mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
dc875438a3
Remove the CNNIC certificates again and remove the whitelist from commit
3beb88071
("crypto: add cert check to CNNIC Whitelist") from June 2015.
PR-URL: https://github.com/nodejs/node/pull/19322
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
85 lines
2.0 KiB
JavaScript
85 lines
2.0 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const assert = require('assert');
|
|
const tls = require('tls');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
let finished = 0;
|
|
|
|
function loadPEM(n) {
|
|
return fixtures.readKey(`${n}.pem`);
|
|
}
|
|
|
|
const testCases = [
|
|
{ // agent8 is signed by fake-startcom-root with notBefore of
|
|
// Oct 20 23:59:59 2016 GMT. It passes StartCom/WoSign check.
|
|
serverOpts: {
|
|
key: loadPEM('agent8-key'),
|
|
cert: loadPEM('agent8-cert')
|
|
},
|
|
clientOpts: {
|
|
ca: loadPEM('fake-startcom-root-cert'),
|
|
port: undefined,
|
|
rejectUnauthorized: true
|
|
},
|
|
errorCode: 'CERT_REVOKED'
|
|
},
|
|
{ // agent9 is signed by fake-startcom-root with notBefore of
|
|
// Oct 21 00:00:01 2016 GMT. It fails StartCom/WoSign check.
|
|
serverOpts: {
|
|
key: loadPEM('agent9-key'),
|
|
cert: loadPEM('agent9-cert')
|
|
},
|
|
clientOpts: {
|
|
ca: loadPEM('fake-startcom-root-cert'),
|
|
port: undefined,
|
|
rejectUnauthorized: true
|
|
},
|
|
errorCode: 'CERT_REVOKED'
|
|
}
|
|
];
|
|
|
|
|
|
function runNextTest(server, tindex) {
|
|
server.close(function() {
|
|
finished++;
|
|
runTest(tindex + 1);
|
|
});
|
|
}
|
|
|
|
|
|
function runTest(tindex) {
|
|
const tcase = testCases[tindex];
|
|
|
|
if (!tcase) return;
|
|
|
|
const server = tls.createServer(tcase.serverOpts, function(s) {
|
|
s.resume();
|
|
}).listen(0, function() {
|
|
tcase.clientOpts.port = this.address().port;
|
|
const client = tls.connect(tcase.clientOpts);
|
|
client.on('error', function(e) {
|
|
assert.strictEqual(e.code, tcase.errorCode);
|
|
runNextTest(server, tindex);
|
|
});
|
|
|
|
client.on('secureConnect', function() {
|
|
// agent8 can pass StartCom/WoSign check so that the secureConnect
|
|
// is established.
|
|
assert.strictEqual(tcase.errorCode, 'CERT_REVOKED');
|
|
client.end();
|
|
runNextTest(server, tindex);
|
|
});
|
|
});
|
|
}
|
|
|
|
|
|
runTest(0);
|
|
|
|
process.on('exit', function() {
|
|
assert.strictEqual(finished, testCases.length);
|
|
});
|