diff options
author | Ouyang Yadong <oyydoibh@gmail.com> | 2018-10-09 08:51:15 -0400 |
---|---|---|
committer | Refael Ackermann <refack@gmail.com> | 2018-10-20 09:21:16 -0400 |
commit | 87719d792b855e4278dbd3ca209592d83e80ac37 (patch) | |
tree | a47ba9284ab85cec131ea8edc7def8e500b5ac8f /test | |
parent | 3e3ce225830c46fe49f45d7c741aec49d1ef0d2e (diff) | |
download | android-node-v8-87719d792b855e4278dbd3ca209592d83e80ac37.tar.gz android-node-v8-87719d792b855e4278dbd3ca209592d83e80ac37.tar.bz2 android-node-v8-87719d792b855e4278dbd3ca209592d83e80ac37.zip |
tls: load NODE_EXTRA_CA_CERTS at startup
This commit makes node load extra certificates at startup instead
of first use.
PR-URL: https://github.com/nodejs/node/pull/23354
Fixes: https://github.com/nodejs/node/issues/20434
Refs: https://github.com/nodejs/node/issues/20432
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'test')
-rw-r--r-- | test/parallel/test-tls-env-extra-ca-file-load.js | 40 | ||||
-rw-r--r-- | test/parallel/test-tls-env-extra-ca-no-crypto.js | 22 |
2 files changed, 62 insertions, 0 deletions
diff --git a/test/parallel/test-tls-env-extra-ca-file-load.js b/test/parallel/test-tls-env-extra-ca-file-load.js new file mode 100644 index 0000000000..fa97d7c0c6 --- /dev/null +++ b/test/parallel/test-tls-env-extra-ca-file-load.js @@ -0,0 +1,40 @@ +'use strict'; +// Flags: --expose-internals + +const common = require('../common'); + +if (!common.hasCrypto) + common.skip('missing crypto'); + +const assert = require('assert'); +const tls = require('tls'); +const fixtures = require('../common/fixtures'); +const { internalBinding } = require('internal/test/binding'); +const binding = internalBinding('crypto'); + +const { fork } = require('child_process'); + +// This test ensures that extra certificates are loaded at startup. +if (process.argv[2] !== 'child') { + if (process.env.CHILD_USE_EXTRA_CA_CERTS === 'yes') { + assert.strictEqual(binding.isExtraRootCertsFileLoaded(), true); + } else if (process.env.CHILD_USE_EXTRA_CA_CERTS === 'no') { + assert.strictEqual(binding.isExtraRootCertsFileLoaded(), false); + tls.createServer({}); + assert.strictEqual(binding.isExtraRootCertsFileLoaded(), false); + } +} else { + const NODE_EXTRA_CA_CERTS = fixtures.path('keys', 'ca1-cert.pem'); + const extendsEnv = (obj) => Object.assign({}, process.env, obj); + + [ + extendsEnv({ CHILD_USE_EXTRA_CA_CERTS: 'yes', NODE_EXTRA_CA_CERTS }), + extendsEnv({ CHILD_USE_EXTRA_CA_CERTS: 'no' }), + ].forEach((processEnv) => { + fork(__filename, ['child'], { env: processEnv }) + .on('exit', common.mustCall((status) => { + // client did not succeed in connecting + assert.strictEqual(status, 0); + })); + }); +} diff --git a/test/parallel/test-tls-env-extra-ca-no-crypto.js b/test/parallel/test-tls-env-extra-ca-no-crypto.js new file mode 100644 index 0000000000..06399c5d23 --- /dev/null +++ b/test/parallel/test-tls-env-extra-ca-no-crypto.js @@ -0,0 +1,22 @@ +'use strict'; +const common = require('../common'); +const fixtures = require('../common/fixtures'); +const assert = require('assert'); +const { fork } = require('child_process'); + +// This test ensures that trying to load extra certs won't throw even when +// there is no crypto support, i.e., built with "./configure --without-ssl". +if (process.argv[2] === 'child') { + // exit +} else { + const NODE_EXTRA_CA_CERTS = fixtures.path('keys', 'ca1-cert.pem'); + + fork( + __filename, + ['child'], + { env: Object.assign({}, process.env, { NODE_EXTRA_CA_CERTS }) }, + ).on('exit', common.mustCall(function(status) { + // client did not succeed in connecting + assert.strictEqual(status, 0); + })); +} |