Skip to content

doc: clarify x509.checkIssued only checks metadata #58457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 28, 2025
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -2651,7 +2651,23 @@ added: v15.6.0
* `otherCert` {X509Certificate}
* Returns: {boolean}

Checks whether this certificate was issued by the given `otherCert`.
Checks whether this certificate was potentially issued by the given `otherCert`
by comparing the certificate metadata.

This is useful for pruning a list of possible issuer certificates which have been
selected using a more rudimentary filtering routine, i.e. just based on subject
and issuer names.

Finally, to verify that this certificate's signature was produced by a private key
corresponding to `otherCert`'s public key use [`x509.verify(publicKey)`][]
with `otherCert`'s public key represented as a [`KeyObject`][]
like so

```js
if (!x509.verify(otherCert.publicKey)) {
throw new Error('otherCert did not issue x509');
}
```

### `x509.checkPrivateKey(privateKey)`

Expand Down Expand Up @@ -6205,6 +6221,7 @@ See the [list of SSL OP Flags][] for details.
[`verify.update()`]: #verifyupdatedata-inputencoding
[`verify.verify()`]: #verifyverifyobject-signature-signatureencoding
[`x509.fingerprint256`]: #x509fingerprint256
[`x509.verify(publicKey)`]: #x509verifypublickey
[caveats when using strings as inputs to cryptographic APIs]: #using-strings-as-inputs-to-cryptographic-apis
[certificate object]: tls.md#certificate-object
[encoding]: buffer.md#buffers-and-character-encodings
Expand Down
Loading