summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--test/parallel/test-tls-cert-chains-concat.js50
-rw-r--r--test/parallel/test-tls-cert-chains-in-ca.js46
2 files changed, 96 insertions, 0 deletions
diff --git a/test/parallel/test-tls-cert-chains-concat.js b/test/parallel/test-tls-cert-chains-concat.js
new file mode 100644
index 0000000000..d53edef898
--- /dev/null
+++ b/test/parallel/test-tls-cert-chains-concat.js
@@ -0,0 +1,50 @@
+'use strict';
+const common = require('../common');
+
+// Check cert chain is received by client, and is completed with the ca cert
+// known to the client.
+
+const join = require('path').join;
+const {
+ assert, connect, debug, keys
+} = require(join(common.fixturesDir, 'tls-connect'))();
+
+// agent6-cert.pem includes cert for agent6 and ca3
+connect({
+ client: {
+ checkServerIdentity: (servername, cert) => { },
+ ca: keys.agent6.ca,
+ },
+ server: {
+ cert: keys.agent6.cert,
+ key: keys.agent6.key,
+ },
+}, function(err, pair, cleanup) {
+ assert.ifError(err);
+
+ const peer = pair.client.conn.getPeerCertificate();
+ debug('peer:\n', peer);
+ assert.strictEqual(peer.subject.emailAddress, 'adam.lippai@tresorit.com');
+ assert.strictEqual(peer.subject.CN, 'Ádám Lippai'),
+ assert.strictEqual(peer.issuer.CN, 'ca3');
+ assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');
+
+ const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
+ const root = next.issuerCertificate;
+ delete next.issuerCertificate;
+ debug('next:\n', next);
+ assert.strictEqual(next.subject.CN, 'ca3');
+ assert.strictEqual(next.issuer.CN, 'ca1');
+ assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');
+
+ debug('root:\n', root);
+ assert.strictEqual(root.subject.CN, 'ca1');
+ assert.strictEqual(root.issuer.CN, 'ca1');
+ assert.strictEqual(root.serialNumber, '8DF21C01468AF393');
+
+ // No client cert, so empty object returned.
+ assert.deepStrictEqual(pair.server.conn.getPeerCertificate(), {});
+ assert.deepStrictEqual(pair.server.conn.getPeerCertificate(true), {});
+
+ return cleanup();
+});
diff --git a/test/parallel/test-tls-cert-chains-in-ca.js b/test/parallel/test-tls-cert-chains-in-ca.js
new file mode 100644
index 0000000000..69f62c3f72
--- /dev/null
+++ b/test/parallel/test-tls-cert-chains-in-ca.js
@@ -0,0 +1,46 @@
+'use strict';
+const common = require('../common');
+
+// Check cert chain is received by client, and is completed with the ca cert
+// known to the client.
+
+const join = require('path').join;
+const {
+ assert, connect, debug, keys
+} = require(join(common.fixturesDir, 'tls-connect'))();
+
+
+// agent6-cert.pem includes cert for agent6 and ca3, split it apart and
+// provide ca3 in the .ca property.
+const agent6Chain = keys.agent6.cert.split('-----END CERTIFICATE-----')
+ .map((c) => { return c + '-----END CERTIFICATE-----'; });
+const agent6End = agent6Chain[0];
+const agent6Middle = agent6Chain[1];
+connect({
+ client: {
+ checkServerIdentity: (servername, cert) => { },
+ ca: keys.agent6.ca,
+ },
+ server: {
+ cert: agent6End,
+ key: keys.agent6.key,
+ ca: agent6Middle,
+ },
+}, function(err, pair, cleanup) {
+ assert.ifError(err);
+
+ const peer = pair.client.conn.getPeerCertificate();
+ debug('peer:\n', peer);
+ assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');
+
+ const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
+ const root = next.issuerCertificate;
+ delete next.issuerCertificate;
+ debug('next:\n', next);
+ assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');
+
+ debug('root:\n', root);
+ assert.strictEqual(root.serialNumber, '8DF21C01468AF393');
+
+ return cleanup();
+});
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 02:54:27 +0000