mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
7485ad817a
Store loaded NODE_EXTRA_CA_CERTS into root_certs_vector, allowing them to be added to secure contexts when NewRootCertStore() is called, rather than losing them when unrelated options are provided. When NODE_EXTRA_CA_CERTS is specified, the root certificates (both bundled and extra) will no longer be preloaded at startup. This improves Node.js startup time and makes the behavior of NODE_EXTRA_CA_CERTS consistent with the default behavior when NODE_EXTRA_CA_CERTS is omitted. The original reason NODE_EXTRA_CA_CERTS were loaded at startup (issues #20432, #20434) was to prevent the environment variable from being changed at runtime. This change preserves the runtime consistency without actually having to load the certs at startup. Fixes: https://github.com/nodejs/node/issues/32010 Refs: https://github.com/nodejs/node/issues/40524 Refs: https://github.com/nodejs/node/pull/23354 PR-URL: https://github.com/nodejs/node/pull/44529 Reviewed-By: Tim Perry <pimterry@gmail.com>
83 lines
1.8 KiB
JavaScript
83 lines
1.8 KiB
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const assert = require('node:assert');
|
|
const tls = require('node:tls');
|
|
const { fork } = require('node:child_process');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
const tests = [
|
|
{
|
|
get clientOptions() {
|
|
const secureContext = tls.createSecureContext();
|
|
secureContext.context.addCACert(
|
|
fixtures.readKey('ca1-cert.pem')
|
|
);
|
|
|
|
return {
|
|
secureContext
|
|
};
|
|
}
|
|
},
|
|
{
|
|
clientOptions: {
|
|
crl: fixtures.readKey('ca2-crl.pem')
|
|
}
|
|
},
|
|
{
|
|
clientOptions: {
|
|
pfx: fixtures.readKey('agent1.pfx'),
|
|
passphrase: 'sample'
|
|
}
|
|
},
|
|
];
|
|
|
|
if (process.argv[2]) {
|
|
const testNumber = parseInt(process.argv[2], 10);
|
|
assert(testNumber >= 0 && testNumber < tests.length);
|
|
|
|
const test = tests[testNumber];
|
|
|
|
const clientOptions = {
|
|
...test.clientOptions,
|
|
port: process.argv[3],
|
|
checkServerIdentity: common.mustCall()
|
|
};
|
|
|
|
const client = tls.connect(clientOptions, common.mustCall(() => {
|
|
client.end('hi');
|
|
}));
|
|
} else {
|
|
const serverOptions = {
|
|
key: fixtures.readKey('agent3-key.pem'),
|
|
cert: fixtures.readKey('agent3-cert.pem')
|
|
};
|
|
|
|
for (const testNumber in tests) {
|
|
const server = tls.createServer(serverOptions, common.mustCall((socket) => {
|
|
socket.end('bye');
|
|
server.close();
|
|
}));
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const env = {
|
|
...process.env,
|
|
NODE_EXTRA_CA_CERTS: fixtures.path('keys', 'ca2-cert.pem')
|
|
};
|
|
|
|
const args = [
|
|
testNumber,
|
|
server.address().port,
|
|
];
|
|
|
|
fork(__filename, args, { env }).on('exit', common.mustCall((status) => {
|
|
assert.strictEqual(status, 0);
|
|
}));
|
|
}));
|
|
}
|
|
}
|