From fe303b9b2dd8224e368ed69d6b797bc34dd94d07 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Fri, 9 Nov 2018 15:05:34 -0800 Subject: tls: include elliptic curve X.509 public key info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X.509 certs are provided to the user in a parsed object form by a number of TLS APIs. Include public key info for elliptic curves as well, not just RSA. - pubkey: the public key - bits: the strength of the curve - asn1Curve: the ASN.1 OID for the curve - nistCurve: the NIST nickname for the curve, if it has one PR-URL: https://github.com/nodejs/node/pull/24358 Reviewed-By: Ben Noordhuis Reviewed-By: Tobias Nießen --- doc/api/tls.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'doc/api/tls.md') diff --git a/doc/api/tls.md b/doc/api/tls.md index 3f52b7872c..877aee128e 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -649,6 +649,12 @@ If the full certificate chain was requested, each certificate will include an certificate. #### Certificate Object + A certificate object has properties corresponding to the fields of the certificate. @@ -688,7 +694,18 @@ For RSA keys, the following properties may be defined: `'B56CE45CB7...'`. * `pubkey` {Buffer} The public key. - +For EC keys, the following properties may be defined: +* `pubkey` {Buffer} The public key. +* `bits` {number} The key size in bits. Example: `256`. +* `asn1Curve` {string} (Optional) The ASN.1 name of the OID of the elliptic + curve. Well-known curves are identified by an OID. While it is unusual, it is + possible that the curve is identified by its mathematical properties, in which + case it will not have an OID. Example: `'prime256v1'`. +* `nistCurve` {string} (Optional) The NIST name for the elliptic curve, if it + has one (not all well-known curves have been assigned names by NIST). Example: + `'P-256'`. + +Example certificate: ```text { subject: { OU: [ 'Domain Control Validated', 'PositiveSSL Wildcard' ], -- cgit v1.2.3