: 'encrypted.google.com',
port: 443,
path: '/',
method: 'GET'
};
const req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.end();
Example using options from tls.connect():
const options = {
hostname: 'encrypted.google.com',
port: 443,
path: '/',
method: 'GET',
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
options.agent = new https.Agent(options);
const req = https.request(options, (res) => {
// ...
});
Alternatively, opt out of connection pooling by not using an Agent.
const options = {
hostname: 'encrypted.google.com',
port: 443,
path: '/',
method: 'GET',
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),
agent: false
};
const req = https.request(options, (res) => {
// ...
});
Example using a URL as options:
const options = new URL('https://abc:xyz@example.com');
const req = https.request(options, (res) => {
// ...
});
Example pinning on certificate fingerprint, or the public key (similar to
pin-sha256):
const tls = require('tls');
const https = require('https');
const crypto = require('crypto');
function sha256(s) {
return crypto.createHash('sha256').update(s).digest('base64');
}
const options = {
hostname: 'github.com',
port: 443,
path: '/',
method: 'GET',
checkServerIdentity: function(host, cert) {
// Make sure the certificate is issued to the host we are connected to
const err = tls.checkServerIdentity(host, cert);
if (err) {
return err;
}
// Pin the public key, similar to HPKP pin-sha25 pinning
const pubkey256 = 'pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=';
if (sha256(cert.pubkey) !== pubkey256) {
const msg = 'Certificate verification error: ' +
`The public key of '${cert.subject.CN}' ` +
'does not match our pinned fingerprint';
return new Error(msg);
}
// Pin the exact certificate, rather than the pub key
const cert256 = '25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:' +
'D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16';
if (cert.fingerprint256 !== cert256) {
const msg = 'Certificate verification error: ' +
`The certificate of '${cert.subject.CN}' ` +
'does not match our pinned fingerprint';
return new Error(msg);
}
// This loop is informational only.
// Print the certificate and public key fingerprints of all certs in the
// chain. Its common to pin the public key of the issuer on the public
// internet, while pinning the public key of the service in sensitive
// environments.
do {
console.log('Subject Common Name:', cert.subject.CN);
console.log(' Certificate SHA256 fingerprint:', cert.fingerprint256);
hash = crypto.createHash('sha256');
console.log(' Public key ping-sha256:', sha256(cert.pubkey));
lastprint256 = cert.fingerprint256;
cert = cert.issuerCertificate;
} while (cert.fingerprint256 !== lastprint256);
},
};
options.agent = new https.Agent(options);
const req = https.request(options, (res) => {
console.log('All OK. Server matched our pinned cert or public key');
console.log('statusCode:', res.statusCode);
// Print the HPKP values
console.log('headers:', res.headers['public-key-pins']);
res.on('data', (d) => {});
});
req.on('error', (e) => {
console.error(e.message);
});
req.end();
Outputs for example:
Subject Common Name: github.com
Certificate SHA256 fingerprint: 25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16
Public key ping-sha256: pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=
Subject Common Name: DigiCert SHA2 Extended Validation Server CA
Certificate SHA256 fingerprint: 40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A
Public key ping-sha256: RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=
Subject Common Name: DigiCert High Assurance EV Root CA
Certificate SHA256 fingerprint: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
Public key ping-sha256: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=
All OK. Server matched our pinned cert or public key
statusCode: 200
headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains