tls: add serialNumber to getPeerCertificate()

Add a 'serialNumber' property to the object that is returned by
tls.CryptoStream#getPeerCertificate().  Contains the certificate's
serial number encoded as a hex string.  The format is identical to
`openssl x509 -serial -in path/to/certificate`.

Fixes #6583.

2 files changed, 12 insertions, 0 deletions

diff --git a/src/env.h b/src/env.h
index 81286842a..5cf414b5d 100644
--- a/src/env.h
+++ b/src/env.h
@@ -111,6 +111,7 @@ namespace node {
   V(rdev_string, "rdev")                                                      \
   V(rename_string, "rename")                                                  \
   V(rss_string, "rss")                                                        \
+  V(serial_number_string, "serialNumber")                                     \
   V(servername_string, "servername")                                          \
   V(session_id_string, "sessionId")                                           \
   V(should_keep_alive_string, "shouldKeepAlive")                              \
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 4f6f17edb..f1d3bd449 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -1066,6 +1066,17 @@ void SSLWrap<Base>::GetPeerCertificate(
       info->Set(env->ext_key_usage_string(), ext_key_usage);
     }
 
+    if (ASN1_INTEGER* serial_number = X509_get_serialNumber(peer_cert)) {
+      if (BIGNUM* bn = ASN1_INTEGER_to_BN(serial_number, NULL)) {
+        if (char* buf = BN_bn2hex(bn)) {
+          info->Set(env->serial_number_string(),
+                    OneByteString(node_isolate, buf));
+          OPENSSL_free(buf);
+        }
+        BN_free(bn);
+      }
+    }
+
     X509_free(peer_cert);
   }