1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
'use strict';
const common = require('../common');
const fixtures = require('../common/fixtures');
// Adding a CA certificate to contextWithCert should not also add it to
// contextWithoutCert. This is tested by trying to connect to a server that
// depends on that CA using contextWithoutCert.
const {
assert, connect, keys, tls
} = require(fixtures.path('tls-connect'));
const contextWithoutCert = tls.createSecureContext({});
const contextWithCert = tls.createSecureContext({});
contextWithCert.context.addCACert(keys.agent1.ca);
const serverOptions = {
key: keys.agent1.key,
cert: keys.agent1.cert,
};
const clientOptions = {
ca: [keys.agent1.ca],
servername: 'agent1',
rejectUnauthorized: true,
};
// This client should fail to connect because it doesn't trust the CA
// certificate.
clientOptions.secureContext = contextWithoutCert;
connect({
client: clientOptions,
server: serverOptions,
}, common.mustCall((err, pair, cleanup) => {
assert(err);
assert.strictEqual(err.message, 'unable to verify the first certificate');
cleanup();
// This time it should connect because contextWithCert includes the needed CA
// certificate.
clientOptions.secureContext = contextWithCert;
connect({
client: clientOptions,
server: serverOptions,
}, common.mustCall((err, pair, cleanup) => {
assert.ifError(err);
cleanup();
}));
}));
|
