1// Copyright Joyent, Inc. and other Node contributors.
2//
3// Permission is hereby granted, free of charge, to any person obtaining a
4// copy of this software and associated documentation files (the
5// "Software"), to deal in the Software without restriction, including
6// without limitation the rights to use, copy, modify, merge, publish,
7// distribute, sublicense, and/or sell copies of the Software, and to permit
8// persons to whom the Software is furnished to do so, subject to the
9// following conditions:
10//
11// The above copyright notice and this permission notice shall be included
12// in all copies or substantial portions of the Software.
13//
14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20// USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22'use strict';
23const common = require('../common');
24if (!common.hasCrypto)
25  common.skip('missing crypto');
26
27const fixtures = require('../common/fixtures');
28const assert = require('assert');
29const tls = require('tls');
30
31const key = fixtures.readKey('agent1-key.pem');
32const cert = fixtures.readKey('agent1-cert.pem');
33
34tls.createServer({ key, cert }).on('connection', common.mustCall(function() {
35  // Server only receives one TCP connection, stop listening when that
36  // connection is destroyed by the client, which it should do after the cert is
37  // rejected as unauthorized.
38  this.close();
39})).listen(0, common.mustCall(function() {
40  const options = { port: this.address().port, rejectUnauthorized: true };
41  tls.connect(options).on('error', common.mustCall(function(err) {
42    assert.strictEqual(err.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
43    assert.strictEqual(err.message, 'unable to verify the first certificate');
44  }));
45}));
46