diff --git a/lib/internal/crypto/x509.js b/lib/internal/crypto/x509.js index 30005390a4571e..6d58cd35e45118 100644 --- a/lib/internal/crypto/x509.js +++ b/lib/internal/crypto/x509.js @@ -140,6 +140,7 @@ class X509Certificate { fingerprint512: this.fingerprint512, keyUsage: this.keyUsage, serialNumber: this.serialNumber, + extensions: this.extensions, }, opts)}`; } @@ -265,6 +266,15 @@ class X509Certificate { return value; } + get extensions() { + let value = this[kInternalState].get('extensions'); + if (value === undefined) { + value = this[kHandle].extensions(); + this[kInternalState].set('extensions', value); + } + return value; + } + get raw() { let value = this[kInternalState].get('raw'); if (value === undefined) { diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js index e6ae4d886908cb..b0512908f0ddc9 100644 --- a/test/parallel/test-x509-escaping.js +++ b/test/parallel/test-x509-escaping.js @@ -502,3 +502,35 @@ const { hasOpenSSL3 } = common; }, common.mustCall()); })); } + +// certificateExtensions test +{ + const pem = fixtures.readSync('x509-certificate-extensions.pem', 'utf8'); + + const cert = new X509Certificate(pem); + const expectedExtensions = { + '1.3.6.1.5.5.7.1.1': Buffer.from('test').toString('base64'), + '1.3.6.1.5.5.7.1.2': 'http://example.com/', + }; + + assert.deepStrictEqual(cert.certificateExtensions, expectedExtensions); + + const serverKey = fixtures.readSync('x509-certificate-extensions-key.pem', 'utf8'); + + const server = tls.createServer({ + key: serverKey, + cert: pem, + }, common.mustCall((conn) => { + conn.destroy(); + server.close(); + })).listen(common.mustCall(() => { + const { port } = server.address(); + tls.connect(port, { + ca: pem, + servername: 'example.com', + checkServerIdentity: (peerCert) => { + assert.deepStrictEqual(peerCert.certificateExtensions, expectedExtensions); + }, + }, common.mustCall()); + })); +}