11cb0ef41Sopenharmony_ci// Flags: --use-bundled-ca 21cb0ef41Sopenharmony_ci'use strict'; 31cb0ef41Sopenharmony_ciconst common = require('../common'); 41cb0ef41Sopenharmony_ci 51cb0ef41Sopenharmony_ciif (!common.hasCrypto) 61cb0ef41Sopenharmony_ci common.skip('missing crypto'); 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ciconst assert = require('assert'); 91cb0ef41Sopenharmony_ciconst tls = require('tls'); 101cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 111cb0ef41Sopenharmony_ci 121cb0ef41Sopenharmony_cifunction loadPEM(n) { 131cb0ef41Sopenharmony_ci return fixtures.readKey(`${n}.pem`); 141cb0ef41Sopenharmony_ci} 151cb0ef41Sopenharmony_ci 161cb0ef41Sopenharmony_ciconst testCases = [ 171cb0ef41Sopenharmony_ci // Test 1: for the fix of node#2061 181cb0ef41Sopenharmony_ci // agent6-cert.pem is signed by intermediate cert of ca3. 191cb0ef41Sopenharmony_ci // The server has a cert chain of agent6->ca3->ca1(root) but 201cb0ef41Sopenharmony_ci // tls.connect should be failed with an error of 211cb0ef41Sopenharmony_ci // UNABLE_TO_GET_ISSUER_CERT_LOCALLY since the root CA of ca1 is not 221cb0ef41Sopenharmony_ci // installed locally. 231cb0ef41Sopenharmony_ci { 241cb0ef41Sopenharmony_ci serverOpts: { 251cb0ef41Sopenharmony_ci ca: loadPEM('ca3-key'), 261cb0ef41Sopenharmony_ci key: loadPEM('agent6-key'), 271cb0ef41Sopenharmony_ci cert: loadPEM('agent6-cert') 281cb0ef41Sopenharmony_ci }, 291cb0ef41Sopenharmony_ci clientOpts: { 301cb0ef41Sopenharmony_ci port: undefined, 311cb0ef41Sopenharmony_ci rejectUnauthorized: true 321cb0ef41Sopenharmony_ci }, 331cb0ef41Sopenharmony_ci errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' 341cb0ef41Sopenharmony_ci }, 351cb0ef41Sopenharmony_ci]; 361cb0ef41Sopenharmony_ci 371cb0ef41Sopenharmony_cifunction runTest(tindex) { 381cb0ef41Sopenharmony_ci const tcase = testCases[tindex]; 391cb0ef41Sopenharmony_ci 401cb0ef41Sopenharmony_ci if (!tcase) return; 411cb0ef41Sopenharmony_ci 421cb0ef41Sopenharmony_ci const server = tls.createServer(tcase.serverOpts, (s) => { 431cb0ef41Sopenharmony_ci s.resume(); 441cb0ef41Sopenharmony_ci }).listen(0, common.mustCall(function() { 451cb0ef41Sopenharmony_ci tcase.clientOpts.port = this.address().port; 461cb0ef41Sopenharmony_ci const client = tls.connect(tcase.clientOpts); 471cb0ef41Sopenharmony_ci client.on('error', common.mustCall((e) => { 481cb0ef41Sopenharmony_ci assert.strictEqual(e.code, tcase.errorCode); 491cb0ef41Sopenharmony_ci server.close(common.mustCall(() => { 501cb0ef41Sopenharmony_ci runTest(tindex + 1); 511cb0ef41Sopenharmony_ci })); 521cb0ef41Sopenharmony_ci })); 531cb0ef41Sopenharmony_ci })); 541cb0ef41Sopenharmony_ci} 551cb0ef41Sopenharmony_ci 561cb0ef41Sopenharmony_cirunTest(0); 57