What are the mutual auth checks done by node.js tls module?

Question

I've copied the text from the reference manual from here

Verifies the certificate cert is issued to hostname

This function can be overwritten by providing alternative function as part of the options.checkServerIdentity option passed to tls.connect(). The overwriting function can call tls.checkServerIdentity() of course, to augment the checks done with additional verification.

So, my question is what are the checks done in tls.checkServerIdentity() to verify certificate ? does it include dns resolution of host present in request ? I'm doing a mutual auth tls and would like to do dns resolution of host if its not done already in the tls.checkServerIdentity()

score 0 · Accepted Answer · answered Nov 21 '19 at 09:53

0

I found the answer by looking at the source code of checkServerIdentity here

It checks SAN and CN fields of certificate to see a match of hostname.

answered Nov 21 '19 at 09:53

Technoshaft

679
6
18

What are the mutual auth checks done by node.js tls module?

1 Answers1