Skip to content

Commit 7d49bd0

Browse files
TrottMylesBorins
Trott
authored and
MylesBorins
committed
doc: add clientCertEngine to docs
Added `clientCertEngine` option to `https` and `tls` docs.
1 parent 33c1e8b commit 7d49bd0

File tree

2 files changed

+22
-9
lines changed

2 files changed

+22
-9
lines changed

doc/api/https.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,9 @@ Global instance of [`https.Agent`][] for all HTTPS client requests.
150150
<!-- YAML
151151
added: v0.3.6
152152
changes:
153+
- version: REPLACEME
154+
pr-url: https://github.com/nodejs/node/pull/6569
155+
description: The `options` parameter can now include `clientCertEngine`.
153156
- version: v7.5.0
154157
pr-url: https://github.com/nodejs/node/pull/10638
155158
description: The `options` parameter can be a WHATWG `URL` object.
@@ -164,9 +167,9 @@ changes:
164167

165168
Makes a request to a secure web server.
166169

167-
The following additional `options` from [`tls.connect()`][] are also accepted when using a
168-
custom [`Agent`][]:
169-
`pfx`, `key`, `passphrase`, `cert`, `ca`, `ciphers`, `rejectUnauthorized`, `secureProtocol`, `servername`
170+
The following additional `options` from [`tls.connect()`][] are also accepted
171+
when using a custom [`Agent`][]: `ca`, `cert`, `ciphers`, `clientCertEngine`,
172+
`key`, `passphrase`, `pfx`, `rejectUnauthorized`, `secureProtocol`, `servername`
170173

171174
`options` can be an object, a string, or a [`URL`][] object. If `options` is a
172175
string, it is automatically parsed with [`url.parse()`][]. If it is a [`URL`][]

doc/api/tls.md

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -905,6 +905,9 @@ port or host argument.
905905
<!-- YAML
906906
added: v0.11.13
907907
changes:
908+
- version: REPLACEME
909+
pr-url: https://github.com/nodejs/node/pull/6569
910+
description: The `options` parameter can now include `clientCertEngine`.
908911
- version: v7.3.0
909912
pr-url: https://github.com/nodejs/node/pull/10294
910913
description: If the `key` option is an array, individual entries do not
@@ -959,8 +962,6 @@ changes:
959962
certificate can match or chain to.
960963
For self-signed certificates, the certificate is its own CA, and must be
961964
provided.
962-
* `crl` {string|string[]|Buffer|Buffer[]} Optional PEM formatted
963-
CRLs (Certificate Revocation Lists).
964965
* `ciphers` {string} Optional cipher suite specification, replacing the
965966
default. For more information, see [modifying the default cipher suite][].
966967
* `honorCipherOrder` {boolean} Attempt to use the server's cipher suite
@@ -974,20 +975,24 @@ changes:
974975
[`crypto.getCurves()`][] to obtain a list of available curve names. On
975976
recent releases, `openssl ecparam -list_curves` will also display the name
976977
and description of each available elliptic curve.
978+
* `clientCertEngine` {string} Optional name of an OpenSSL engine which can
979+
provide the client certificate.
980+
* `crl` {string|string[]|Buffer|Buffer[]} Optional PEM formatted
981+
CRLs (Certificate Revocation Lists).
977982
* `dhparam` {string|Buffer} Diffie Hellman parameters, required for
978983
[Perfect Forward Secrecy][]. Use `openssl dhparam` to create the parameters.
979984
The key length must be greater than or equal to 1024 bits, otherwise an
980985
error will be thrown. It is strongly recommended to use 2048 bits or larger
981986
for stronger security. If omitted or invalid, the parameters are silently
982987
discarded and DHE ciphers will not be available.
983-
* `secureProtocol` {string} Optional SSL method to use, default is
984-
`"SSLv23_method"`. The possible values are listed as [SSL_METHODS][], use
985-
the function names as strings. For example, `"SSLv3_method"` to force SSL
986-
version 3.
987988
* `secureOptions` {number} Optionally affect the OpenSSL protocol behavior,
988989
which is not usually necessary. This should be used carefully if at all!
989990
Value is a numeric bitmask of the `SSL_OP_*` options from
990991
[OpenSSL Options][].
992+
* `secureProtocol` {string} Optional SSL method to use, default is
993+
`"SSLv23_method"`. The possible values are listed as [SSL_METHODS][], use
994+
the function names as strings. For example, `"SSLv3_method"` to force SSL
995+
version 3.
991996
* `sessionIdContext` {string} Optional opaque identifier used by servers to
992997
ensure session state is not shared between applications. Unused by clients.
993998

@@ -1015,6 +1020,9 @@ publicly trusted list of CAs as given in
10151020
<!-- YAML
10161021
added: v0.3.2
10171022
changes:
1023+
- version: REPLACEME
1024+
pr-url: https://github.com/nodejs/node/pull/6569
1025+
description: The `options` parameter can now include `clientCertEngine`.
10181026
- version: v8.0.0
10191027
pr-url: https://github.com/nodejs/node/pull/11984
10201028
description: The `ALPNProtocols` and `NPNProtocols` options can
@@ -1025,6 +1033,8 @@ changes:
10251033
-->
10261034

10271035
* `options` {Object}
1036+
* `clientCertEngine` {string} Optional name of an OpenSSL engine which can
1037+
provide the client certificate.
10281038
* `handshakeTimeout` {number} Abort the connection if the SSL/TLS handshake
10291039
does not finish in the specified number of milliseconds. Defaults to `120`
10301040
seconds. A `'tlsClientError'` is emitted on the `tls.Server` object whenever

0 commit comments

Comments
 (0)