| 'use strict'; |
| const common = require('../common'); |
| const fixtures = require('../common/fixtures'); |
| |
| // Adding a CA certificate to contextWithCert should not also add it to |
| // contextWithoutCert. This is tested by trying to connect to a server that |
| // depends on that CA using contextWithoutCert. |
| |
| const { |
| assert, connect, keys, tls |
| } = require(fixtures.path('tls-connect')); |
| |
| const contextWithoutCert = tls.createSecureContext({}); |
| const contextWithCert = tls.createSecureContext({}); |
| contextWithCert.context.addCACert(keys.agent1.ca); |
| |
| const serverOptions = { |
| key: keys.agent1.key, |
| cert: keys.agent1.cert, |
| }; |
| |
| const clientOptions = { |
| ca: [keys.agent1.ca], |
| servername: 'agent1', |
| rejectUnauthorized: true, |
| }; |
| |
| // This client should fail to connect because it doesn't trust the CA |
| // certificate. |
| clientOptions.secureContext = contextWithoutCert; |
| |
| connect({ |
| client: clientOptions, |
| server: serverOptions, |
| }, common.mustCall((err, pair, cleanup) => { |
| assert(err); |
| assert.strictEqual(err.message, 'unable to verify the first certificate'); |
| cleanup(); |
| |
| // This time it should connect because contextWithCert includes the needed CA |
| // certificate. |
| clientOptions.secureContext = contextWithCert; |
| connect({ |
| client: clientOptions, |
| server: serverOptions, |
| }, common.mustCall((err, pair, cleanup) => { |
| assert.ifError(err); |
| cleanup(); |
| })); |
| })); |
