Add a valid property to X509Certificate

[thernstig]

What is the problem this feature will solve?

I want to verify the validity of an X.509 certificate with a new property x509.valid.

What is the feature you are proposing to solve the problem?

Information about a X.509 certificate can be retrieved via:

import { X509Certificate } = from 'node:crypto';

const x509 = new X509Certificate('{... pem encoded cert ...}');

console.log(x509);

The properties x509.validTo and x509.validFrom prints strings of the datetimes, but they are in a complex format, see https://github.com/openssl/openssl/blob/4a5088259e78127354f497931568de409ac905fc/crypto/asn1/a_time.c#L488-L549, and thus hard to parse into Date objects.

The openssl CLI command has a way to see if a certificate is valid or not:

openssl x509 -noout -checkend 0 -in ./ca.crt

I wish for a new property valid (boolean) to be added to an X509Certificate.

What alternatives have you considered?

Using await execFile('openssl', ...) but that is not ideal as I have to invoke a new process and also make sure that openssl exists in the system which it might not do in e.g. containers.

Ideally though there would be an output of validTo and validFrom that had proper JavaScript Date objects. That would make it possible to warn about expiry etc. in an easier way before it even happens.