archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
node/test/system-ca/test-set-default-ca-certificates-system-combinations.js
Joyee Cheung edd66d0130
crypto: add tls.setDefaultCACertificates() 
This API allows dynamically configuring CA certificates that
will be used by the Node.js TLS clients by default.

Once called, the provided certificates will become the default CA
certificate list returned by `tls.getCACertificates('default')` and
used by TLS connections that don't specify their own CA certificates.

This function only affects the current Node.js thread.

PR-URL: https://github.com/nodejs/node/pull/58822
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
2025-07-18 19:57:53 +00:00

58 lines
1.9 KiB
JavaScript
Raw Permalink Blame History

// Flags: --use-system-ca
// This tests various combinations of CA certificates with
// tls.setDefaultCACertificates().
'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');
const tls = require('tls');
const { assertEqualCerts } = require('../common/tls');
const fixtures = require('../common/fixtures');
const fixtureCert = fixtures.readKey('fake-startcom-root-cert.pem');
const originalBundled = tls.getCACertificates('bundled');
const originalSystem = tls.getCACertificates('system');
function testSetCertificates(certs) {
// Test setting it can be verified with tls.getCACertificates().
tls.setDefaultCACertificates(certs);
const result = tls.getCACertificates('default');
assertEqualCerts(result, certs);
// Verify that other certificate types are unchanged
const newBundled = tls.getCACertificates('bundled');
const newSystem = tls.getCACertificates('system');
assertEqualCerts(newBundled, originalBundled);
assertEqualCerts(newSystem, originalSystem);
// Test implicit defaults.
const implicitDefaults = tls.getCACertificates();
assertEqualCerts(implicitDefaults, certs);
// Test cached results.
const cachedResult = tls.getCACertificates('default');
assertEqualCerts(cachedResult, certs);
const cachedImplicitDefaults = tls.getCACertificates();
assertEqualCerts(cachedImplicitDefaults, certs);
// Test system CA certificates are not affected.
const systemCerts = tls.getCACertificates('system');
assertEqualCerts(systemCerts, originalSystem);
}
// Test setting with fixture certificate.
testSetCertificates([fixtureCert]);
// Test setting with empty array.
testSetCertificates([]);
// Test setting with bundled certificates
testSetCertificates(originalBundled);
// Test setting with a subset of bundled certificates
if (originalBundled.length >= 3) {
testSetCertificates(originalBundled.slice(0, 3));
}
Reference in a new issue View git blame Copy permalink