🤖 Merge PR DefinitelyTyped#74543 [@types/node] tls.Certificate: widen DN fields to string | string[] by @tgies

tgies · web-flow · commit 51ccb0aacf52 · 2026-02-25T16:59:42.000-08:00
diff --git a/types/node/node-tests/tls.ts b/types/node/node-tests/tls.ts
@@ -314,6 +314,33 @@ import {
     const r00ts: readonly string[] = rootCertificates;
 }
 
+// Certificate DN fields are optional and can be string or string[] (multi-valued)
+{
+    const tlsSocket = connect({});
+    const peerCert = tlsSocket.getPeerCertificate();
+    const subject = peerCert.subject;
+
+    // Fields are optional and may be string or string[]
+    const cn: string | string[] | undefined = subject.CN;
+    const ou: string | string[] | undefined = subject.OU;
+    const o: string | string[] | undefined = subject.O;
+
+    // Type narrowing with Array.isArray
+    if (Array.isArray(subject.OU)) {
+        const ous: string[] = subject.OU;
+    } else {
+        const ou: string | undefined = subject.OU;
+    }
+
+    // Arbitrary DN attributes via index signature
+    const email: string | string[] | undefined = subject["emailAddress"];
+    const dc: string | string[] | undefined = subject["DC"];
+
+    // Issuer has the same shape
+    const issuer = peerCert.issuer;
+    const issuerCN: string | string[] | undefined = issuer.CN;
+}
+
 {
     const _options: TlsOptions = {};
     const _server = new Server(_options, (socket) => {});
diff --git a/types/node/tls.d.ts b/types/node/tls.d.ts
@@ -15,31 +15,31 @@ declare module "node:tls" {
     import * as stream from "stream";
     const CLIENT_RENEG_LIMIT: number;
     const CLIENT_RENEG_WINDOW: number;
-    interface Certificate {
+    interface Certificate extends NodeJS.Dict<string | string[]> {
         /**
          * Country code.
          */
-        C: string;
+        C?: string | string[];
         /**
          * Street.
          */
-        ST: string;
+        ST?: string | string[];
         /**
          * Locality.
          */
-        L: string;
+        L?: string | string[];
         /**
          * Organization.
          */
-        O: string;
+        O?: string | string[];
         /**
          * Organizational unit.
          */
-        OU: string;
+        OU?: string | string[];
         /**
          * Common name.
          */
-        CN: string;
+        CN?: string | string[];
     }
     interface PeerCertificate {
         /**
diff --git a/types/node/v20/test/tls.ts b/types/node/v20/test/tls.ts
@@ -325,6 +325,33 @@ import {
     const r00ts: readonly string[] = rootCertificates;
 }
 
+// Certificate DN fields are optional and can be string or string[] (multi-valued)
+{
+    const tlsSocket = connect({});
+    const peerCert = tlsSocket.getPeerCertificate();
+    const subject = peerCert.subject;
+
+    // Fields are optional and may be string or string[]
+    const cn: string | string[] | undefined = subject.CN;
+    const ou: string | string[] | undefined = subject.OU;
+    const o: string | string[] | undefined = subject.O;
+
+    // Type narrowing with Array.isArray
+    if (Array.isArray(subject.OU)) {
+        const ous: string[] = subject.OU;
+    } else {
+        const ou: string | undefined = subject.OU;
+    }
+
+    // Arbitrary DN attributes via index signature
+    const email: string | string[] | undefined = subject["emailAddress"];
+    const dc: string | string[] | undefined = subject["DC"];
+
+    // Issuer has the same shape
+    const issuer = peerCert.issuer;
+    const issuerCN: string | string[] | undefined = issuer.CN;
+}
+
 {
     const _options: TlsOptions = {};
     const _server = new Server(_options, (socket) => {});
diff --git a/types/node/v20/tls.d.ts b/types/node/v20/tls.d.ts
@@ -15,31 +15,31 @@ declare module "tls" {
     import * as stream from "stream";
     const CLIENT_RENEG_LIMIT: number;
     const CLIENT_RENEG_WINDOW: number;
-    interface Certificate {
+    interface Certificate extends NodeJS.Dict<string | string[]> {
         /**
          * Country code.
          */
-        C: string;
+        C?: string | string[];
         /**
          * Street.
          */
-        ST: string;
+        ST?: string | string[];
         /**
          * Locality.
          */
-        L: string;
+        L?: string | string[];
         /**
          * Organization.
          */
-        O: string;
+        O?: string | string[];
         /**
          * Organizational unit.
          */
-        OU: string;
+        OU?: string | string[];
         /**
          * Common name.
          */
-        CN: string;
+        CN?: string | string[];
     }
     interface PeerCertificate {
         /**
diff --git a/types/node/v22/test/tls.ts b/types/node/v22/test/tls.ts
@@ -329,6 +329,33 @@ import {
     const r00ts: readonly string[] = rootCertificates;
 }
 
+// Certificate DN fields are optional and can be string or string[] (multi-valued)
+{
+    const tlsSocket = connect({});
+    const peerCert = tlsSocket.getPeerCertificate();
+    const subject = peerCert.subject;
+
+    // Fields are optional and may be string or string[]
+    const cn: string | string[] | undefined = subject.CN;
+    const ou: string | string[] | undefined = subject.OU;
+    const o: string | string[] | undefined = subject.O;
+
+    // Type narrowing with Array.isArray
+    if (Array.isArray(subject.OU)) {
+        const ous: string[] = subject.OU;
+    } else {
+        const ou: string | undefined = subject.OU;
+    }
+
+    // Arbitrary DN attributes via index signature
+    const email: string | string[] | undefined = subject["emailAddress"];
+    const dc: string | string[] | undefined = subject["DC"];
+
+    // Issuer has the same shape
+    const issuer = peerCert.issuer;
+    const issuerCN: string | string[] | undefined = issuer.CN;
+}
+
 {
     const _options: TlsOptions = {};
     const _server = new Server(_options, (socket) => {});
diff --git a/types/node/v22/tls.d.ts b/types/node/v22/tls.d.ts
@@ -15,31 +15,31 @@ declare module "tls" {
     import * as stream from "stream";
     const CLIENT_RENEG_LIMIT: number;
     const CLIENT_RENEG_WINDOW: number;
-    interface Certificate {
+    interface Certificate extends NodeJS.Dict<string | string[]> {
         /**
          * Country code.
          */
-        C: string;
+        C?: string | string[];
         /**
          * Street.
          */
-        ST: string;
+        ST?: string | string[];
         /**
          * Locality.
          */
-        L: string;
+        L?: string | string[];
         /**
          * Organization.
          */
-        O: string;
+        O?: string | string[];
         /**
          * Organizational unit.
          */
-        OU: string;
+        OU?: string | string[];
         /**
          * Common name.
          */
-        CN: string;
+        CN?: string | string[];
     }
     interface PeerCertificate {
         /**
diff --git a/types/node/v24/test/tls.ts b/types/node/v24/test/tls.ts
@@ -329,6 +329,33 @@ import {
     const r00ts: readonly string[] = rootCertificates;
 }
 
+// Certificate DN fields are optional and can be string or string[] (multi-valued)
+{
+    const tlsSocket = connect({});
+    const peerCert = tlsSocket.getPeerCertificate();
+    const subject = peerCert.subject;
+
+    // Fields are optional and may be string or string[]
+    const cn: string | string[] | undefined = subject.CN;
+    const ou: string | string[] | undefined = subject.OU;
+    const o: string | string[] | undefined = subject.O;
+
+    // Type narrowing with Array.isArray
+    if (Array.isArray(subject.OU)) {
+        const ous: string[] = subject.OU;
+    } else {
+        const ou: string | undefined = subject.OU;
+    }
+
+    // Arbitrary DN attributes via index signature
+    const email: string | string[] | undefined = subject["emailAddress"];
+    const dc: string | string[] | undefined = subject["DC"];
+
+    // Issuer has the same shape
+    const issuer = peerCert.issuer;
+    const issuerCN: string | string[] | undefined = issuer.CN;
+}
+
 {
     const _options: TlsOptions = {};
     const _server = new Server(_options, (socket) => {});
diff --git a/types/node/v24/tls.d.ts b/types/node/v24/tls.d.ts
@@ -15,31 +15,31 @@ declare module "tls" {
     import * as stream from "stream";
     const CLIENT_RENEG_LIMIT: number;
     const CLIENT_RENEG_WINDOW: number;
-    interface Certificate {
+    interface Certificate extends NodeJS.Dict<string | string[]> {
         /**
          * Country code.
          */
-        C: string;
+        C?: string | string[];
         /**
          * Street.
          */
-        ST: string;
+        ST?: string | string[];
         /**
          * Locality.
          */
-        L: string;
+        L?: string | string[];
         /**
          * Organization.
          */
-        O: string;
+        O?: string | string[];
         /**
          * Organizational unit.
          */
-        OU: string;
+        OU?: string | string[];
         /**
          * Common name.
          */
-        CN: string;
+        CN?: string | string[];
     }
     interface PeerCertificate {
         /**
