test/parallel/test-tls-set-default-ca-certificates-append-https-request.js - external/github.com/v8/node - Git at Google

 'use strict';

 // This tests appending certificates to existing defaults should work correctly
 // with https.request().

 const common = require('../common');
 if (!common.hasCrypto) common.skip('missing crypto');

 const assert = require('assert');
 const https = require('https');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');
 const { includesCert } = require('../common/tls');

 const bundledCerts = tls.getCACertificates('bundled');
 const fixtureCert = fixtures.readKey('fake-startcom-root-cert.pem');
 if (includesCert(bundledCerts, fixtureCert)) {
   common.skip('fake-startcom-root-cert is already in bundled certificates, skipping test');
 }

 // Test HTTPS connection fails with bundled CA, succeeds after adding custom CA
 const server = https.createServer({
   cert: fixtures.readKey('agent8-cert.pem'),
   key: fixtures.readKey('agent8-key.pem'),
 }, (req, res) => {
   res.writeHead(200);
   res.end('success');
 });

 server.listen(0, common.mustCall(() => {
   const port = server.address().port;

   // Set to bundled CA certificates - connection should fail
   tls.setDefaultCACertificates(bundledCerts);

   const req1 = https.request({
     hostname: 'localhost',
     port: port,
     path: '/',
     method: 'GET'
   }, common.mustNotCall('Should not succeed with bundled CA only'));

   req1.on('error', common.mustCall((err) => {
     console.log(err);
     // Should fail with certificate verification error
     assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');

     // Now add the fake-startcom-root-cert to bundled certs - connection should succeed
     tls.setDefaultCACertificates([...bundledCerts, fixtureCert]);

     const req2 = https.request({
       hostname: 'localhost',
       port: port,
       path: '/',
       method: 'GET'
     }, common.mustCall((res) => {
       assert.strictEqual(res.statusCode, 200);
       let data = '';
       res.on('data', (chunk) => data += chunk);
       res.on('end', common.mustCall(() => {
         assert.strictEqual(data, 'success');
         server.close();
       }));
     }));

     req2.on('error', common.mustNotCall('Should not error with correct CA added'));
     req2.end();
   }));

   req1.end();
 }));
	'use strict';

	// This tests appending certificates to existing defaults should work correctly
	// with https.request().

	const common = require('../common');
	if (!common.hasCrypto) common.skip('missing crypto');

	const assert = require('assert');
	const https = require('https');
	const tls = require('tls');
	const fixtures = require('../common/fixtures');
	const { includesCert } = require('../common/tls');

	const bundledCerts = tls.getCACertificates('bundled');
	const fixtureCert = fixtures.readKey('fake-startcom-root-cert.pem');
	if (includesCert(bundledCerts, fixtureCert)) {
	common.skip('fake-startcom-root-cert is already in bundled certificates, skipping test');
	}

	// Test HTTPS connection fails with bundled CA, succeeds after adding custom CA
	const server = https.createServer({
	cert: fixtures.readKey('agent8-cert.pem'),
	key: fixtures.readKey('agent8-key.pem'),
	}, (req, res) => {
	res.writeHead(200);
	res.end('success');
	});

	server.listen(0, common.mustCall(() => {
	const port = server.address().port;

	// Set to bundled CA certificates - connection should fail
	tls.setDefaultCACertificates(bundledCerts);

	const req1 = https.request({
	hostname: 'localhost',
	port: port,
	path: '/',
	method: 'GET'
	}, common.mustNotCall('Should not succeed with bundled CA only'));

	req1.on('error', common.mustCall((err) => {
	console.log(err);
	// Should fail with certificate verification error
	assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');

	// Now add the fake-startcom-root-cert to bundled certs - connection should succeed
	tls.setDefaultCACertificates([...bundledCerts, fixtureCert]);

	const req2 = https.request({
	hostname: 'localhost',
	port: port,
	path: '/',
	method: 'GET'
	}, common.mustCall((res) => {
	assert.strictEqual(res.statusCode, 200);
	let data = '';
	res.on('data', (chunk) => data += chunk);
	res.on('end', common.mustCall(() => {
	assert.strictEqual(data, 'success');
	server.close();
	}));
	}));

	req2.on('error', common.mustNotCall('Should not error with correct CA added'));
	req2.end();
	}));

	req1.end();
	}));