Skip to content

Instantly share code, notes, and snippets.

@blakmatrix
Created December 14, 2012 18:57
Show Gist options
  • Save blakmatrix/4287680 to your computer and use it in GitHub Desktop.
Save blakmatrix/4287680 to your computer and use it in GitHub Desktop.
Using unix socket to test cert, key, and ca for validity/cert was issued by ca, and domain on per certificate matches given domain name
var path = require('path'),
fs = require('fs'),
net = require('net'),
crypto = require('crypto'),
tls = require('tls'),
util = require('util');
function checkCertDomain(certPem, keyPem, caPem, domain, cb) {
var sockPath = 'tls.sock',
options = {
key: keyPem,
cert: certPem,
ca: caPem
};
fs.unlink(sockPath, function () {
var server = tls.createServer(options, function(c) {
console.log('server connected');
c.end("The end.");
/*c.on('end', function() {
console.log('server disconnected');
});*/
}).listen(sockPath);
var sock = new net.Socket({ type: 'unix'});
sock.connect(sockPath);
var socket = tls.connect({
socket: sock,
rejectUnauthorized: false
}, function() {
var peerCert = socket.getPeerCertificate();
if(!socket.authorized) {
var str = "Authorization Failure: " + util.inspect(socket.authorizationError);
console.log(str);
/* might need to let 'Hostname/IP doesn\'t match certificate\'s altnames' errors pass? */
cb(new Error(str));
}
console.log(util.inspect(socket.getCipher()));
console.log(util.inspect(peerCert));
server.close();
if(peerCert.subject.CN === domain) {
cb(null, true );
}else{
return cb(new Error('Domain does not match the domain in the Certifcate.\n domain:'+ domain +', certificate: ' + peerCert.subject.CN));
}
});
});
}
var sep = '-----END CERTIFICATE-----';
checkCertDomain(fs.readFileSync('cert.pem'),
fs.readFileSync('key.pem'),
fs.readFileSync('ca.pem').toString().split(sep)
.filter( function(i) { if(i !== '') {return true;} })
.map( function(i) { return i.concat(sep); }),
'domain.com',
function(err) {
if(err) {
console.log(err);
}
console.log('DONE!');
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment