diff --git a/doc/api/tls.md b/doc/api/tls.md index 877aee128ec14a..69cfae438b4470 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -688,6 +688,7 @@ The certificate may contain information about the public key, depending on the key type. For RSA keys, the following properties may be defined: +* `bits` {number} The RSA bit size. Example: `1024`. * `exponent` {string} The RSA exponent, as a string in hexadecimal number notation. Example: `'0x010001'`. * `modulus` {string} The RSA modulus, as a hexadecimal string. Example: diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 91583c18d97549..7e168c6fa4272b 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1685,6 +1685,10 @@ static Local X509ToObject(Environment* env, X509* cert) { mem->length).ToLocalChecked()).FromJust(); USE(BIO_reset(bio.get())); + int bits = BN_num_bits(n); + info->Set(context, env->bits_string(), + Integer::New(env->isolate(), bits)).FromJust(); + uint64_t exponent_word = static_cast(BN_get_word(e)); uint32_t lo = static_cast(exponent_word); uint32_t hi = static_cast(exponent_word >> 32); diff --git a/test/parallel/test-tls-peer-certificate.js b/test/parallel/test-tls-peer-certificate.js index 2a48665e4d9357..523638d4a39649 100644 --- a/test/parallel/test-tls-peer-certificate.js +++ b/test/parallel/test-tls-peer-certificate.js @@ -55,6 +55,11 @@ connect({ assert.strictEqual(peerCert.subject.emailAddress, 'ry@tinyclouds.org'); assert.strictEqual(peerCert.serialNumber, 'ECC9B856270DA9A8'); assert.strictEqual(peerCert.exponent, '0x10001'); + assert.strictEqual(peerCert.bits, 1024); + // The conversion to bits is odd because modulus isn't a buffer, its a hex + // string. There are two hex chars for every byte of modulus, and 8 bits per + // byte. + assert.strictEqual(peerCert.modulus.length / 2 * 8, peerCert.bits); assert.strictEqual( peerCert.fingerprint, 'D7:FD:F6:42:92:A8:83:51:8E:80:48:62:66:DA:85:C2:EE:A6:A1:CD'