0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-30 07:27:22 +01:00
nodejs/test/internet/test-tls-add-ca-cert.js
Miguel Angel Asencio Hurtado 9a5c3cf185
test: continue normalizing fixtures use
PR-URL: https://github.com/nodejs/node/pull/14716
Refs: https://github.com/nodejs/node/pull/14332
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
2017-08-27 21:14:34 -03:00

55 lines
1.3 KiB
JavaScript

'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
// Test interaction of compiled-in CAs with user-provided CAs.
const assert = require('assert');
const fs = require('fs');
const fixtures = require('../common/fixtures');
const tls = require('tls');
function filenamePEM(n) {
return fixtures.path('keys', `${n}.pem`);
}
function loadPEM(n) {
return fs.readFileSync(filenamePEM(n));
}
const caCert = loadPEM('ca1-cert');
const opts = {
host: 'www.nodejs.org',
port: 443,
rejectUnauthorized: true
};
// Success relies on the compiled in well-known root CAs
tls.connect(opts, common.mustCall(end));
// The .ca option replaces the well-known roots, so connection fails.
opts.ca = caCert;
tls.connect(opts, fail).on('error', common.mustCall((err) => {
assert.strictEqual(err.message, 'unable to get local issuer certificate');
}));
function fail() {
assert.fail('should fail to connect');
}
// New secure contexts have the well-known root CAs.
opts.secureContext = tls.createSecureContext();
tls.connect(opts, common.mustCall(end));
// Explicit calls to addCACert() add to the default well-known roots, instead
// of replacing, so connection still succeeds.
opts.secureContext.context.addCACert(caCert);
tls.connect(opts, common.mustCall(end));
function end() {
this.end();
}