@@ -2873,10 +2873,10 @@ On platform other than Windows and macOS, this loads certificates from the direc
28732873and file trusted by OpenSSL, similar to ` --use-openssl-ca ` , with the difference being
28742874that it caches the certificates after first load.
28752875
2876- This option is only supported on Windows and macOS, and the certificate trust policy
2877- is planned to follow [ Chromium's policy for locally trusted certificates] [ ] :
2876+ On Windows and macOS, the certificate trust policy is planned to follow
2877+ [ Chromium's policy for locally trusted certificates] [ ] :
28782878
2879- On macOS, the following certifcates are trusted :
2879+ On macOS, the following settings are respected :
28802880
28812881* Default and System Keychains
28822882 * Trust:
@@ -2886,8 +2886,8 @@ On macOS, the following certifcates are trusted:
28862886 * Any certificate where the “When using this certificate” flag is set to “Never Trust” or
28872887 * Any certificate where the “Secure Sockets Layer (SSL)” flag is set to “Never Trust.”
28882888
2889- On Windows, the following certificates are currently trusted (unlike
2890- Chromium's policy, distrust is not currently supported):
2889+ On Windows, the following settings are respected (unlike Chromium's policy, distrust
2890+ and intermediate CA is not currently supported):
28912891
28922892* Local Machine (accessed via ` certlm.msc ` )
28932893 * Trust:
@@ -2902,14 +2902,19 @@ Chromium's policy, distrust is not currently supported):
29022902 * Trusted Root Certification Authorities
29032903 * Enterprise Trust -> Group Policy -> Trusted Root Certification Authorities
29042904
2905- On Windows and macOS, Node.js would check that the certificate's key usage and extended key
2906- usage are consistent with TLS use cases before using it for server authentication.
2907-
2908- On other systems, Node.js loads certificates from the default file
2909- (typically ` /etc/ssl/cert.pem ` ) and default directory (typically ` /etc/ssl/certs ` )
2910- that the version of OpenSSL that Node.js links to respects.
2911- If the overriding OpenSSL environment variables (typically ` SSL_CERT_FILE ` and
2912- ` SSL_CERT_DIR ` ) are set, they will be used to load certificates from instead.
2905+ On Windows and macOS, Node.js would check that the user settings for the certificates
2906+ allow them to be used for TLS server authentication before using them.
2907+
2908+ On other systems, Node.js loads certificates from the default certificate file
2909+ (typically ` /etc/ssl/cert.pem ` ) and default certificate directory (typically
2910+ ` /etc/ssl/certs ` ) that the version of OpenSSL that Node.js links to respects.
2911+ This typically works with the convention on major Linux distributions and other
2912+ UNIX-like systems. If the overriding OpenSSL environment variables
2913+ (typically ` SSL_CERT_FILE ` and ` SSL_CERT_DIR ` , depending on the configuration
2914+ of the OpenSSL that Node.js links to) are set, the specified paths will be used to load
2915+ certificates instead. These envvironment variables can be used as workarounds
2916+ if the conventional paths used by the version of OpenSSL Node.js links to are
2917+ not consistent with the system configuration that the users have for some reason.
29132918
29142919### ` --v8-options `
29152920
0 commit comments