Skip to content

feat: added support for reading certificates from macOS system store #56599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 28, 2025
Merged

feat: added support for reading certificates from macOS system store #56599

merged 1 commit into from
Jan 28, 2025

Conversation

timja
Copy link
Contributor

@timja timja commented Jan 14, 2025
edited
Loading

Fixes #39657

Builds on #44532 but for macOS

TODO:

  • Make it work, it works 🥳
  • Review that all CF resources are being appropriately released, I think its right now
  • Review whether and where tests are appropriate - Added although disabled by default

I can take a look at the Windows one after, resolving the conflicts and addressing the review comments as well.

Happy to refactor heavily, I haven't used c++ before and I wrote it initially in objective c and ported it across.
This is heavily based upon chromium and some of OpenJDK along with a PR I have open with OpenJDK

Testing

I'm using https://github.com./timja/openjdk-intermediate-ca-reproducer as a reproducer:

docker compose up --build

Install the certificates, either by adding to keychain manually (see README) or using /usr/bin/security (see what the test is doing in this PR.

main.js

let resp = await fetch("https://localhost:8443");
console.log(resp.status); // 200
console.log(resp.headers.get("Content-Type")); // "text/html"
console.log(await resp.text()); // "Hello, World!"
/Users/$USER/projects/node/out/Release/node --use-system-ca main.js

I've also tested this through a ZScaler MiTM setup.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto
  • @nodejs/gyp

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Jan 14, 2025
@timja timja mentioned this pull request Jan 14, 2025
Closed
@timja timja force-pushed the macos-system-ca-support branch from 8fd32ce to f3c212c Compare January 14, 2025 16:32
addaleax
addaleax reviewed Jan 14, 2025
View reviewed changes
@anonrig anonrig requested a review from jasnell January 14, 2025 17:29
@timja
Copy link
Contributor Author

timja commented Jan 15, 2025
edited
Loading

Would it be possible for someone to re-open the feature request please? #39657. It was closed due to being stale / no progress on it.

joyeecheung
joyeecheung reviewed Jan 15, 2025
View reviewed changes
@timja timja requested review from joyeecheung and addaleax January 15, 2025 17:03
@timja timja marked this pull request as ready for review January 16, 2025 15:22
joyeecheung
joyeecheung reviewed Jan 20, 2025
View reviewed changes
@timja
Copy link
Contributor Author

timja commented Jan 20, 2025

Thanks for the reviews all I'll continue actioning tomorrow.

@timja timja requested review from jasnell and joyeecheung January 22, 2025 10:44
joyeecheung
joyeecheung reviewed Jan 24, 2025
View reviewed changes
Copy link
Member

@joyeecheung joyeecheung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some last comments, I think this is getting close. Thanks for following along!

@limboonlun

This comment was marked as spam.

Sign in to view
RaisinTen added a commit to RaisinTen/node that referenced this pull request Mar 13, 2025
@RaisinTen
doc: add history info for --use-system-ca
8eb659f 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  nodejs#56599 landed in v23.8.0.
- Windows support nodejs#56833
  landed in v23.8.0
- non-Windows and non-macOS support
  nodejs#57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
@RaisinTen RaisinTen mentioned this pull request Mar 13, 2025
Merged
nodejs-github-bot pushed a commit that referenced this pull request Mar 15, 2025
@RaisinTen
doc: add history info for --use-system-ca
e162783 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
aduh95 pushed a commit that referenced this pull request Mar 18, 2025
@RaisinTen @aduh95
doc: add history info for --use-system-ca
17ccf92 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS pushed a commit that referenced this pull request Apr 1, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
f878b40 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS pushed a commit that referenced this pull request Apr 1, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
3b3f881 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
aduh95 pushed a commit that referenced this pull request Apr 2, 2025
@timja @aduh95
crypto: added support for reading certificates from macOS system store
94647bb 
PR-URL: #56599
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS pushed a commit to RafaelGSS/node that referenced this pull request Apr 8, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
2cea0cd 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  nodejs#56599 landed in v23.8.0.
- Windows support nodejs#56833
  landed in v23.8.0
- non-Windows and non-macOS support
  nodejs#57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: nodejs#57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS added a commit that referenced this pull request Apr 11, 2025
@RafaelGSS
2025-04-15, Version 22.15.0 'Jod' (LTS)
5f08eb5 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
  * (SEMVER-MINOR) update ada to v3.0.1 (Yagiz Nizipli) #56452
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
test:
  * (SEMVER-MINOR) add WPT for URLPattern (Yagiz Nizipli) #56452
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
url:
  * (SEMVER-MINOR) add URLPattern implementation (Yagiz Nizipli) #56452
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: TODO
@RafaelGSS RafaelGSS mentioned this pull request Apr 11, 2025
Merged
RafaelGSS added a commit that referenced this pull request Apr 11, 2025
@RafaelGSS
2025-04-15, Version 22.15.0 'Jod' (LTS)
e1372dd 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
  * (SEMVER-MINOR) update ada to v3.0.1 (Yagiz Nizipli) #56452
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
test:
  * (SEMVER-MINOR) add WPT for URLPattern (Yagiz Nizipli) #56452
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
url:
  * (SEMVER-MINOR) add URLPattern implementation (Yagiz Nizipli) #56452
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS pushed a commit that referenced this pull request Apr 14, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
e1221a7 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS added a commit that referenced this pull request Apr 14, 2025
@RafaelGSS
2025-04-15, Version 22.15.0 'Jod' (LTS)
4a89476 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
  * (SEMVER-MINOR) update ada to v3.0.1 (Yagiz Nizipli) #56452
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
test:
  * (SEMVER-MINOR) add WPT for URLPattern (Yagiz Nizipli) #56452
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
url:
  * (SEMVER-MINOR) add URLPattern implementation (Yagiz Nizipli) #56452
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS pushed a commit that referenced this pull request Apr 14, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
0df6e41 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
aduh95 pushed a commit that referenced this pull request Apr 14, 2025
@RaisinTen @aduh95
doc: add history info for --use-system-ca
2416a26 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
aduh95 pushed a commit that referenced this pull request Apr 14, 2025
@RaisinTen @aduh95
doc: add history info for --use-system-ca
f57f665 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
aduh95 pushed a commit that referenced this pull request Apr 15, 2025
@RaisinTen @aduh95
doc: add history info for --use-system-ca
fa2b6c6 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS added a commit that referenced this pull request Apr 15, 2025
@RafaelGSS
2025-04-16, Version 22.15.0 'Jod' (LTS)
57949d5 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
  * (SEMVER-MINOR) update ada to v3.0.1 (Yagiz Nizipli) #56452
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
test:
  * (SEMVER-MINOR) add WPT for URLPattern (Yagiz Nizipli) #56452
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
url:
  * (SEMVER-MINOR) add URLPattern implementation (Yagiz Nizipli) #56452
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS added a commit that referenced this pull request Apr 15, 2025
@RafaelGSS
2025-04-16, Version 22.15.0 'Jod' (LTS)
78b1312 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
  * (SEMVER-MINOR) update ada to v3.0.1 (Yagiz Nizipli) #56452
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
test:
  * (SEMVER-MINOR) add WPT for URLPattern (Yagiz Nizipli) #56452
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
url:
  * (SEMVER-MINOR) add URLPattern implementation (Yagiz Nizipli) #56452
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS pushed a commit that referenced this pull request Apr 16, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
c5cafd6 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS added a commit that referenced this pull request Apr 16, 2025
@RafaelGSS
2025-04-16, Version 22.15.0 'Jod' (LTS)
297f7ca 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS added a commit that referenced this pull request Apr 16, 2025
@RafaelGSS
2025-04-16, Version 22.15.0 'Jod' (LTS)
8857843 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS pushed a commit that referenced this pull request Apr 17, 2025
@RaisinTen @RafaelGSS
doc: add history info for --use-system-ca
fef3f82 
These are the PRs for --use-system-ca:
- initial implementation of the option with just macOS support
  #56599 landed in v23.8.0.
- Windows support #56833
  landed in v23.8.0
- non-Windows and non-macOS support
  #57009 landed in v23.9.0

This change documents the history info.

Signed-off-by: Darshan Sen <[email protected]>
PR-URL: #57432
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
RafaelGSS added a commit that referenced this pull request Apr 18, 2025
@RafaelGSS
2025-04-16, Version 22.15.0 'Jod' (LTS)
8a7ac61 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS added a commit that referenced this pull request Apr 18, 2025
@RafaelGSS
2025-04-16, Version 22.15.0 'Jod' (LTS)
03c6b98 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
assert,util:
  * (SEMVER-MINOR) improve performance (Ruben Bridgewater) #57370
benchmark:
  * (SEMVER-MINOR) adjust assert runtimes (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) skip running some assert benchmarks by default (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) add assert partialDeepStrictEqual benchmark (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
RafaelGSS added a commit that referenced this pull request Apr 18, 2025
@RafaelGSS
2025-04-23, Version 22.15.0 'Jod' (LTS)
b009466 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
UlisesGascon pushed a commit that referenced this pull request Apr 23, 2025
@RafaelGSS @UlisesGascon
2025-04-23, Version 22.15.0 'Jod' (LTS)
71f8c3b 
Notable changes:

assert:
  * (SEMVER-MINOR) implement partial error comparison (Ruben Bridgewater) #57370
  * (SEMVER-MINOR) improve partialDeepStrictEqual (Ruben Bridgewater) #57370
cli:
  * (SEMVER-MINOR) allow --cpu-prof* in NODE_OPTIONS (Carlos Espa) #57018
crypto:
  * update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381
  * (SEMVER-MINOR) support --use-system-ca on Windows (Joyee Cheung) #56833
  * (SEMVER-MINOR) added support for reading certificates from macOS system store (Tim Jacomb) #56599
deps:
  * update timezone to 2025a (Node.js GitHub Bot) #56876
deps,tools:
  * (SEMVER-MINOR) add zstd 1.5.6 (Jan Martin) #52100
dns:
  * (SEMVER-MINOR) add TLSA record query and parsing (Rithvik Vibhu) #52983
doc:
  * add @geeksilva97 to collaborators (Edy Silva) #57241
module:
  * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698
  * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698
process:
  * (SEMVER-MINOR) add execve (Paolo Insogna) #56496
  * (SEMVER-MINOR) add threadCpuUsage (Paolo Insogna) #56467
sqlite:
  * (SEMVER-MINOR) add StatementSync.prototype.columns() (Colin Ihrig) #57490
  * (SEMVER-MINOR) allow returning `ArrayBufferView`s from user-defined functions (René) #56790
src:
  * set signal inspector io thread name (RafaelGSS) #56416
  * set thread name for main thread and v8 worker (RafaelGSS) #56416
  * set worker thread name using worker.name (RafaelGSS) #56416
  * use a default thread name for inspector (RafaelGSS) #56416
tls:
  * (SEMVER-MINOR) implement tls.getCACertificates() (Joyee Cheung) #57107
util:
  * (SEMVER-MINOR) expose diff function used by the assertion errors (Giovanni Bucci) #57462
v8:
  * (SEMVER-MINOR) add v8.getCppHeapStatistics() method (Aditi) #57146
zlib:
  * (SEMVER-MINOR) add zstd support (Jan Martin) #52100

PR-URL: #57840
This was referenced Apr 23, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@joyeecheung joyeecheung joyeecheung approved these changes

@addaleax addaleax Awaiting requested review from addaleax

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. semver-minor PRs that contain new features and should be released in the next minor version.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow Node to use certificates from the macOS Keychain when making HTTPS requests
8 participants
@timja @nodejs-github-bot @joyeecheung @limboonlun @jasnell @addaleax @richardlau @legendecas