+18
-1
lines changedFilter options
+18
-1
lines changed Original file line number Diff line number Diff line change
@@ -2651,7 +2651,23 @@ added: v15.6.0
2651 2651
* `otherCert` {X509Certificate}
2652 2652
* Returns: {boolean}
2653 2653 2654 -
Checks whether this certificate was issued by the given `otherCert`.
2654 +
Checks whether this certificate was potentially issued by the given `otherCert`
2655 +
by comparing the certificate metadata.
2656 + 2657 +
This is useful for pruning a list of possible issuer certificates which have been
2658 +
selected using a more rudimentary filtering routine, i.e. just based on subject
2659 +
and issuer names.
2660 + 2661 +
Finally, to verify that this certificate's signature was produced by a private key
2662 +
corresponding to `otherCert`'s public key use [`x509.verify(publicKey)`][]
2663 +
with `otherCert`'s public key represented as a [`KeyObject`][]
2664 +
like so
2665 + 2666 +
```js
2667 +
if (!x509.verify(otherCert.publicKey)) {
2668 +
throw new Error('otherCert did not issue x509');
2669 +
}
2670 +
```
2655 2671 2656 2672
### `x509.checkPrivateKey(privateKey)`
2657 2673
@@ -6205,6 +6221,7 @@ See the [list of SSL OP Flags][] for details.
6205 6221
[`verify.update()`]: #verifyupdatedata-inputencoding
6206 6222
[`verify.verify()`]: #verifyverifyobject-signature-signatureencoding
6207 6223
[`x509.fingerprint256`]: #x509fingerprint256
6224 +
[`x509.verify(publicKey)`]: #x509verifypublickey
6208 6225
[caveats when using strings as inputs to cryptographic APIs]: #using-strings-as-inputs-to-cryptographic-apis
6209 6226
[certificate object]: tls.md#certificate-object
6210 6227
[encoding]: buffer.md#buffers-and-character-encodings
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4