1'use strict'; 2const common = require('../common'); 3const fixtures = require('../common/fixtures'); 4 5// Adding a CA certificate to contextWithCert should not also add it to 6// contextWithoutCert. This is tested by trying to connect to a server that 7// depends on that CA using contextWithoutCert. 8 9const { 10 assert, connect, keys, tls 11} = require(fixtures.path('tls-connect')); 12 13const contextWithoutCert = tls.createSecureContext({}); 14const contextWithCert = tls.createSecureContext({}); 15contextWithCert.context.addCACert(keys.agent1.ca); 16 17const serverOptions = { 18 key: keys.agent1.key, 19 cert: keys.agent1.cert, 20}; 21 22const clientOptions = { 23 ca: [keys.agent1.ca], 24 servername: 'agent1', 25 rejectUnauthorized: true, 26}; 27 28// This client should fail to connect because it doesn't trust the CA 29// certificate. 30clientOptions.secureContext = contextWithoutCert; 31 32connect({ 33 client: clientOptions, 34 server: serverOptions, 35}, common.mustCall((err, pair, cleanup) => { 36 assert(err); 37 assert.strictEqual(err.message, 'unable to verify the first certificate'); 38 cleanup(); 39 40 // This time it should connect because contextWithCert includes the needed CA 41 // certificate. 42 clientOptions.secureContext = contextWithCert; 43 connect({ 44 client: clientOptions, 45 server: serverOptions, 46 }, common.mustSucceed((pair, cleanup) => { 47 cleanup(); 48 })); 49})); 50