archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
node/test/system-ca/test-set-default-ca-certificates-append-system-ca.mjs
Joyee Cheung edd66d0130
crypto: add tls.setDefaultCACertificates() 
This API allows dynamically configuring CA certificates that
will be used by the Node.js TLS clients by default.

Once called, the provided certificates will become the default CA
certificate list returned by `tls.getCACertificates('default')` and
used by TLS connections that don't specify their own CA certificates.

This function only affects the current Node.js thread.

PR-URL: https://github.com/nodejs/node/pull/58822
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
2025-07-18 19:57:53 +00:00

49 lines
1.4 KiB
JavaScript
Raw Permalink Blame History

// Flags: --no-use-system-ca
// This tests that tls.setDefaultCACertificates() can be used to remove
// system CA certificates from the default CA store.
// To run this test, install the certificates as described in README.md
import * as common from '../common/index.mjs';
import assert from 'node:assert/strict';
import fixtures from '../common/fixtures.js';
import { once } from 'events';
if (!common.hasCrypto) {
common.skip('requires crypto');
}
const { default: https } = await import('node:https');
const { default: tls } = await import('node:tls');
const server = https.createServer({
cert: fixtures.readKey('agent8-cert.pem'),
key: fixtures.readKey('agent8-key.pem'),
}, common.mustCall((req, res) => {
res.writeHead(200);
res.end('hello world');
}, 1));
server.listen(0);
await once(server, 'listening');
const url = `https://localhost:${server.address().port}/hello-world`;
// First attempt should fail without system certificates.
await assert.rejects(
fetch(url),
(err) => {
assert.strictEqual(err.cause.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
return true;
},
);
// Now enable system CA certificates
tls.setDefaultCACertificates(tls.getCACertificates('system'));
// Second attempt should succeed.
const response = await fetch(url);
assert.strictEqual(response.status, 200);
const text = await response.text();
assert.strictEqual(text, 'hello world');
server.close();
Reference in a new issue View git blame Copy permalink