1// Certs in NODE_EXTRA_CA_CERTS are used for TLS peer validation 2 3'use strict'; 4const common = require('../common'); 5 6if (!common.hasCrypto) 7 common.skip('missing crypto'); 8 9const assert = require('assert'); 10const tls = require('tls'); 11const fixtures = require('../common/fixtures'); 12 13const { fork } = require('child_process'); 14 15if (process.env.CHILD) { 16 const copts = { 17 port: process.env.PORT, 18 checkServerIdentity: common.mustCall(), 19 }; 20 const client = tls.connect(copts, common.mustCall(function() { 21 client.end('hi'); 22 })); 23 return; 24} 25 26const options = { 27 key: fixtures.readKey('agent1-key.pem'), 28 cert: fixtures.readKey('agent1-cert.pem'), 29}; 30 31const server = tls.createServer(options, common.mustCall(function(s) { 32 s.end('bye'); 33 server.close(); 34})).listen(0, common.mustCall(function() { 35 const env = { 36 ...process.env, 37 CHILD: 'yes', 38 PORT: this.address().port, 39 NODE_EXTRA_CA_CERTS: fixtures.path('keys', 'ca1-cert.pem') 40 }; 41 42 fork(__filename, { env }).on('exit', common.mustCall(function(status) { 43 // Client did not succeed in connecting 44 assert.strictEqual(status, 0); 45 })); 46})); 47