getPeerX509Certificate() supports getting chain of certificates
#44905
Labels
feature request
Issues that request new features to be added to Node.js.
tls
Issues and PRs related to the tls subsystem.
Comments
vinayak-kukreja
added
the
feature request
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Oct 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: nodejs#44905
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Oct 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: nodejs#44905
|
Thank you for working on this, really appreciate it. :) |
|
PRs stay open a minimum of 48 hours in general and must pass CI before they can land. |
|
Hey, following up here. When could it be possible to get this merged? |
|
Hey, any updates about when the fix can be merged? |
nodejs-github-bot
pushed a commit
that referenced
this issue
Nov 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
lucshi
pushed a commit
to lucshi/node
that referenced
this issue
Nov 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: nodejs#44905 PR-URL: nodejs#44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS
pushed a commit
that referenced
this issue
Nov 10, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Dec 30, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Dec 30, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Jan 3, 2023
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Jan 4, 2023
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the problem this feature will solve?
Trying to verify if a certificate is a root certificate involves having the
subjectand theissueras same inPeerCertificateand knowing the the certificate was signed by CA.I see we can get a chain of certificates using
getPeerCertificate(true)but it does not have a property to verify ifca: truelike theX509Certificate.What is the feature you are proposing to solve the problem?
Wondering if it would be possible to either include this property in
PeerCertificateor allowing chaining ingetPeerX509Certificate().What alternatives have you considered?
I did not find a way to verify
ca: trueinPeerCertificate. Let me know if you believe this can be done with current chaining that is available.The text was updated successfully, but these errors were encountered: