test/parallel/test-tls-set-default-ca-certificates-reset-https-request.js - external/github.com/v8/node - Git at Google

 'use strict';

 // This tests that tls.setDefaultCACertificates() affects actual HTTPS connections

 const common = require('../common');
 if (!common.hasCrypto) common.skip('missing crypto');

 const assert = require('assert');
 const https = require('https');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');

 // Test HTTPS connection succeeds with proper CA, fails after removing it
 const server = https.createServer({
   cert: fixtures.readKey('agent8-cert.pem'),
   key: fixtures.readKey('agent8-key.pem'),
 }, common.mustCall((req, res) => {
   res.writeHead(200);
   res.end('hello world');
 }, 1));

 server.listen(0, common.mustCall(() => {
   const port = server.address().port;

   // First, set the correct CA certificate - connection should succeed.
   tls.setDefaultCACertificates([fixtures.readKey('fake-startcom-root-cert.pem')]);

   const req1 = https.request({
     hostname: 'localhost',
     port: port,
     path: '/',
     method: 'GET'
   }, common.mustCall((res) => {
     assert.strictEqual(res.statusCode, 200);
     let data = '';
     res.on('data', (chunk) => data += chunk);
     res.on('end', common.mustCall(() => {
       assert.strictEqual(data, 'hello world');

       // Now set empty CA store - connection should fail.
       tls.setDefaultCACertificates([]);

       const req2 = https.request({
         hostname: '127.0.0.1',  // Use a different hostname to skip session cache.
         port: port,
         path: '/',
         method: 'GET'
       }, common.mustNotCall('Should not succeed with empty CA'));

       req2.on('error', common.mustCall((err) => {
         // Should fail with certificate verification error.
         assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
         server.close();
       }));

       req2.end();
     }));
   }));

   req1.on('error', common.mustNotCall('Should not error with correct CA'));
   req1.end();
 }));
	'use strict';

	// This tests that tls.setDefaultCACertificates() affects actual HTTPS connections

	const common = require('../common');
	if (!common.hasCrypto) common.skip('missing crypto');

	const assert = require('assert');
	const https = require('https');
	const tls = require('tls');
	const fixtures = require('../common/fixtures');

	// Test HTTPS connection succeeds with proper CA, fails after removing it
	const server = https.createServer({
	cert: fixtures.readKey('agent8-cert.pem'),
	key: fixtures.readKey('agent8-key.pem'),
	}, common.mustCall((req, res) => {
	res.writeHead(200);
	res.end('hello world');
	}, 1));

	server.listen(0, common.mustCall(() => {
	const port = server.address().port;

	// First, set the correct CA certificate - connection should succeed.
	tls.setDefaultCACertificates([fixtures.readKey('fake-startcom-root-cert.pem')]);

	const req1 = https.request({
	hostname: 'localhost',
	port: port,
	path: '/',
	method: 'GET'
	}, common.mustCall((res) => {
	assert.strictEqual(res.statusCode, 200);
	let data = '';
	res.on('data', (chunk) => data += chunk);
	res.on('end', common.mustCall(() => {
	assert.strictEqual(data, 'hello world');

	// Now set empty CA store - connection should fail.
	tls.setDefaultCACertificates([]);

	const req2 = https.request({
	hostname: '127.0.0.1', // Use a different hostname to skip session cache.
	port: port,
	path: '/',
	method: 'GET'
	}, common.mustNotCall('Should not succeed with empty CA'));

	req2.on('error', common.mustCall((err) => {
	// Should fail with certificate verification error.
	assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
	server.close();
	}));

	req2.end();
	}));
	}));

	req1.on('error', common.mustNotCall('Should not error with correct CA'));
	req1.end();
	}));