Skip to content

Add a valid property to X509Certificate #52931

New issue
New issue
Closed
#54159
Closed
Add a valid property to X509Certificate#52931
#54159
Labels
cryptoIssues and PRs related to the crypto subsystem.feature requestIssues that request new features to be added to Node.js.
@thernstig

Description

@thernstig
thernstig
opened on May 10, 2024

What is the problem this feature will solve?

I want to verify the validity of an X.509 certificate with a new property x509.valid.

What is the feature you are proposing to solve the problem?

Information about a X.509 certificate can be retrieved via:

import { X509Certificate } = from 'node:crypto';

const x509 = new X509Certificate('{... pem encoded cert ...}');

console.log(x509);

The properties x509.validTo and x509.validFrom prints strings of the datetimes, but they are in a complex format, see https://github.com/openssl/openssl/blob/4a5088259e78127354f497931568de409ac905fc/crypto/asn1/a_time.c#L488-L549, and thus hard to parse into Date objects.

The openssl CLI command has a way to see if a certificate is valid or not:

openssl x509 -noout -checkend 0 -in ./ca.crt

I wish for a new property valid (boolean) to be added to an X509Certificate.

What alternatives have you considered?

Using await execFile('openssl', ...) but that is not ideal as I have to invoke a new process and also make sure that openssl exists in the system which it might not do in e.g. containers.

Ideally though there would be an output of validTo and validFrom that had proper JavaScript Date objects. That would make it possible to warn about expiry etc. in an easier way before it even happens.

Metadata

Metadata

Assignees

No one assigned

    Labels

    cryptoIssues and PRs related to the crypto subsystem.feature requestIssues that request new features to be added to Node.js.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions