-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc, tls: deprecate createSecurePair #6063
Conversation
I think we should start providing examples of how to use different things when posting deprecations but I'm not saying this PR is where we should start. The contents of the PR are fine but this sort of thing needs to be discussed by the CTC in a meeting. |
/cc @nodejs/ctc @nodejs/crypto |
I agree with @benjamingr. |
I agree that an example showing how the alternative |
grep in npm modules: https://gist.github.com/ChALkeR/c695d55a9a2b30d9481291829e1e0f58 |
@nodejs/ctc discussed this today and had no objections. If there are no objections by Monday I will land before v6 is cut. There may need to be additional edits to this PR before then |
@jasnell - sure. What is missing? |
Suggestion of how |
Yeah, nothing specific and nothing critical, but an example would be helpful. |
On it |
Yay! @jhamhader you rock! |
createSecurePair uses tls_legacy and the legacy Connection from node_crypto.cc. Deprecate them in favor of TLSSocket.
0a1b5c6
to
b8b0a81
Compare
Updated (tried to keep it short) |
Not sure about markdown formatting in docs, but text SGTM |
7da4fd4
to
c7066fb
Compare
@@ -770,6 +774,19 @@ stream. | |||
|
|||
NOTE: `cleartext` has the same API as [`tls.TLSSocket`][] | |||
|
|||
**Deprecated** `tls.createSecurePair()` is now deprecated in favor of | |||
`tls.TLSSocket()`. For example: | |||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style nit, can you add the js
to the end of the three backticks and put a blank line before the examples
Added a nit that I can fix on landing. LGTM |
createSecurePair uses tls_legacy and the legacy Connection from node_crypto.cc. Deprecate them in favor of TLSSocket. PR-URL: #6063 Reviewed-By: James M Snell <[email protected]>
Landed in 31de5cc |
createSecurePair uses tls_legacy and the legacy Connection from node_crypto.cc. Deprecate them in favor of TLSSocket. PR-URL: #6063 Reviewed-By: James M Snell <[email protected]>
I'm the maintainer of a npm package called One peculiarity of this protocol was the way the TLS connection is established - the TLS data for the handshake needs to be wrapped inside TDS protocol packets. With ´tls.createSecurePair´, this was easily possible. I looked into switching to The existing code can be found here: Could you please take a look and let me know how something similar could be achieved with the new API? I did not find anything in the documentation. Thanks! |
@nodejs/crypto I think we should undo the deprecation. I was under the impression that CleartextStream and EncryptedStream were exported, letting you cobble a SecurePair together, but they're not. The use case of streaming TLS cipher/decipher not tied to a socket doesn't seem to be supported by non-deprecated APIs at the moment. |
@bnoordhuis it is supported, actually. A regular |
That isn't very obvious. I did notice we have a few tests that pass in a Duplex instance but the documentation says that |
Yeah, docs lack clarity, but this is certainly possible. |
Pull Request check-list
Please make sure to review and check all of these items:
make -j8 test
(UNIX) orvcbuild test nosign
(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
existing APIs, or introduces new ones)?
NOTE: these things are not required to open a PR and can be done
afterwards / while the PR is open.
Affected core subsystem(s)
Please provide affected core subsystem(s) (like buffer, cluster, crypto, etc)
Description of change
createSecurePair uses tls_legacy and the legacy Connection from
node_crypto.cc. Deprecate them in favor of TLSSocket.
See #5924