'use strict';
const common = require('../common');
const assert = require('assert');

if (!common.hasCrypto)
  common.skip('missing crypto');

const https = require('https');
const fixtures = require('../common/fixtures');

const options = {
  key: fixtures.readKey('agent1-key.pem'),

  // NOTE: Certificate Common Name is 'agent1'
  cert: fixtures.readKey('agent1-cert.pem'),

  // NOTE: TLS 1.3 creates new session ticket **after** handshake so
  // `getSession()` output will be different even if the session was reused
  // during the handshake.
  secureProtocol: 'TLSv1_2_method'
};

const ca = [ fixtures.readKey('ca1-cert.pem') ];

const server = https.createServer(options, function(req, res) {
  res.end('ok');
}).listen(0, common.mustCall(function() {
  const port = this.address().port;

  const req = https.get({
    port,
    path: '/',
    ca,
    servername: 'nodejs.org',
  }, common.mustNotCall(() => {}));

  req.on('error', common.mustCall((err) => {
    assert.strictEqual(
      err.message,
      'Hostname/IP does not match certificate\'s altnames: ' +
        'Host: nodejs.org. is not cert\'s CN: agent1');

    const second = https.get({
      port,
      path: '/',
      ca,
      servername: 'nodejs.org',
    }, common.mustNotCall(() => {}));

    second.on('error', common.mustCall((err) => {
      server.close();

      assert.strictEqual(
        err.message,
        'Hostname/IP does not match certificate\'s altnames: ' +
          'Host: nodejs.org. is not cert\'s CN: agent1');
    }));
  }));
}));