On Fri, Aug 9, 2013 at 4:33 AM, Hseu-Ming Chen <[email protected]> wrote: > For the serial number that i was referring to: if you look at the content of > one of the client-side certs i issued: > > ======================================================== > % openssl x509 -in foo.cert -text -noout > > Certificate: > Data: > Version: 1 (0x0) > Serial Number: 5 (0x5) > Signature Algorithm: sha1WithRSAEncryption > Issuer: .... > Validity > ... > Subject: ... > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > ...... > Exponent: 65537 (0x10001) > Signature Algorithm: sha1WithRSAEncryption > a3:c2:31:d3:ea:c9:67:46:1c:5a:59:15:45:51:ef:c8:2d:99: > ======================================================== > > you will find the line: > Serial Number: 5 (0x5) > > Or if you visit: > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/7.3/html/Administration_Guide/Administration_Guide-Introduction_to_CRL_Extensions-Sample_CRL_and_CRL_Entry_Extensions.html > you will see the following: > > ======================================================== > Certificate Revocation List: > Data: > Version: v2 > ... > Extensions: > > Identifier: Authority Key Identifier > ... > Serial Number: 0x12 > ... > ======================================================== > > In order to implement a simple CRL on my server (really a [private|local] CA > + reverse proxy), i plan to rely on the serial numbers. However, i can't > find any info about retrieving the serial number of an incoming cert. Or > should i simply use the CN as in: > req.connection.getPeerCertificate().subject.CN > instead since there is one-one-correspondence between CNs and the serial > numbers. > > A quick question: when the client connects with X.509 certs, is the serial > number info available in the entire SSL/TLS handshake process? > > Thanks.
Right. Node.js currently doesn't support that but it's reasonably straightforward to add. If you open an issue, we'll look into it. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
