diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2018-11-09 15:05:34 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2018-11-20 13:21:08 -0800 |
commit | fe303b9b2dd8224e368ed69d6b797bc34dd94d07 (patch) | |
tree | 2591608d18e88eb9c21a099c0ef02eff0f8291d3 /doc/api/tls.md | |
parent | a856406c2dc0f6edf9b33067cd91fa1a71eab041 (diff) | |
download | android-node-v8-fe303b9b2dd8224e368ed69d6b797bc34dd94d07.tar.gz android-node-v8-fe303b9b2dd8224e368ed69d6b797bc34dd94d07.tar.bz2 android-node-v8-fe303b9b2dd8224e368ed69d6b797bc34dd94d07.zip |
tls: include elliptic curve X.509 public key info
X.509 certs are provided to the user in a parsed object form by a number
of TLS APIs. Include public key info for elliptic curves as well, not
just RSA.
- pubkey: the public key
- bits: the strength of the curve
- asn1Curve: the ASN.1 OID for the curve
- nistCurve: the NIST nickname for the curve, if it has one
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r-- | doc/api/tls.md | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 3f52b7872c..877aee128e 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -649,6 +649,12 @@ If the full certificate chain was requested, each certificate will include an certificate. #### Certificate Object +<!-- YAML +changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/24358 + description: Support Elliptic Curve public key info. +--> A certificate object has properties corresponding to the fields of the certificate. @@ -688,7 +694,18 @@ For RSA keys, the following properties may be defined: `'B56CE45CB7...'`. * `pubkey` {Buffer} The public key. - +For EC keys, the following properties may be defined: +* `pubkey` {Buffer} The public key. +* `bits` {number} The key size in bits. Example: `256`. +* `asn1Curve` {string} (Optional) The ASN.1 name of the OID of the elliptic + curve. Well-known curves are identified by an OID. While it is unusual, it is + possible that the curve is identified by its mathematical properties, in which + case it will not have an OID. Example: `'prime256v1'`. +* `nistCurve` {string} (Optional) The NIST name for the elliptic curve, if it + has one (not all well-known curves have been assigned names by NIST). Example: + `'P-256'`. + +Example certificate: ```text { subject: { OU: [ 'Domain Control Validated', 'PositiveSSL Wildcard' ], |