mirror of https://gitee.com/openkylin/nodejs.git
60 lines
1.5 KiB
JavaScript
60 lines
1.5 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
const assert = require('assert');
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const https = require('https');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
const options = {
|
|
key: fixtures.readKey('agent1-key.pem'),
|
|
|
|
// NOTE: Certificate Common Name is 'agent1'
|
|
cert: fixtures.readKey('agent1-cert.pem'),
|
|
|
|
// NOTE: TLS 1.3 creates new session ticket **after** handshake so
|
|
// `getSession()` output will be different even if the session was reused
|
|
// during the handshake.
|
|
secureProtocol: 'TLSv1_2_method'
|
|
};
|
|
|
|
const ca = [ fixtures.readKey('ca1-cert.pem') ];
|
|
|
|
const server = https.createServer(options, function(req, res) {
|
|
res.end('ok');
|
|
}).listen(0, common.mustCall(function() {
|
|
const port = this.address().port;
|
|
|
|
const req = https.get({
|
|
port,
|
|
path: '/',
|
|
ca,
|
|
servername: 'nodejs.org',
|
|
}, common.mustNotCall(() => {}));
|
|
|
|
req.on('error', common.mustCall((err) => {
|
|
assert.strictEqual(
|
|
err.message,
|
|
'Hostname/IP does not match certificate\'s altnames: ' +
|
|
'Host: nodejs.org. is not cert\'s CN: agent1');
|
|
|
|
const second = https.get({
|
|
port,
|
|
path: '/',
|
|
ca,
|
|
servername: 'nodejs.org',
|
|
}, common.mustNotCall(() => {}));
|
|
|
|
second.on('error', common.mustCall((err) => {
|
|
server.close();
|
|
|
|
assert.strictEqual(
|
|
err.message,
|
|
'Hostname/IP does not match certificate\'s altnames: ' +
|
|
'Host: nodejs.org. is not cert\'s CN: agent1');
|
|
}));
|
|
}));
|
|
}));
|