Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
cli: add NODE_USE_SYSTEM_CA=1 #59276
Merged
+113
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
c++
8 tasks
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #59276 +/- ##
=======================================
Coverage 89.91% 89.91%
=======================================
Files 655 655
Lines 192866 192871 +5
Branches 37806 37803 -3
=======================================
+ Hits 173412 173420 +8
+ Misses 12015 12002 -13
- Partials 7439 7449 +10
🚀 New features to boost your workflow:
|
joyeecheung
force-pushed
the
use-system-ca-env
branch
from
c36531e to
8b0af5b
Compare
jasnell
reviewed
Jul 29, 2025
| const { child: { stdout: expectedLength } } = spawnSyncAndExitWithoutError(process.execPath, [ | ||
| '--use-system-ca', | ||
| '-p', | ||
| `tls.getCACertificates('default').length`, |
There was a problem hiding this comment.
super nit... just have a preference to avoid template literals when unnecessary. but feel free to ignore.
Suggested change
| `tls.getCACertificates('default').length`, | |
| 'tls.getCACertificates("default").length', |
There was a problem hiding this comment.
I have am impression that double quotes in an argument don't work very well on Windows. I could give it a try and see if it works though if the CI comes back happy I would prefer to use single quotes (AFAIK Windows does not do anything special with single quotes).
jasnell
approved these changes
Jul 29, 2025
|
Why not NODE_OPTIONS? That env var was specifically introduced to counter new environment variables getting introduced for every single little feature. |
Ethan-Arrowood
approved these changes
Jul 29, 2025
NODE_OPTIONS may not work so well when working with workers: #41103 - if workers controlled by another party need to override a feature to be inherited by other workers, then overriding the setting requires argument parsing on the env var, and they need to be careful to filter out arguments not supported per-worker. It would also be more consistent with the offering of NODE_USE_ENV_PROXY/--use-env-proxy which tend to be where NODE_USE_SYSTEM_CA/--use-system-ca would also be needed. |
github-actions
bot
removed
the
request-ci
joyeecheung
commented
Jul 30, 2025
| @@ -0,0 +1,56 @@ | |||
| // Env: NODE_USE_SYSTEM_CA=1 | |||
There was a problem hiding this comment.
FYI @pmarchini when using this feature (thanks for implementing it by the way) I noticed that it does not yet have integration in test/common/index.js like the one for Flags so that when you run the test directly with node /path/to/test.js without the specified environment variable, the process would automatically pause the evaluation and spawn a child process to run itself with the environment variable instead.
Lines 90 to 96 in 0fd1ecd
RaisinTen
approved these changes
Jul 30, 2025
This comment was marked as outdated.
This comment was marked as outdated.
joyeecheung
added
the
semver-minor
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
jasnell
reviewed
Aug 1, 2025
|
Added macros to fix the withoutssl builds. @jasnell @Ethan-Arrowood @RaisinTen can you take a look again? Thanks |
Ethan-Arrowood
approved these changes
Aug 5, 2025
jasnell
approved these changes
Aug 5, 2025
RaisinTen
approved these changes
Aug 6, 2025
|
Not quite sure why there is a new |
joyeecheung
force-pushed
the
use-system-ca-env
branch
from
181a476 to
f4e5a43
Compare
github-actions
bot
removed
the
request-ci
github-actions
bot
removed
the
request-ci
Similar to how NODE_USE_ENV_PROXY complements --use-env-proxy, this complements --use-system-ca. This will allow the setting to be applied to workers individually in the future.
joyeecheung
force-pushed
the
use-system-ca-env
branch
from
eb8d8d9 to
d23c5e8
Compare
|
Not sure how but after the rebase the SEA tests started to fail on macOS x64. Trying to rebase again... |
|
CI is (finally) happy. This needs a re-approval after the rebase. @jasnell @legendecas @Ethan-Arrowood @RaisinTen Can you take a look again? Thanks! |
legendecas
approved these changes
Aug 10, 2025
joyeecheung
added
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in ca76b39 |
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 11, 2025
Similar to how NODE_USE_ENV_PROXY complements --use-env-proxy, this complements --use-system-ca. This will allow the setting to be applied to workers individually in the future. PR-URL: #59276 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
nodejs-github-bot
added a commit
that referenced
this pull request
Aug 11, 2025
Notable changes: cli: * (SEMVER-MINOR) add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 crypto: * (SEMVER-MINOR) support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 fs: * (SEMVER-MINOR) port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 http: * (SEMVER-MINOR) add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 lib: * docs deprecate _http_* (Sebastian Beltran) #59293 zlib: * (SEMVER-MINOR) add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 PR-URL: #59449
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 12, 2025
Similar to how NODE_USE_ENV_PROXY complements --use-env-proxy, this complements --use-system-ca. This will allow the setting to be applied to workers individually in the future. PR-URL: #59276 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 12, 2025
Notable changes: cli: * (SEMVER-MINOR) add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 * (SEMVER-MINOR) add --use-env-proxy (Joyee Cheung) #59151 * (SEMVER-MINOR) support `${pid}` placeholder in --cpu-prof-name (Haram Jeong) #59072 crypto: * (SEMVER-MINOR) support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 * (SEMVER-MINOR) add tls.setDefaultCACertificates() (Joyee Cheung) #58822 deps: * update archs files for openssl-3.5.1 (Node.js GitHub Bot) #59234 * upgrade openssl sources to openssl-3.5.1 (Node.js GitHub Bot) #59234 dns: * (SEMVER-MINOR) support max timeout (theanarkh) #58440 doc: * update the instruction on how to verify releases (Antoine du Hamel) #59113 esm: * (SEMVER-MINOR) unflag --experimental-wasm-modules (Guy Bedford) #57038 fs: * (SEMVER-MINOR) port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 http: * (SEMVER-MINOR) add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 http,https: * (SEMVER-MINOR) add built-in proxy support in http/https.request and Agent (Joyee Cheung) #58980 lib: * docs deprecate _http_* (Sebastian Beltran) #59293 net: * (SEMVER-MINOR) update net.blocklist to allow file save and file management (alphaleadership) #58087 test: * (SEMVER-MINOR) move http proxy tests to test/client-proxy (Joyee Cheung) #58980 worker: * (SEMVER-MINOR) add web locks api (ishabi) #58666 zlib: * (SEMVER-MINOR) add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 PR-URL: #59449 Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 12, 2025
Notable changes: cli: * (SEMVER-MINOR) add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 * (SEMVER-MINOR) add --use-env-proxy (Joyee Cheung) #59151 * (SEMVER-MINOR) support `${pid}` placeholder in --cpu-prof-name (Haram Jeong) #59072 crypto: * (SEMVER-MINOR) support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 * (SEMVER-MINOR) add tls.setDefaultCACertificates() (Joyee Cheung) #58822 deps: * update archs files for openssl-3.5.1 (Node.js GitHub Bot) #59234 * upgrade openssl sources to openssl-3.5.1 (Node.js GitHub Bot) #59234 dns: * (SEMVER-MINOR) support max timeout (theanarkh) #58440 doc: * update the instruction on how to verify releases (Antoine du Hamel) #59113 esm: * (SEMVER-MINOR) unflag --experimental-wasm-modules (Guy Bedford) #57038 fs: * (SEMVER-MINOR) port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 http: * (SEMVER-MINOR) add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 http,https: * (SEMVER-MINOR) add built-in proxy support in http/https.request and Agent (Joyee Cheung) #58980 lib: * docs deprecate _http_* (Sebastian Beltran) #59293 net: * (SEMVER-MINOR) update net.blocklist to allow file save and file management (alphaleadership) #58087 test: * (SEMVER-MINOR) move http proxy tests to test/client-proxy (Joyee Cheung) #58980 worker: * (SEMVER-MINOR) add web locks api (ishabi) #58666 zlib: * (SEMVER-MINOR) add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 PR-URL: #59449 Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 12, 2025
Notable changes: cli: * (SEMVER-MINOR) add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 crypto: * (SEMVER-MINOR) support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 fs: * (SEMVER-MINOR) port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 http: * (SEMVER-MINOR) add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 lib: * docs deprecate _http_* (Sebastian Beltran) #59293 zlib: * (SEMVER-MINOR) add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 PR-URL: #59449 Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 14, 2025
Notable changes: cli: * (SEMVER-MINOR) add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 crypto: * (SEMVER-MINOR) support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 fs: * (SEMVER-MINOR) port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 http: * (SEMVER-MINOR) add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 lib: * docs deprecate _http_* (Sebastian Beltran) #59293 zlib: * (SEMVER-MINOR) add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 PR-URL: #59449 Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 14, 2025
Notable changes: cli: * (SEMVER-MINOR) add NODE_USE_SYSTEM_CA=1 (Joyee Cheung) #59276 crypto: * (SEMVER-MINOR) support ML-DSA KeyObject, sign, and verify (Filip Skokan) #59259 fs: * (SEMVER-MINOR) port SonicBoom module to fs module as Utf8Stream (James M Snell) #58897 http: * (SEMVER-MINOR) add server.keepAliveTimeoutBuffer option (Haram Jeong) #59243 lib: * docs deprecate _http_* (Sebastian Beltran) #59293 zlib: * (SEMVER-MINOR) add dictionary support to zstdCompress and zstdDecompress (lluisemper) #59240 PR-URL: #59449 Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Similar to how NODE_USE_ENV_PROXY complements --use-env-proxy, this
complements --use-system-ca. This will allow the setting to be
applied to workers individually in the future.