crypto: Expose the public key of a certificate & cert sha256 (!17690) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/Hannes-Magnusson-CK/sha256-and-pubkey into master Dec 14, 2017

Expose the raw public key of the certificate. This is needed for applications to be able to pin the public key rather then the exact certificate. This also makes it a lot easier to implement HPKP, but to be able to do proper HPKP we need to have access the the issuer certificate too, so we are now passing the "detailed" certificate to checkServerIdentity.

The certificate object contains the SHA1 fingerprint of the certificate. That is getting a little date so I've added the SHA256 as cert.fingerprint256.

Also added docs on how to do cert pinning and pubkey pinning.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Affected core subsystem(s)

crypto
doc

Admin message

Admin message

crypto: Expose the public key of a certificate & cert sha256

Checklist

Affected core subsystem(s)

Merge request reports