Open panva opened 10 months ago
cc @nodejs/crypto
Is this expected behaviour ?
Yes. Google doesn't turn up good references but openssl works that way since time immemorial, as far as I'm aware.
OpenSSL's behaviours don't necessarily have to translate to Node.js API behaviours.
You're right they don't have to, but they have, and now here we are. :-)
@panva unless you have anything to add, can I go and close this?
I don't think of this as resolved, the behaviour seems undesirable or at the very least undocumented.
cc @tniessen
Ben is right, this has always been a quirk of OpenSSL. We might at least document this in order to resolve this issue. We use various APIs to interact with PEM, so we'd have to carefully look up what APIs have what quirks around PEM.
As quirks go this one is pretty inconsequential, arguably not noteworthy enough to encumber the documentation with yet additional trivia.
As quirks go this one is pretty inconsequential, arguably not noteworthy enough to encumber the documentation with yet additional trivia.
I agree that for public/private keys this is inconsequential, but how about passing a cert chain to createPublicKey
or new X509Certificate()
?
Doesn't seem like a problem to me.
All methods that cover importing PEM of any kind (
crypto.createPublicKey(pem)
,crypto.createPrivateKey(pem)
,crypto.createPrivateKey(x509)
,new crypto.X509Certificate(x509)
) have the following undocumented, possibly unexpected, behaviour.All these methods ignore everything outside of the first encountered PEM. Is this expected behaviour ?