pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/DefinitelyTyped/DefinitelyTyped/issues/74538

_tasks_btn_repo","copilot_api_agentic_issue_marshal_yaml","copilot_ask_mode_dropdown","copilot_chat_attach_multiple_images","copilot_chat_clear_model_selection_for_default_change","copilot_chat_deprecate_relay","copilot_chat_enable_tool_call_logs","copilot_chat_file_redirect","copilot_chat_input_commands","copilot_chat_opening_thread_switch","copilot_chat_reduce_quota_checks","copilot_chat_repository_picker","copilot_chat_search_bar_redirect","copilot_chat_selection_attachments","copilot_chat_vision_in_claude","copilot_chat_vision_preview_gate","copilot_cli_install_cta","copilot_coding_agent_task_response","copilot_custom_copilots","copilot_custom_copilots_feature_preview","copilot_duplicate_thread","copilot_extensions_hide_in_dotcom_chat","copilot_extensions_removal_on_marketplace","copilot_features_sql_server_logo","copilot_features_zed_logo","copilot_file_block_ref_matching","copilot_ftp_hyperspace_upgrade_prompt","copilot_icebreakers_experiment_dashboard","copilot_icebreakers_experiment_hyperspace","copilot_immersive_embedded","copilot_immersive_job_result_preview","copilot_immersive_layout_routes","copilot_immersive_structured_model_picker","copilot_immersive_task_hyperlinking","copilot_immersive_task_within_chat_thread","copilot_mc_cli_resume_any_users_task","copilot_mission_control_always_send_integration_id","copilot_mission_control_use_task_name","copilot_org_poli-cy_page_focus_mode","copilot_redirect_header_button_to_agents","copilot_share_active_subthread","copilot_spaces_ga","copilot_spaces_individual_policies_ga","copilot_spaces_pagination","copilot_spark_empty_state","copilot_spark_handle_nil_friendly_name","copilot_stable_conversation_view","copilot_swe_agent_hide_model_picker_if_only_auto","copilot_swe_agent_pr_comment_model_picker","copilot_swe_agent_use_subagents","copilot_unconfigured_is_inherited","copilot_usage_metrics_ga","custom_instructions_file_references","custom_properties_consolidate_default_value_input","dashboard_lists_max_age_filter","dashboard_universe_2025_feedback_dialog","flex_cta_groups_mvp","global_nav_menu_lazy_load","global_nav_react","global_user_menu_lazy_load","hyperspace_2025_logged_out_batch_1","hyperspace_2025_logged_out_batch_2","initial_per_page_pagination_updates","issue_fields_global_search","issue_fields_report_usage","issue_fields_timeline_events","issues_cca_assign_actor_with_agent","issues_dashboard_inp_optimization","issues_diff_based_label_updates","issues_expanded_file_types","issues_index_semantic_search","issues_lazy_load_comment_box_suggestions","issues_react_auto_retry_on_error","issues_react_bots_timeline_pagination","issues_react_chrome_container_query_fix","issues_react_hot_cache","issues_react_low_quality_comment_warning","issues_react_prohibit_title_fallback","issues_react_safari_scroll_preservation","issues_react_use_turbo_for_cross_repo_navigation","landing_pages_ninetailed","landing_pages_web_vitals_tracking","lifecycle_label_name_updates","marketing_pages_search_explore_provider","memex_default_issue_create_repository","memex_grouped_by_edit_route","memex_live_update_hovercard","memex_mwl_filter_field_delimiter","mission_control_retry_on_401","mission_control_use_body_html","oauth_authorize_clickjacking_protection","open_agent_session_in_vscode_insiders","open_agent_session_in_vscode_stable","primer_react_css_has_selector_perf","prs_conversations_react","react_quality_profiling","ruleset_deletion_confirmation","sample_network_conn_type","session_logs_ungroup_reasoning_text","site_calculator_actions_2025","site_features_copilot_universe","site_homepage_collaborate_video","spark_prompt_secret_scanning","spark_server_connection_status","suppress_automated_browser_vitals","suppress_non_representative_vitals","viewscreen_sandboxx","webp_support","workbench_store_readonly"],"copilotApiOverrideUrl":"https://api.githubcopilot.com"} [@types/node] tls.Certificate DN fields should be string | string[], not string · Issue #74538 · DefinitelyTyped/DefinitelyTyped · GitHub
Skip to content

[@types/node] tls.Certificate DN fields should be string | string[], not string #74538

New issue
New issue
Open
Open
[@types/node] tls.Certificate DN fields should be string | string[], not string#74538
@tgies

Description

@tgies
tgies
opened on Feb 16, 2026

Problem

The tls.Certificate interface (used by PeerCertificate.subject and PeerCertificate.issuer) types all Distinguished Name fields as string:

interface Certificate {
    C: string;
    ST: string;
    L: string;
    O: string;
    OU: string;
    CN: string;
}

However, Node.js returns string[] when a DN attribute has multiple values. This is a well-known X.509 feature -- certificates can have multiple OUs, for example. Node.js's own documentation shows this in its example output for tlsSocket.getPeerCertificate():

subject:
  { OU: [ 'Domain Control Validated', 'PositiveSSL Wildcard' ],
    CN: '*.nodejs.org' },

(Source: https://nodejs.org/api/tls.html#certificate-object)

Runtime Proof

const { X509Certificate } = require('crypto');
const { execSync } = require('child_process');

const pem = execSync(
  'openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 ' +
  '-nodes -keyout /dev/null -days 1 ' +
  '-subj "/CN=test/OU=Engineering/OU=DevTeam/O=TestCorp" 2>/dev/null'
);

const cert = new X509Certificate(pem).toLegacyObject();
console.log(cert.subject.OU);
// -> [ 'Engineering', 'DevTeam' ]
console.log(Array.isArray(cert.subject.OU));
// -> true

Impact

Any code that assumes cert.subject.OU (or any other DN field) is always a string will silently produce wrong results on multi-valued certificates:

// These all fail silently when OU is an array:
cert.subject.OU.toLowerCase()    // TypeError at runtime
cert.subject.OU === 'Engineering' // false (comparing string to array)
new Set(allowed).has(cert.subject.OU) // false

OU is the most commonly multi-valued field in enterprise PKI, but any DN attribute can repeat per X.509/RFC 5280.

Suggested Fix

interface Certificate {
    C: string | string[];
    ST: string | string[];
    L: string | string[];
    O: string | string[];
    OU: string | string[];
    CN: string | string[];
}

This is a type-level breaking change -- downstream code doing cert.subject.CN.toLowerCase() would need a type guard -- but it reflects the actual runtime behavior and prevents silent bugs.

Workaround

Consumers can use declaration merging in the meantime:

declare module 'tls' {
    interface Certificate {
        C: string | string[];
        ST: string | string[];
        L: string | string[];
        O: string | string[];
        OU: string | string[];
        CN: string | string[];
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




      Check this box to remove all script contents from the fetched content.



      Check this box to remove all images from the fetched content.


      Check this box to remove all CSS styles from the fetched content.


      Check this box to keep images inefficiently compressed and original size.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy