nodejs-mozilla/test/internet/test-tls-add-ca-cert.js

55 lines
1.3 KiB
JavaScript

'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
// Test interaction of compiled-in CAs with user-provided CAs.
const assert = require('assert');
const fs = require('fs');
const fixtures = require('../common/fixtures');
const tls = require('tls');
function filenamePEM(n) {
return fixtures.path('keys', `${n}.pem`);
}
function loadPEM(n) {
return fs.readFileSync(filenamePEM(n));
}
const caCert = loadPEM('ca1-cert');
const opts = {
host: 'www.nodejs.org',
port: 443,
rejectUnauthorized: true
};
// Success relies on the compiled in well-known root CAs
tls.connect(opts, common.mustCall(end));
// The .ca option replaces the well-known roots, so connection fails.
opts.ca = caCert;
tls.connect(opts, fail).on('error', common.mustCall((err) => {
assert.strictEqual(err.message, 'unable to get local issuer certificate');
}));
function fail() {
assert.fail('should fail to connect');
}
// New secure contexts have the well-known root CAs.
opts.secureContext = tls.createSecureContext();
tls.connect(opts, common.mustCall(end));
// Explicit calls to addCACert() add to the default well-known roots, instead
// of replacing, so connection still succeeds.
opts.secureContext.context.addCACert(caCert);
tls.connect(opts, common.mustCall(end));
function end() {
this.end();
}