1// Flags: --use-bundled-ca 2'use strict'; 3const common = require('../common'); 4 5if (!common.hasCrypto) 6 common.skip('missing crypto'); 7 8const assert = require('assert'); 9const tls = require('tls'); 10const fixtures = require('../common/fixtures'); 11 12function loadPEM(n) { 13 return fixtures.readKey(`${n}.pem`); 14} 15 16const testCases = [ 17 // Test 1: for the fix of node#2061 18 // agent6-cert.pem is signed by intermediate cert of ca3. 19 // The server has a cert chain of agent6->ca3->ca1(root) but 20 // tls.connect should be failed with an error of 21 // UNABLE_TO_GET_ISSUER_CERT_LOCALLY since the root CA of ca1 is not 22 // installed locally. 23 { 24 serverOpts: { 25 ca: loadPEM('ca3-key'), 26 key: loadPEM('agent6-key'), 27 cert: loadPEM('agent6-cert') 28 }, 29 clientOpts: { 30 port: undefined, 31 rejectUnauthorized: true 32 }, 33 errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' 34 }, 35]; 36 37function runTest(tindex) { 38 const tcase = testCases[tindex]; 39 40 if (!tcase) return; 41 42 const server = tls.createServer(tcase.serverOpts, (s) => { 43 s.resume(); 44 }).listen(0, common.mustCall(function() { 45 tcase.clientOpts.port = this.address().port; 46 const client = tls.connect(tcase.clientOpts); 47 client.on('error', common.mustCall((e) => { 48 assert.strictEqual(e.code, tcase.errorCode); 49 server.close(common.mustCall(() => { 50 runTest(tindex + 1); 51 })); 52 })); 53 })); 54} 55 56runTest(0); 57