mirror of
https://github.com/nodejs/node.git
synced 2025-05-06 21:25:20 +00:00
99b0c2e7a7
TLS connection setup boilerplate is common to many TLS tests, factor it into a test fixture so tests are clearer to read and faster to write. PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
51 lines
1.3 KiB
JavaScript
51 lines
1.3 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
|
|
// Adding a CA certificate to contextWithCert should not also add it to
|
|
// contextWithoutCert. This is tested by trying to connect to a server that
|
|
// depends on that CA using contextWithoutCert.
|
|
|
|
const join = require('path').join;
|
|
const {
|
|
assert, connect, keys, tls
|
|
} = require(join(common.fixturesDir, 'tls-connect'))();
|
|
|
|
const contextWithoutCert = tls.createSecureContext({});
|
|
const contextWithCert = tls.createSecureContext({});
|
|
contextWithCert.context.addCACert(keys.agent1.ca);
|
|
|
|
const serverOptions = {
|
|
key: keys.agent1.key,
|
|
cert: keys.agent1.cert,
|
|
};
|
|
|
|
const clientOptions = {
|
|
ca: [keys.agent1.ca],
|
|
servername: 'agent1',
|
|
rejectUnauthorized: true,
|
|
};
|
|
|
|
// This client should fail to connect because it doesn't trust the CA
|
|
// certificate.
|
|
clientOptions.secureContext = contextWithoutCert;
|
|
|
|
connect({
|
|
client: clientOptions,
|
|
server: serverOptions,
|
|
}, function(err, pair, cleanup) {
|
|
assert(err);
|
|
assert.strictEqual(err.message, 'unable to verify the first certificate');
|
|
cleanup();
|
|
|
|
// This time it should connect because contextWithCert includes the needed CA
|
|
// certificate.
|
|
clientOptions.secureContext = contextWithCert;
|
|
connect({
|
|
client: clientOptions,
|
|
server: serverOptions,
|
|
}, function(err, pair, cleanup) {
|
|
assert.ifError(err);
|
|
cleanup();
|
|
});
|
|
});
|