tls: include elliptic curve X.509 public key info

X.509 certs are provided to the user in a parsed object form by a number
of TLS APIs. Include public key info for elliptic curves as well, not
just RSA.
- pubkey: the public key
- bits: the strength of the curve
- asn1Curve: the ASN.1 OID for the curve
- nistCurve: the NIST nickname for the curve, if it has one

PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

1 files changed, 18 insertions, 1 deletions

diff --git a/doc/api/tls.md b/doc/api/tls.md
index 3f52b7872c..877aee128e 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -649,6 +649,12 @@ If the full certificate chain was requested, each certificate will include an
 certificate.
 
 #### Certificate Object
+<!-- YAML
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/24358
+    description: Support Elliptic Curve public key info.
+-->
 
 A certificate object has properties corresponding to the fields of the
 certificate.
@@ -688,7 +694,18 @@ For RSA keys, the following properties may be defined:
    `'B56CE45CB7...'`.
 * `pubkey` {Buffer} The public key.
 
-
+For EC keys, the following properties may be defined:
+* `pubkey` {Buffer} The public key.
+* `bits` {number} The key size in bits. Example: `256`.
+* `asn1Curve` {string} (Optional) The ASN.1 name of the OID of the elliptic
+  curve. Well-known curves are identified by an OID. While it is unusual, it is
+  possible that the curve is identified by its mathematical properties, in which
+  case it will not have an OID. Example: `'prime256v1'`.
+* `nistCurve` {string} (Optional) The NIST name for the elliptic curve, if it
+  has one (not all well-known curves have been assigned names by NIST). Example:
+  `'P-256'`.
+
+Example certificate:
 ```text
 { subject:
    { OU: [ 'Domain Control Validated', 'PositiveSSL Wildcard' ],