archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
node/test/fixtures/tls-extra-ca-override.js
Joyee Cheung edd66d0130
crypto: add tls.setDefaultCACertificates() 
This API allows dynamically configuring CA certificates that
will be used by the Node.js TLS clients by default.

Once called, the provided certificates will become the default CA
certificate list returned by `tls.getCACertificates('default')` and
used by TLS connections that don't specify their own CA certificates.

This function only affects the current Node.js thread.

PR-URL: https://github.com/nodejs/node/pull/58822
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
2025-07-18 19:57:53 +00:00

50 lines
1.9 KiB
JavaScript
Raw Blame History

'use strict';
// Test script for overidding NODE_EXTRA_CA_CERTS with tls.setDefaultCACertificates().
const tls = require('tls');
const assert = require('assert');
const { assertEqualCerts, includesCert } = require('../common/tls');
// Assert that NODE_EXTRA_CA_CERTS is set
assert(process.env.NODE_EXTRA_CA_CERTS, 'NODE_EXTRA_CA_CERTS environment variable should be set');
// Get initial state with extra CA
const initialDefaults = tls.getCACertificates('default');
const systemCerts = tls.getCACertificates('system');
const bundledCerts = tls.getCACertificates('bundled');
const extraCerts = tls.getCACertificates('extra');
// For this test to work the extra certs must not be in bundled certs
assert.notStrictEqual(bundledCerts.length, 0);
for (const cert of extraCerts) {
assert(!includesCert(bundledCerts, cert));
}
// Test setting it to initial defaults.
tls.setDefaultCACertificates(initialDefaults);
assertEqualCerts(tls.getCACertificates('default'), initialDefaults);
assertEqualCerts(tls.getCACertificates('default'), initialDefaults);
// Test setting it to the bundled certificates.
tls.setDefaultCACertificates(bundledCerts);
assertEqualCerts(tls.getCACertificates('default'), bundledCerts);
assertEqualCerts(tls.getCACertificates('default'), bundledCerts);
// Test setting it to just the extra certificates.
tls.setDefaultCACertificates(extraCerts);
assertEqualCerts(tls.getCACertificates('default'), extraCerts);
assertEqualCerts(tls.getCACertificates('default'), extraCerts);
// Test setting it to an empty array.
tls.setDefaultCACertificates([]);
assert.deepStrictEqual(tls.getCACertificates('default'), []);
// Test bundled and extra certs are unaffected
assertEqualCerts(tls.getCACertificates('bundled'), bundledCerts);
assertEqualCerts(tls.getCACertificates('extra'), extraCerts);
if (systemCerts.length > 0) {
// Test system certs are unaffected.
assertEqualCerts(tls.getCACertificates('system'), systemCerts);
}
Reference in a new issue View git blame Copy permalink