| 'use strict'; |
| const common = require('../common'); |
| const fixtures = require('../common/fixtures'); |
| |
| // This test starts an https server and tries |
| // to connect to it using a self-signed certificate. |
| // This certificateĀ“s keyUsage does not include the keyCertSign |
| // bit, which used to crash node. The test ensures node |
| // will not crash. Key and certificate are from #37889. |
| // Note: This test assumes that the connection will succeed. |
| |
| if (!common.hasCrypto) |
| common.skip('missing crypto'); |
| |
| const crypto = require('crypto'); |
| |
| // See #37990 for details on why this is problematic with FIPS. |
| if (process.config.variables.openssl_is_fips) |
| common.skip('Skipping as test uses non-fips compliant EC curve'); |
| |
| // This test will fail for OpenSSL < 1.1.1h |
| const minOpenSSL = 269488271; |
| |
| if (crypto.constants.OPENSSL_VERSION_NUMBER < minOpenSSL) |
| common.skip('OpenSSL < 1.1.1h'); |
| |
| const https = require('https'); |
| const path = require('path'); |
| |
| const key = |
| fixtures.readKey(path.join('selfsigned-no-keycertsign', 'key.pem')); |
| |
| const cert = |
| fixtures.readKey(path.join('selfsigned-no-keycertsign', 'cert.pem')); |
| |
| const serverOptions = { |
| key: key, |
| cert: cert |
| }; |
| |
| // Start the server |
| const httpsServer = https.createServer(serverOptions, (req, res) => { |
| res.writeHead(200); |
| res.end('hello world\n'); |
| }); |
| httpsServer.listen(0); |
| |
| httpsServer.on('listening', () => { |
| // Once the server started listening, built the client config |
| // with the serverĀ“s used port |
| const clientOptions = { |
| hostname: '127.0.0.1', |
| port: httpsServer.address().port, |
| ca: cert |
| }; |
| // Try to connect |
| const req = https.request(clientOptions, common.mustCall((res) => { |
| httpsServer.close(); |
| })); |
| |
| req.on('error', common.mustNotCall()); |
| req.end(); |
| }); |
