@@ -2651,7 +2651,23 @@ added: v15.6.0
|
2651 | 2651 | * `otherCert` {X509Certificate} |
2652 | 2652 | * Returns: {boolean} |
2653 | 2653 | |
2654 | | -Checks whether this certificate was issued by the given `otherCert`. |
| 2654 | +Checks whether this certificate was potentially issued by the given `otherCert` |
| 2655 | +by comparing the certificate metadata. |
| 2656 | + |
| 2657 | +This is useful for pruning a list of possible issuer certificates which have been |
| 2658 | +selected using a more rudimentary filtering routine, i.e. just based on subject |
| 2659 | +and issuer names. |
| 2660 | + |
| 2661 | +Finally, to verify that this certificate's signature was produced by a private key |
| 2662 | +corresponding to `otherCert`'s public key use [`x509.verify(publicKey)`][] |
| 2663 | +with `otherCert`'s public key represented as a [`KeyObject`][] |
| 2664 | +like so |
| 2665 | + |
| 2666 | +```js |
| 2667 | +if (!x509.verify(otherCert.publicKey)) { |
| 2668 | +throw new Error('otherCert did not issue x509'); |
| 2669 | +} |
| 2670 | +``` |
2655 | 2671 | |
2656 | 2672 | ### `x509.checkPrivateKey(privateKey)` |
2657 | 2673 | |
@@ -6205,6 +6221,7 @@ See the [list of SSL OP Flags][] for details.
|
6205 | 6221 | [`verify.update()`]: #verifyupdatedata-inputencoding |
6206 | 6222 | [`verify.verify()`]: #verifyverifyobject-signature-signatureencoding |
6207 | 6223 | [`x509.fingerprint256`]: #x509fingerprint256 |
| 6224 | +[`x509.verify(publicKey)`]: #x509verifypublickey |
6208 | 6225 | [caveats when using strings as inputs to cryptographic APIs]: #using-strings-as-inputs-to-cryptographic-apis |
6209 | 6226 | [certificate object]: tls.md#certificate-object |
6210 | 6227 | [encoding]: buffer.md#buffers-and-character-encodings |
|