11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciconst assert = require('assert'); 41cb0ef41Sopenharmony_ci 51cb0ef41Sopenharmony_ciif (!common.hasCrypto) 61cb0ef41Sopenharmony_ci common.skip('missing crypto'); 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ciconst https = require('https'); 91cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 101cb0ef41Sopenharmony_ci 111cb0ef41Sopenharmony_ciconst options = { 121cb0ef41Sopenharmony_ci key: fixtures.readKey('agent1-key.pem'), 131cb0ef41Sopenharmony_ci 141cb0ef41Sopenharmony_ci // NOTE: Certificate Common Name is 'agent1' 151cb0ef41Sopenharmony_ci cert: fixtures.readKey('agent1-cert.pem'), 161cb0ef41Sopenharmony_ci 171cb0ef41Sopenharmony_ci // NOTE: TLS 1.3 creates new session ticket **after** handshake so 181cb0ef41Sopenharmony_ci // `getSession()` output will be different even if the session was reused 191cb0ef41Sopenharmony_ci // during the handshake. 201cb0ef41Sopenharmony_ci secureProtocol: 'TLSv1_2_method' 211cb0ef41Sopenharmony_ci}; 221cb0ef41Sopenharmony_ci 231cb0ef41Sopenharmony_ciconst ca = [ fixtures.readKey('ca1-cert.pem') ]; 241cb0ef41Sopenharmony_ci 251cb0ef41Sopenharmony_ciconst server = https.createServer(options, function(req, res) { 261cb0ef41Sopenharmony_ci res.end('ok'); 271cb0ef41Sopenharmony_ci}).listen(0, common.mustCall(function() { 281cb0ef41Sopenharmony_ci const port = this.address().port; 291cb0ef41Sopenharmony_ci 301cb0ef41Sopenharmony_ci const req = https.get({ 311cb0ef41Sopenharmony_ci port, 321cb0ef41Sopenharmony_ci path: '/', 331cb0ef41Sopenharmony_ci ca, 341cb0ef41Sopenharmony_ci servername: 'nodejs.org', 351cb0ef41Sopenharmony_ci }, common.mustNotCall()); 361cb0ef41Sopenharmony_ci 371cb0ef41Sopenharmony_ci req.on('error', common.mustCall((err) => { 381cb0ef41Sopenharmony_ci assert.strictEqual( 391cb0ef41Sopenharmony_ci err.message, 401cb0ef41Sopenharmony_ci 'Hostname/IP does not match certificate\'s altnames: ' + 411cb0ef41Sopenharmony_ci 'Host: nodejs.org. is not cert\'s CN: agent1'); 421cb0ef41Sopenharmony_ci 431cb0ef41Sopenharmony_ci const second = https.get({ 441cb0ef41Sopenharmony_ci port, 451cb0ef41Sopenharmony_ci path: '/', 461cb0ef41Sopenharmony_ci ca, 471cb0ef41Sopenharmony_ci servername: 'nodejs.org', 481cb0ef41Sopenharmony_ci }, common.mustNotCall()); 491cb0ef41Sopenharmony_ci 501cb0ef41Sopenharmony_ci second.on('error', common.mustCall((err) => { 511cb0ef41Sopenharmony_ci server.close(); 521cb0ef41Sopenharmony_ci 531cb0ef41Sopenharmony_ci assert.strictEqual( 541cb0ef41Sopenharmony_ci err.message, 551cb0ef41Sopenharmony_ci 'Hostname/IP does not match certificate\'s altnames: ' + 561cb0ef41Sopenharmony_ci 'Host: nodejs.org. is not cert\'s CN: agent1'); 571cb0ef41Sopenharmony_ci })); 581cb0ef41Sopenharmony_ci })); 591cb0ef41Sopenharmony_ci})); 60