blakmatrix/gist:4287680

## gistfile1.js
var path   = require('path'),
    fs     = require('fs'),
    net    = require('net'),
    crypto = require('crypto'),
    tls    = require('tls'),
    util   = require('util');


 function checkCertDomain(certPem, keyPem, caPem, domain, cb) {
  var sockPath = 'tls.sock',
      options  = {
        key: keyPem,
        cert: certPem,
        ca: caPem
      };


  fs.unlink(sockPath, function () {

    var server = tls.createServer(options, function(c) {
      console.log('server connected');
      c.end("The end.");
      /*c.on('end', function() {
        console.log('server disconnected');
      });*/
    }).listen(sockPath);
    var sock = new net.Socket({ type: 'unix'});
    sock.connect(sockPath);


    var socket = tls.connect({
        socket: sock,
        rejectUnauthorized: false
      }, function() {
        var peerCert = socket.getPeerCertificate();
        if(!socket.authorized) {
          var str = "Authorization Failure: " + util.inspect(socket.authorizationError);
          console.log(str);
          /* might need to let 'Hostname/IP doesn\'t match certificate\'s altnames' errors pass? */
          cb(new Error(str));
        }
        console.log(util.inspect(socket.getCipher()));
        console.log(util.inspect(peerCert));
        server.close();
        if(peerCert.subject.CN === domain) {
          cb(null, true );
        }else{
          return cb(new Error('Domain does not match the domain in the Certifcate.\n domain:'+ domain +', certificate: ' + peerCert.subject.CN));
        }
      });
  });
}
var sep = '-----END CERTIFICATE-----';
checkCertDomain(fs.readFileSync('cert.pem'),
                fs.readFileSync('key.pem'),
                fs.readFileSync('ca.pem').toString().split(sep)
                                         .filter( function(i) { if(i !== '') {return true;} })
                                         .map( function(i) { return i.concat(sep); }),
                'domain.com',
                function(err) {
  if(err) {
    console.log(err);
  }
  console.log('DONE!');
});
	var path = require('path'),
	fs = require('fs'),
	net = require('net'),
	crypto = require('crypto'),
	tls = require('tls'),
	util = require('util');


	function checkCertDomain(certPem, keyPem, caPem, domain, cb) {
	var sockPath = 'tls.sock',
	options = {
	key: keyPem,
	cert: certPem,
	ca: caPem
	};



	fs.unlink(sockPath, function () {

	var server = tls.createServer(options, function(c) {
	console.log('server connected');
	c.end("The end.");
	/*c.on('end', function() {
	console.log('server disconnected');
	});*/
	}).listen(sockPath);
	var sock = new net.Socket({ type: 'unix'});
	sock.connect(sockPath);


	var socket = tls.connect({
	socket: sock,
	rejectUnauthorized: false
	}, function() {
	var peerCert = socket.getPeerCertificate();
	if(!socket.authorized) {
	var str = "Authorization Failure: " + util.inspect(socket.authorizationError);
	console.log(str);
	/* might need to let 'Hostname/IP doesn\'t match certificate\'s altnames' errors pass? */
	cb(new Error(str));
	}
	console.log(util.inspect(socket.getCipher()));
	console.log(util.inspect(peerCert));
	server.close();
	if(peerCert.subject.CN === domain) {
	cb(null, true );
	}else{
	return cb(new Error('Domain does not match the domain in the Certifcate.\n domain:'+ domain +', certificate: ' + peerCert.subject.CN));
	}
	});
	});
	}
	var sep = '-----END CERTIFICATE-----';
	checkCertDomain(fs.readFileSync('cert.pem'),
	fs.readFileSync('key.pem'),
	fs.readFileSync('ca.pem').toString().split(sep)
	.filter( function(i) { if(i !== '') {return true;} })
	.map( function(i) { return i.concat(sep); }),
	'domain.com',
	function(err) {
	if(err) {
	console.log(err);
	}
	console.log('DONE!');
	});