Open satyarohith opened 2 months ago
To be honest, this is just correct behaviour from rustls. Node's behaviour is abysmal and we should not implement it - it directly contradicts the spec - CA certs must never also be end entity certs. You must always have a different CA cert and end entity cert certs.
Bug
To reproduce the bug, you can follow the instructions from https://nodejs.org/api/http2.html#server-side-example. I'm pasting code converted to ES modules for convenience:
const server = createSecureServer({ key: readFileSync('localhost-privkey.pem'), cert: readFileSync('localhost-cert.pem'), }); server.on('error', (err) => console.error(err));
server.on('stream', (stream, headers) => { // stream is a Duplex stream.respond({ 'content-type': 'text/html; charset=utf-8', ':status': 200, }); stream.end('
Hello World
'); });server.listen(8443);
Run the below command to test nodejs
Then run the below command to test deno (assuming that you didn't kill the server)