• Version: v14.0.0-pre (master)
• Platform: Windows 10 Version 1903 64-bit (OS Build 18362.657)
• Subsystem: crypto / tls

What steps will reproduce the bug?

1. Set NODE_EXTRA_CA_CERTS environment variable to a root certificate file.
2. Read contents of tls.rootCertificates array.

How often does it reproduce? Is there a required condition?

Reproduces 100% of the time.

What is the expected behavior?

tls.rootCertificates array should contain the root certificate supplied in NODE_EXTRA_CA_CERTS. Documentation for tls.rootCertificates (https://nodejs.org/api/tls.html#tls_tls_rootcertificates) states that it "represents the root certificates used for verifying peer certificates" and that it is the "default value of the ca option to tls.createSecureContext()".

The certificate supplied to NODE_EXTRA_CA_CERTS is used to verify peer certificates and is also used in the default value of the ca option to tls.createSecureContext()'. It's omission from tls.rootCertificates is a defect.

What do you see instead?

Contents of tls.rootCertificates contains only the hard-coded set of node.js root certificates when NODE_EXTRA_CA_CERTS is supplied.