mirror of https://github.com/nodejs/node.git
72 lines
2.1 KiB
JavaScript
72 lines
2.1 KiB
JavaScript
'use strict';
|
|
|
|
// This tests appending certificates to existing defaults should work correctly
|
|
// with https.request().
|
|
|
|
const common = require('../common');
|
|
if (!common.hasCrypto) common.skip('missing crypto');
|
|
|
|
const assert = require('assert');
|
|
const https = require('https');
|
|
const tls = require('tls');
|
|
const fixtures = require('../common/fixtures');
|
|
const { includesCert } = require('../common/tls');
|
|
|
|
const bundledCerts = tls.getCACertificates('bundled');
|
|
const fixtureCert = fixtures.readKey('fake-startcom-root-cert.pem');
|
|
if (includesCert(bundledCerts, fixtureCert)) {
|
|
common.skip('fake-startcom-root-cert is already in bundled certificates, skipping test');
|
|
}
|
|
|
|
// Test HTTPS connection fails with bundled CA, succeeds after adding custom CA
|
|
const server = https.createServer({
|
|
cert: fixtures.readKey('agent8-cert.pem'),
|
|
key: fixtures.readKey('agent8-key.pem'),
|
|
}, (req, res) => {
|
|
res.writeHead(200);
|
|
res.end('success');
|
|
});
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const port = server.address().port;
|
|
|
|
// Set to bundled CA certificates - connection should fail
|
|
tls.setDefaultCACertificates(bundledCerts);
|
|
|
|
const req1 = https.request({
|
|
hostname: 'localhost',
|
|
port: port,
|
|
path: '/',
|
|
method: 'GET'
|
|
}, common.mustNotCall('Should not succeed with bundled CA only'));
|
|
|
|
req1.on('error', common.mustCall((err) => {
|
|
console.log(err);
|
|
// Should fail with certificate verification error
|
|
assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
|
|
|
|
// Now add the fake-startcom-root-cert to bundled certs - connection should succeed
|
|
tls.setDefaultCACertificates([...bundledCerts, fixtureCert]);
|
|
|
|
const req2 = https.request({
|
|
hostname: 'localhost',
|
|
port: port,
|
|
path: '/',
|
|
method: 'GET'
|
|
}, common.mustCall((res) => {
|
|
assert.strictEqual(res.statusCode, 200);
|
|
let data = '';
|
|
res.on('data', (chunk) => data += chunk);
|
|
res.on('end', common.mustCall(() => {
|
|
assert.strictEqual(data, 'success');
|
|
server.close();
|
|
}));
|
|
}));
|
|
|
|
req2.on('error', common.mustNotCall('Should not error with correct CA added'));
|
|
req2.end();
|
|
}));
|
|
|
|
req1.end();
|
|
}));
|