1// Flags: --security-revert=CVE-2021-44531 2'use strict'; 3const common = require('../common'); 4 5if (!common.hasCrypto) 6 common.skip('missing crypto'); 7 8const assert = require('assert'); 9const util = require('util'); 10 11const tls = require('tls'); 12 13common.expectWarning('DeprecationWarning', [ 14 ['The URI http://[a.b.a.com]/ found in cert.subjectaltname ' + 15 'is not a valid URI, and is supported in the tls module ' + 16 'solely for compatibility.', 17 'DEP0109'], 18]); 19 20const tests = [ 21 // Likewise for "URI:" Subject Alternative Names. 22 // See also https://github.com/nodejs/node/issues/8108. 23 { 24 host: '8.8.8.8', 25 cert: { subject: { CN: '8.8.8.8' }, subjectaltname: 'URI:http://8.8.8.8/' }, 26 error: 'IP: 8.8.8.8 is not in the cert\'s list: ' 27 }, 28 // Empty Subject w/URI name 29 { 30 host: 'a.b.a.com', cert: { 31 subjectaltname: 'URI:http://a.b.a.com/', 32 } 33 }, 34 // URI names 35 { 36 host: 'a.b.a.com', cert: { 37 subjectaltname: 'URI:http://a.b.a.com/', 38 subject: {} 39 } 40 }, 41 { 42 host: 'a.b.a.com', cert: { 43 subjectaltname: 'URI:http://*.b.a.com/', 44 subject: {} 45 }, 46 error: 'Host: a.b.a.com. is not in the cert\'s altnames: ' + 47 'URI:http://*.b.a.com/' 48 }, 49 // Invalid URI 50 { 51 host: 'a.b.a.com', cert: { 52 subjectaltname: 'URI:http://[a.b.a.com]/', 53 subject: {} 54 } 55 }, 56]; 57 58tests.forEach(function(test, i) { 59 const err = tls.checkServerIdentity(test.host, test.cert); 60 assert.strictEqual(err && err.reason, 61 test.error, 62 `Test# ${i} failed: ${util.inspect(test)} \n` + 63 `${test.error} != ${(err && err.reason)}`); 64}); 65