tls: getPeerCertificate(detailed)

Add `raw` property to certificate, add mode to output full certificate
chain.

Author: indutny

doc/api/tls.markdown

@@ -644,27 +644,32 @@ specified CAs, otherwise `false`
 The reason why the peer's certificate has not been verified. This property
 becomes available only when `tlsSocket.authorized === false`.
 
-### tlsSocket.getPeerCertificate()
+### tlsSocket.getPeerCertificate([ detailed ])
 
 Returns an object representing the peer's certificate. The returned object has
-some properties corresponding to the field of the certificate.
+some properties corresponding to the field of the certificate. If `detailed`
+argument is `true` - the full chain with `issuer` property will be returned,
+if `false` - only the top certificate without `issuer` property.
 
 Example:
 
-    { subject: 
+    { subject:
        { C: 'UK',
          ST: 'Acknack Ltd',
          L: 'Rhys Jones',
          O: 'node.js',
          OU: 'Test TLS Certificate',
          CN: 'localhost' },
-      issuer: 
+      issuerInfo:
        { C: 'UK',
          ST: 'Acknack Ltd',
          L: 'Rhys Jones',
          O: 'node.js',
          OU: 'Test TLS Certificate',
          CN: 'localhost' },
+      issuer:
+       { ... another certificate ... },
+      raw: < RAW DER buffer >,
       valid_from: 'Nov 11 09:52:22 2009 GMT',
       valid_to: 'Nov  6 09:52:22 2029 GMT',
       fingerprint: '2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF',

lib/_tls_common.js

@@ -134,6 +134,9 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
     return null;
 
   if (c.issuer) c.issuer = tls.parseCertString(c.issuer);
+  if (c.issuerCertificate && c.issuerCertificate !== c) {
+    c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);
+  }
   if (c.subject) c.subject = tls.parseCertString(c.subject);
   if (c.infoAccess) {
     var info = c.infoAccess;

lib/_tls_legacy.js

@@ -378,9 +378,11 @@ CryptoStream.prototype.__defineGetter__('bytesWritten', function() {
   return this.socket ? this.socket.bytesWritten : 0;
 });
 
-CryptoStream.prototype.getPeerCertificate = function() {
-  if (this.pair.ssl)
-    return common.translatePeerCertificate(this.pair.ssl.getPeerCertificate());
+CryptoStream.prototype.getPeerCertificate = function(detailed) {
+  if (this.pair.ssl) {
+    return common.translatePeerCertificate(
+      this.pair.ssl.getPeerCertificate(detailed));
+  }
 
   return null;
 };

lib/_tls_wrap.js

@@ -473,9 +473,11 @@ TLSSocket.prototype.setSession = function(session) {
   this.ssl.setSession(session);
 };
 
-TLSSocket.prototype.getPeerCertificate = function() {
-  if (this.ssl)
-    return common.translatePeerCertificate(this.ssl.getPeerCertificate());
+TLSSocket.prototype.getPeerCertificate = function(detailed) {
+  if (this.ssl) {
+    return common.translatePeerCertificate(
+      this.ssl.getPeerCertificate(detailed));
+  }
 
   return null;
 };

src/env.h

@@ -120,6 +120,7 @@ namespace node {
   V(ipv6_lc_string, "ipv6")                                                   \
   V(ipv6_string, "IPv6")                                                      \
   V(issuer_string, "issuer")                                                  \
+  V(issuercert_string, "issuerCertificate")                                   \
   V(kill_signal_string, "killSignal")                                         \
   V(mac_string, "mac")                                                        \
   V(mark_sweep_compact_string, "mark-sweep-compact")                          \
@@ -169,6 +170,7 @@ namespace node {
   V(priority_string, "priority")                                              \
   V(processed_string, "processed")                                            \
   V(prototype_string, "prototype")                                            \
+  V(raw_string, "raw")                                                        \
   V(rdev_string, "rdev")                                                      \
   V(readable_string, "readable")                                              \
   V(received_shutdown_string, "receivedShutdown")                             \