blob: e08e93013f6acaa3772c462c149f920924fff020 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
// Flags: --use-bundled-ca
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
function loadPEM(n) {
return fixtures.readKey(`${n}.pem`);
}
const testCases = [
// Test 1: for the fix of node#2061
// agent6-cert.pem is signed by intermediate cert of ca3.
// The server has a cert chain of agent6->ca3->ca1(root) but
// tls.connect should be failed with an error of
// UNABLE_TO_GET_ISSUER_CERT_LOCALLY since the root CA of ca1 is not
// installed locally.
{
serverOpts: {
ca: loadPEM('ca3-key'),
key: loadPEM('agent6-key'),
cert: loadPEM('agent6-cert')
},
clientOpts: {
port: undefined,
rejectUnauthorized: true
},
errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}
];
function runTest(tindex) {
const tcase = testCases[tindex];
if (!tcase) return;
const server = tls.createServer(tcase.serverOpts, (s) => {
s.resume();
}).listen(0, common.mustCall(function() {
tcase.clientOpts.port = this.address().port;
const client = tls.connect(tcase.clientOpts);
client.on('error', common.mustCall((e) => {
assert.strictEqual(e.code, tcase.errorCode);
server.close(common.mustCall(() => {
runTest(tindex + 1);
}));
}));
}));
}
runTest(0);
|
