@@ -2472,6 +2472,9 @@ added: v15.6.0
24722472<!-- YAML
24732473added: v15.6.0
24742474changes:
2475+ - version: REPLACEME
2476+ pr-url: https://github.com/nodejs/node/pull/41600
2477+ description: The subject option now defaults to `'default'`.
24752478 - version: REPLACEME
24762479 pr-url: https://github.com/nodejs/node/pull/41599
24772480 description: The `wildcards`, `partialWildcards`, `multiLabelWildcards`, and
@@ -2485,20 +2488,20 @@ changes:
24852488* ` email ` {string}
24862489* ` options ` {Object}
24872490 * ` subject ` {string} ` 'default' ` , ` 'always' ` , or ` 'never' ` .
2488- ** Default:** ` 'always ' ` .
2491+ ** Default:** ` 'default ' ` .
24892492* Returns: {string|undefined} Returns ` email ` if the certificate matches,
24902493 ` undefined ` if it does not.
24912494
24922495Checks whether the certificate matches the given email address.
24932496
2497+ If the ` 'subject' ` option is undefined or set to ` 'default' ` , the certificate
2498+ subject is only considered if the subject alternative name extension either does
2499+ not exist or does not contain any email addresses.
2500+
24942501If the ` 'subject' ` option is set to ` 'always' ` and if the subject alternative
24952502name extension either does not exist or does not contain a matching email
24962503address, the certificate subject is considered.
24972504
2498- If the ` 'subject' ` option is set to ` 'default' ` , the certificate subject is only
2499- considered if the subject alternative name extension either does not exist or
2500- does not contain any email addresses.
2501-
25022505If the ` 'subject' ` option is set to ` 'never' ` , the certificate subject is never
25032506considered, even if the certificate contains no subject alternative names.
25042507
@@ -2507,6 +2510,9 @@ considered, even if the certificate contains no subject alternative names.
25072510<!-- YAML
25082511added: v15.6.0
25092512changes:
2513+ - version: REPLACEME
2514+ pr-url: https://github.com/nodejs/node/pull/41600
2515+ description: The subject option now defaults to `'default'`.
25102516 - version: REPLACEME
25112517 pr-url: https://github.com/nodejs/node/pull/41569
25122518 description: The subject option can now be set to `'default'`.
@@ -2515,7 +2521,7 @@ changes:
25152521* ` name ` {string}
25162522* ` options ` {Object}
25172523 * ` subject ` {string} ` 'default' ` , ` 'always' ` , or ` 'never' ` .
2518- ** Default:** ` 'always ' ` .
2524+ ** Default:** ` 'default ' ` .
25192525 * ` wildcards ` {boolean} ** Default:** ` true ` .
25202526 * ` partialWildcards ` {boolean} ** Default:** ` true ` .
25212527 * ` multiLabelWildcards ` {boolean} ** Default:** ` false ` .
@@ -2531,15 +2537,15 @@ or it might contain wildcards (e.g., `*.example.com`). Because host name
25312537comparisons are case-insensitive, the returned subject name might also differ
25322538from the given ` name ` in capitalization.
25332539
2540+ If the ` 'subject' ` option is undefined or set to ` 'default' ` , the certificate
2541+ subject is only considered if the subject alternative name extension either does
2542+ not exist or does not contain any DNS names. This behavior is consistent with
2543+ [ RFC 2818] [ ] ("HTTP Over TLS").
2544+
25342545If the ` 'subject' ` option is set to ` 'always' ` and if the subject alternative
25352546name extension either does not exist or does not contain a matching DNS name,
25362547the certificate subject is considered.
25372548
2538- If the ` 'subject' ` option is set to ` 'default' ` , the certificate subject is only
2539- considered if the subject alternative name extension either does not exist or
2540- does not contain any DNS names. This behavior is consistent with [ RFC 2818] [ ]
2541- ("HTTP Over TLS").
2542-
25432549If the ` 'subject' ` option is set to ` 'never' ` , the certificate subject is never
25442550considered, even if the certificate contains no subject alternative names.
25452551
0 commit comments