11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 41cb0ef41Sopenharmony_ci 51cb0ef41Sopenharmony_ci// This test starts an https server and tries 61cb0ef41Sopenharmony_ci// to connect to it using a self-signed certificate. 71cb0ef41Sopenharmony_ci// This certificate´s keyUsage does not include the keyCertSign 81cb0ef41Sopenharmony_ci// bit, which used to crash node. The test ensures node 91cb0ef41Sopenharmony_ci// will not crash. Key and certificate are from #37889. 101cb0ef41Sopenharmony_ci// Note: This test assumes that the connection will succeed. 111cb0ef41Sopenharmony_ci 121cb0ef41Sopenharmony_ciif (!common.hasCrypto) 131cb0ef41Sopenharmony_ci common.skip('missing crypto'); 141cb0ef41Sopenharmony_ci 151cb0ef41Sopenharmony_ciconst crypto = require('crypto'); 161cb0ef41Sopenharmony_ci 171cb0ef41Sopenharmony_ci// See #37990 for details on why this is problematic with FIPS. 181cb0ef41Sopenharmony_ciif (process.config.variables.openssl_is_fips) 191cb0ef41Sopenharmony_ci common.skip('Skipping as test uses non-fips compliant EC curve'); 201cb0ef41Sopenharmony_ci 211cb0ef41Sopenharmony_ci// This test will fail for OpenSSL < 1.1.1h 221cb0ef41Sopenharmony_ciconst minOpenSSL = 269488271; 231cb0ef41Sopenharmony_ci 241cb0ef41Sopenharmony_ciif (crypto.constants.OPENSSL_VERSION_NUMBER < minOpenSSL) 251cb0ef41Sopenharmony_ci common.skip('OpenSSL < 1.1.1h'); 261cb0ef41Sopenharmony_ci 271cb0ef41Sopenharmony_ciconst https = require('https'); 281cb0ef41Sopenharmony_ciconst path = require('path'); 291cb0ef41Sopenharmony_ci 301cb0ef41Sopenharmony_ciconst key = 311cb0ef41Sopenharmony_ci fixtures.readKey(path.join('selfsigned-no-keycertsign', 'key.pem')); 321cb0ef41Sopenharmony_ci 331cb0ef41Sopenharmony_ciconst cert = 341cb0ef41Sopenharmony_ci fixtures.readKey(path.join('selfsigned-no-keycertsign', 'cert.pem')); 351cb0ef41Sopenharmony_ci 361cb0ef41Sopenharmony_ciconst serverOptions = { 371cb0ef41Sopenharmony_ci key: key, 381cb0ef41Sopenharmony_ci cert: cert 391cb0ef41Sopenharmony_ci}; 401cb0ef41Sopenharmony_ci 411cb0ef41Sopenharmony_ci// Start the server 421cb0ef41Sopenharmony_ciconst httpsServer = https.createServer(serverOptions, (req, res) => { 431cb0ef41Sopenharmony_ci res.writeHead(200); 441cb0ef41Sopenharmony_ci res.end('hello world\n'); 451cb0ef41Sopenharmony_ci}); 461cb0ef41Sopenharmony_cihttpsServer.listen(0); 471cb0ef41Sopenharmony_ci 481cb0ef41Sopenharmony_cihttpsServer.on('listening', () => { 491cb0ef41Sopenharmony_ci // Once the server started listening, built the client config 501cb0ef41Sopenharmony_ci // with the server´s used port 511cb0ef41Sopenharmony_ci const clientOptions = { 521cb0ef41Sopenharmony_ci hostname: '127.0.0.1', 531cb0ef41Sopenharmony_ci port: httpsServer.address().port, 541cb0ef41Sopenharmony_ci ca: cert 551cb0ef41Sopenharmony_ci }; 561cb0ef41Sopenharmony_ci // Try to connect 571cb0ef41Sopenharmony_ci const req = https.request(clientOptions, common.mustCall((res) => { 581cb0ef41Sopenharmony_ci httpsServer.close(); 591cb0ef41Sopenharmony_ci })); 601cb0ef41Sopenharmony_ci 611cb0ef41Sopenharmony_ci req.on('error', common.mustNotCall()); 621cb0ef41Sopenharmony_ci req.end(); 631cb0ef41Sopenharmony_ci}); 64