http{/,s} git server
git clone http://git.nthia.dev/qwgit
const tls = require('tls')
const { X509Certificate } = require('crypto')
let rootFingerprints = new Set
tls.rootCertificates.forEach(rpem => {
let c = new X509Certificate(rpem)
rootFingerprints.add(c.fingerprint512)
})
module.exports = function checkCertChain(cert) {
let cursor = cert.issuerCertificate
let length = 0
while (cursor) {
if (rootFingerprints.has(cursor.fingerprint512)) return null
if (length++ >= 20) return new Error('certificate chain too long to verify')
if (cursor === cursor.issuerCertificate) return new Error('self-signed certificate')
cursor = cursor.issuerCertificate
}
return new Error('certificate issuer not found in certificate chain')
}