diff options
| author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2017-02-27 18:50:59 +0900 |
|---|---|---|
| committer | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2017-03-10 17:17:28 +0900 |
| commit | dacaaa5fc0750fd41e9f4547d048b40bf28b7829 (patch) | |
| tree | e815517db942717dbf7731a924cb5f355ef6c7a4 /test/parallel/test-tls-0-dns-altname.js | |
| parent | b98004b79cc5c55922ecd03a4128ba0dfdd07f48 (diff) | |
| download | android-node-v8-dacaaa5fc0750fd41e9f4547d048b40bf28b7829.tar.gz android-node-v8-dacaaa5fc0750fd41e9f4547d048b40bf28b7829.tar.bz2 android-node-v8-dacaaa5fc0750fd41e9f4547d048b40bf28b7829.zip | |
test: add script to create 0-dns-cert.pem
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.
Added a script to create it with using `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.
The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.
Fixes: https://github.com/nodejs/node/issues/10228
PR-URL: https://github.com/nodejs/node/pull/11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'test/parallel/test-tls-0-dns-altname.js')
| -rw-r--r-- | test/parallel/test-tls-0-dns-altname.js | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/test/parallel/test-tls-0-dns-altname.js b/test/parallel/test-tls-0-dns-altname.js index 874dc6b235..483d256564 100644 --- a/test/parallel/test-tls-0-dns-altname.js +++ b/test/parallel/test-tls-0-dns-altname.js @@ -2,6 +2,8 @@ const common = require('../common'); const assert = require('assert'); +// Check getPeerCertificate can properly handle '\0' for fix CVE-2009-2408. + if (!common.hasCrypto) { common.skip('missing crypto'); return; @@ -11,8 +13,8 @@ const tls = require('tls'); const fs = require('fs'); const server = tls.createServer({ - key: fs.readFileSync(common.fixturesDir + '/keys/0-dns-key.pem'), - cert: fs.readFileSync(common.fixturesDir + '/keys/0-dns-cert.pem') + key: fs.readFileSync(common.fixturesDir + '/0-dns/0-dns-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/0-dns/0-dns-cert.pem') }, function(c) { c.once('data', function() { c.destroy(); @@ -24,11 +26,11 @@ const server = tls.createServer({ }, common.mustCall(function() { const cert = c.getPeerCertificate(); assert.strictEqual(cert.subjectaltname, - 'DNS:google.com\0.evil.com, ' + - 'DNS:just-another.com, ' + + 'DNS:good.example.org\0.evil.example.com, ' + + 'DNS:just-another.example.com, ' + 'IP Address:8.8.8.8, ' + 'IP Address:8.8.4.4, ' + - 'DNS:last.com'); + 'DNS:last.example.com'); c.write('ok'); })); })); |