From 472baec1ff7d17ca8dbea409eb7a23d7820208bb Mon Sep 17 00:00:00 2001
From: Michael Lumish <mlumish@google.com>
Date: Mon, 15 Nov 2021 10:53:31 -0800
Subject: [PATCH] grpc-js: Provide full certificate in checkServerIdentity
 callback

---
 packages/grpc-js/src/channel-credentials.ts | 25 +++++----------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/packages/grpc-js/src/channel-credentials.ts b/packages/grpc-js/src/channel-credentials.ts
index 675e9162..c501692c 100644
--- a/packages/grpc-js/src/channel-credentials.ts
+++ b/packages/grpc-js/src/channel-credentials.ts
@@ -27,16 +27,6 @@ function verifyIsBufferOrNull(obj: any, friendlyName: string): void {
   }
 }
 
-/**
- * A certificate as received by the checkServerIdentity callback.
- */
-export interface Certificate {
-  /**
-   * The raw certificate in DER form.
-   */
-  raw: Buffer;
-}
-
 /**
  * A callback that will receive the expected hostname and presented peer
  * certificate as parameters. The callback should return an error to
@@ -45,7 +35,7 @@ export interface Certificate {
  */
 export type CheckServerIdentityCallback = (
   hostname: string,
-  cert: Certificate
+  cert: PeerCertificate
 ) => Error | undefined;
 
 function bufferOrNullEqual(buf1: Buffer | null, buf2: Buffer | null) {
@@ -192,15 +182,10 @@ class SecureChannelCredentialsImpl extends ChannelCredentials {
       cert: certChain || undefined,
       ciphers: CIPHER_SUITES,
     });
-    this.connectionOptions = { secureContext };
-    if (verifyOptions && verifyOptions.checkServerIdentity) {
-      this.connectionOptions.checkServerIdentity = (
-        host: string,
-        cert: PeerCertificate
-      ) => {
-        return verifyOptions.checkServerIdentity!(host, { raw: cert.raw });
-      };
-    }
+    this.connectionOptions = { 
+      secureContext,
+      checkServerIdentity: verifyOptions?.checkServerIdentity
+    };
   }
 
   compose(callCredentials: CallCredentials): ChannelCredentials {