`getPeerX509Certificate()` supports getting chain of certificates

[vinayak-kukreja]

What is the problem this feature will solve?

Trying to verify if a certificate is a root certificate involves having the subject and the issuer as same in PeerCertificate and knowing the the certificate was signed by CA.
I see we can get a chain of certificates using getPeerCertificate(true) but it does not have a property to verify if ca: true like the X509Certificate.

What is the feature you are proposing to solve the problem?

Wondering if it would be possible to either include this property in PeerCertificate or allowing chaining in getPeerX509Certificate().

What alternatives have you considered?

I did not find a way to verify ca: true in PeerCertificate. Let me know if you believe this can be done with current chaining that is available.

[bnoordhuis]

#44935

[vinayak-kukreja]

Thank you for working on this, really appreciate it. :)
I see the PR has multiple approvals, is there a timeline followed for merging and deploying the change?

[jasnell]

PRs stay open a minimum of 48 hours in general and must pass CI before they can land.

[vinayak-kukreja]

Hey, following up here. When could it be possible to get this merged?

[vinayak-kukreja]

Hey, any updates about when the fix can be merged?