Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a valid property to X509Certificate #52931

Closed
thernstig opened this issue May 10, 2024 · 3 comments · Fixed by #54159
Closed

Add a valid property to X509Certificate #52931

thernstig opened this issue May 10, 2024 · 3 comments · Fixed by #54159
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js.

Comments

@thernstig
Copy link
Contributor

thernstig commented May 10, 2024
edited
Loading

What is the problem this feature will solve?

I want to verify the validity of an X.509 certificate with a new property x509.valid.

What is the feature you are proposing to solve the problem?

Information about a X.509 certificate can be retrieved via:

import { X509Certificate } = from 'node:crypto';

const x509 = new X509Certificate('{... pem encoded cert ...}');

console.log(x509);

The properties x509.validTo and x509.validFrom prints strings of the datetimes, but they are in a complex format, see https://github.com/openssl/openssl/blob/4a5088259e78127354f497931568de409ac905fc/crypto/asn1/a_time.c#L488-L549, and thus hard to parse into Date objects.

The openssl CLI command has a way to see if a certificate is valid or not:

openssl x509 -noout -checkend 0 -in ./ca.crt

I wish for a new property valid (boolean) to be added to an X509Certificate.

What alternatives have you considered?

Using await execFile('openssl', ...) but that is not ideal as I have to invoke a new process and also make sure that openssl exists in the system which it might not do in e.g. containers.

Ideally though there would be an output of validTo and validFrom that had proper JavaScript Date objects. That would make it possible to warn about expiry etc. in an easier way before it even happens.
@thernstig thernstig added the feature request Issues that request new features to be added to Node.js. label May 10, 2024
@thernstig thernstig changed the title Add a validity property to X509Certificate Add a valid property to X509Certificate May 10, 2024
@VoltrexKeyva VoltrexKeyva added the crypto Issues and PRs related to the crypto subsystem. label May 10, 2024
@RulerOfCakes RulerOfCakes mentioned this issue Aug 1, 2024
Merged
@lppedd
Copy link

lppedd commented Aug 16, 2024
edited
Loading

Could we also add the format in which validTo and validFrom are returned in the documentation?
It's disappointing to have to navigate to source code to find an answer.

@thernstig
Copy link
Contributor Author

I wish they were returned as Date object, but since that is a breaking change maybe a new property is needed.

@lppedd
Copy link

lppedd commented Aug 17, 2024
edited
Loading

Seems like the linked PR will be merged soon.
However, not everyone has the luxury of adopting the newest version, so better docs would go a long way.

For future reference, you can find the format in test cases:

node/test/parallel/test-crypto-x509.js

Lines 97 to 98 in e4f61de

assert.strictEqual(x509.validFrom, 'Sep 3 21:40:37 2022 GMT');
assert.strictEqual(x509.validTo, 'Jun 17 21:40:37 2296 GMT');

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crypto: add validFromDate and validToDate fields to X509Certificate RulerOfCakes/node
3 participants
@lppedd @thernstig @VoltrexKeyva