Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Support for X509, OCSP, CRL, ASN1 and TLS session details. #3662

rmhrisk opened this Issue · 12 comments

6 participants


Go currently has support for a ton of rich information about TLS and PKI related objects, see: and the TLS, X509 and PKIX objects.

Go's coverage isnt perfect but its enough to do some cool stuff that today can't be done directly in Node.

I would love to see this stuff exposed in node also, a few examples this would enable include:

  1. SSL configuration checker -
  2. Certificate Crawler -
  3. SSL support tools -
  4. ASN1 diagostics -



Pretty sorry to see this go totally unanswered; these features are absolutely essential for Node users to be able to write secure and security-related software. At the very least, OCSP support is absolutely mandatory for secure TLS. ASN.1 has traditionally been very difficult and complex to implement, but OCSP support for TLS can be exposed just by an extension of the TLS binding; OpenSSL already supports it internally. Can we get at least a response to this?


Can we get at least a response to this?

Of course. The official response is (no snark intended): we take patches.


I have on my list to see about contributing something here at some point but in the meantime I had a simple restful web service thrown together that does some of this: people can use, I will also post the source on GitHub soon (its in golang).


I heard the TLS module is getting some fairly serious overhauls for 0.11 / 0.12. Is any of this on the way? @indutny?


There is no point in ASN.1 in core, since you could do it in user-land, for example: . And OCSP is definitely in my future plans, but not for v0.12 as we are trying to release it now.

@indutny indutny added this to the v0.13 milestone

@indutny ... any further thoughts on this one?


Since this issue was opened a friend and I did this :


@rmhrisk :+1: userland solutions are awesome. If you feel there's still a need for this functionality in core, let us know and we can reopen this issue.

@jasnell jasnell closed this

Doesn't core TLS still need to be extended to support OCSP?


Would also be nice if there was a polyfill for webcrypto so user land could do crypto securely


It does support OCSP already!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.