1'use strict'; 2// Flags: --expose-internals 3 4const common = require('../common'); 5 6if (!common.hasCrypto) 7 common.skip('missing crypto'); 8 9const assert = require('assert'); 10const tls = require('tls'); 11const fixtures = require('../common/fixtures'); 12const { internalBinding } = require('internal/test/binding'); 13const binding = internalBinding('crypto'); 14 15const { fork } = require('child_process'); 16 17// This test ensures that extra certificates are loaded at startup. 18if (process.argv[2] !== 'child') { 19 // Parent 20 const NODE_EXTRA_CA_CERTS = fixtures.path('keys', 'ca1-cert.pem'); 21 const extendsEnv = (obj) => ({ ...process.env, ...obj }); 22 23 // Remove any pre-existing extra CA certs. 24 delete process.env.NODE_EXTRA_CA_CERTS; 25 [ 26 extendsEnv({ CHILD_USE_EXTRA_CA_CERTS: 'yes', NODE_EXTRA_CA_CERTS }), 27 extendsEnv({ CHILD_USE_EXTRA_CA_CERTS: 'no' }), 28 ].forEach((processEnv) => { 29 fork(__filename, ['child'], { env: processEnv }) 30 .on('exit', common.mustCall((status) => { 31 // Client did not succeed in connecting 32 assert.strictEqual(status, 0); 33 })); 34 }); 35} else if (process.env.CHILD_USE_EXTRA_CA_CERTS === 'yes') { 36 // Child with extra certificates loaded at startup. 37 assert.strictEqual(binding.isExtraRootCertsFileLoaded(), true); 38} else { 39 // Child without extra certificates. 40 assert.strictEqual(binding.isExtraRootCertsFileLoaded(), false); 41 tls.createServer({}); 42 assert.strictEqual(binding.isExtraRootCertsFileLoaded(), false); 43} 44