-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
getPeerX509Certificate()
supports getting chain of certificates
#44905
Labels
feature request
Issues that request new features to be added to Node.js.
tls
Issues and PRs related to the tls subsystem.
Comments
vinayak-kukreja
added
the
feature request
Issues that request new features to be added to Node.js.
label
Oct 6, 2022
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Oct 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: nodejs#44905
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Oct 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: nodejs#44905
Thank you for working on this, really appreciate it. :) |
PRs stay open a minimum of 48 hours in general and must pass CI before they can land. |
Hey, following up here. When could it be possible to get this merged? |
Hey, any updates about when the fix can be merged? |
nodejs-github-bot
pushed a commit
that referenced
this issue
Nov 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
lucshi
pushed a commit
to lucshi/node
that referenced
this issue
Nov 9, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: nodejs#44905 PR-URL: nodejs#44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS
pushed a commit
that referenced
this issue
Nov 10, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Dec 30, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Dec 30, 2022
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Jan 3, 2023
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
danielleadams
pushed a commit
that referenced
this issue
Jan 4, 2023
The objects returned by getPeerCertificate() now have an additional "ca" boolean property that indicates whether the certificate is a Certificate Authority certificate or not. Fixes: #44905 PR-URL: #44935 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <midawson@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
feature request
Issues that request new features to be added to Node.js.
tls
Issues and PRs related to the tls subsystem.
What is the problem this feature will solve?
Trying to verify if a certificate is a root certificate involves having the
subject
and theissuer
as same inPeerCertificate
and knowing the the certificate was signed by CA.I see we can get a chain of certificates using
getPeerCertificate(true)
but it does not have a property to verify ifca: true
like theX509Certificate
.What is the feature you are proposing to solve the problem?
Wondering if it would be possible to either include this property in
PeerCertificate
or allowing chaining ingetPeerX509Certificate()
.What alternatives have you considered?
I did not find a way to verify
ca: true
inPeerCertificate
. Let me know if you believe this can be done with current chaining that is available.The text was updated successfully, but these errors were encountered: