-
-
Notifications
You must be signed in to change notification settings - Fork 35.7k
Add a valid property to X509CertificateΒ #52931
Copy link
Copy link
Closed
Labels
cryptoIssues and PRs related to the crypto subsystem.Issues and PRs related to the crypto subsystem.feature requestIssues that request new features to be added to Node.js.Issues that request new features to be added to Node.js.
Description
Metadata
Metadata
Assignees
Labels
cryptoIssues and PRs related to the crypto subsystem.Issues and PRs related to the crypto subsystem.feature requestIssues that request new features to be added to Node.js.Issues that request new features to be added to Node.js.
Type
Fields
Give feedbackNo fields configured for issues without a type.
What is the problem this feature will solve?
I want to verify the validity of an X.509 certificate with a new property
x509.valid.What is the feature you are proposing to solve the problem?
Information about a X.509 certificate can be retrieved via:
The properties
x509.validToandx509.validFromprints strings of the datetimes, but they are in a complex format, see https://github.com/openssl/openssl/blob/4a5088259e78127354f497931568de409ac905fc/crypto/asn1/a_time.c#L488-L549, and thus hard to parse intoDateobjects.The
opensslCLI command has a way to see if a certificate is valid or not:I wish for a new property
valid(boolean) to be added to anX509Certificate.What alternatives have you considered?
Using
await execFile('openssl', ...)but that is not ideal as I have to invoke a new process and also make sure thatopensslexists in the system which it might not do in e.g. containers.Ideally though there would be an output of
validToandvalidFromthat had proper JavaScript Date objects. That would make it possible to warn about expiry etc. in an easier way before it even happens.