jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-14 06:21:00 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
ec6b7939eb
node/test/parallel/test-tls-pfx-authorizationerror.js
Sam Roberts ec6b7939eb test: add independent multi-alg crypto identities 
agent6 was the only cert that had a chain (an intermediate certificate),
and there were no non-RSA certs other than a single self-signed one.
This makes it impossible to test cert-chain scenarios with multiple
identities which require chains to prove chain completion, and
multi-algorithm because OpenSSL doesn't support multiple identities
unless they are multi-algorithm.

PFX files were also missing for most identities, making it difficult to
test multi-PFX and PFX interactions with cert-chain+key and CA options.

New server cert chains:

- ECC: ca5 signs ca6 signs ec10, CN=agent10.example.com
- RSA: ca2 signs ca4 signs agent10, CN=agent10.example.com

PFX added for:

- agent6
- agent10
- ec10

All pem and pfx regenerated from scratch to test that the Makefile is
actually working as intended.

PR-URL: https://github.com/nodejs/node/pull/24374
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
2018-11-16 17:00:37 -08:00

47 lines
1.2 KiB
JavaScript
Raw Blame History

'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('node compiled without crypto.');
const fixtures = require('../common/fixtures');
// This test ensures that TLS does not fail to read a self-signed certificate
// and thus throw an `authorizationError`.
// https://github.com/nodejs/node/issues/5100
const assert = require('assert');
const tls = require('tls');
const pfx = fixtures.readKey('agent1.pfx');
const server = tls
.createServer(
{
pfx: pfx,
passphrase: 'sample',
requestCert: true,
rejectUnauthorized: false
},
common.mustCall(function(c) {
assert.strictEqual(c.getPeerCertificate().serialNumber,
'ECC9B856270DA9A8');
assert.strictEqual(c.authorizationError, null);
c.end();
})
)
.listen(0, function() {
const client = tls.connect(
{
port: this.address().port,
pfx: pfx,
passphrase: 'sample',
rejectUnauthorized: false
},
function() {
assert.strictEqual(client.getCertificate().serialNumber,
'ECC9B856270DA9A8');
client.end();
server.close();
}
);
});
Reference in New Issue View Git Blame Copy Permalink