diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2016-10-17 11:56:58 -0700 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2016-11-23 08:35:22 -0800 |
commit | fd644f51f8bbd76818bfd9f30c8d2f3168683b7a (patch) | |
tree | 8d64339bc885e9960e70b4830ccb32692302258b /test/parallel/test-tls-env-extra-ca.js | |
parent | 213134f66dc3b6252aa19adbf2be6360d38cc707 (diff) | |
download | android-node-v8-fd644f51f8bbd76818bfd9f30c8d2f3168683b7a.tar.gz android-node-v8-fd644f51f8bbd76818bfd9f30c8d2f3168683b7a.tar.bz2 android-node-v8-fd644f51f8bbd76818bfd9f30c8d2f3168683b7a.zip |
crypto: allow adding extra certs to well-known CAs
In closed environments, self-signed or privately signed certificates are
commonly used, and rejected by Node.js since their root CAs are not
well-known. Allow extending the set of well-known compiled-in CAs via
environment, so they can be set as a matter of policy.
PR-URL: https://github.com/nodejs/node/pull/9139
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Diffstat (limited to 'test/parallel/test-tls-env-extra-ca.js')
-rw-r--r-- | test/parallel/test-tls-env-extra-ca.js | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/test/parallel/test-tls-env-extra-ca.js b/test/parallel/test-tls-env-extra-ca.js new file mode 100644 index 0000000000..12e3272bd4 --- /dev/null +++ b/test/parallel/test-tls-env-extra-ca.js @@ -0,0 +1,45 @@ +// Certs in NODE_EXTRA_CA_CERTS are used for TLS peer validation + +'use strict'; +const common = require('../common'); + +if (!common.hasCrypto) { + common.skip('missing crypto'); + return; +} + +const assert = require('assert'); +const tls = require('tls'); +const fork = require('child_process').fork; +const fs = require('fs'); + +if (process.env.CHILD) { + const copts = { + port: process.env.PORT, + checkServerIdentity: function() {}, + }; + const client = tls.connect(copts, function() { + client.end('hi'); + }); + return; +} + +const options = { + key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'), +}; + +const server = tls.createServer(options, function(s) { + s.end('bye'); + server.close(); +}).listen(0, common.mustCall(function() { + const env = { + CHILD: 'yes', + PORT: this.address().port, + NODE_EXTRA_CA_CERTS: common.fixturesDir + '/keys/ca1-cert.pem', + }; + + fork(__filename, {env: env}).on('exit', common.mustCall(function(status) { + assert.equal(status, 0, 'client did not succeed in connecting'); + })); +})); |