summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/helpers/validateCertificatePath.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/helpers/validateCertificatePath.ts')
-rw-r--r--packages/server/src/helpers/validateCertificatePath.ts13
1 files changed, 11 insertions, 2 deletions
diff --git a/packages/server/src/helpers/validateCertificatePath.ts b/packages/server/src/helpers/validateCertificatePath.ts
index 8cacb0b..77d7f77 100644
--- a/packages/server/src/helpers/validateCertificatePath.ts
+++ b/packages/server/src/helpers/validateCertificatePath.ts
@@ -59,8 +59,11 @@ async function _validatePath(certificates: string[]): Promise<boolean> {
const subjectCert = new X509();
subjectCert.readCertPEM(subjectPem);
+ const isLeafCert = i === 0;
+ const isRootCert = i + 1 >= certificates.length;
+
let issuerPem = '';
- if (i + 1 >= certificates.length) {
+ if (isRootCert) {
issuerPem = subjectPem;
} else {
issuerPem = certificates[i + 1];
@@ -82,7 +85,13 @@ async function _validatePath(certificates: string[]): Promise<boolean> {
const now = new Date(Date.now());
if (notBefore > now || notAfter < now) {
- throw new Error('Intermediate certificate is not yet valid or expired');
+ if (isLeafCert) {
+ throw new Error('Leaf certificate is not yet valid or expired');
+ } else if (isRootCert) {
+ throw new Error('Root certificate is not yet valid or expired');
+ } else {
+ throw new Error('Intermediate certificate is not yet valid or expired');
+ }
}
if (subjectCert.getIssuerString() !== issuerCert.getSubjectString()) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 02:22:11 +0000